前几天迁移集群想登录一下服务器 发现eks托管服务器无法ssh
问题报错
问题显而易见
使用 Kubernetes DaemonSet 在 Amazon EKS 工作节点上安装 SSM 代理
➜ cat ssm_daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
k8s-app: ssm-installer
name: ssm-installer
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: ssm-installer
template:
metadata:
labels:
k8s-app: ssm-installer
spec:
containers:
- name: sleeper
image: busybox
command: ['sh', '-c', 'echo I keep things running! && sleep 3600']
initContainers:
- image: amazonlinux
imagePullPolicy: Always
name: ssm
command: ["/bin/bash"]
args: ["-c","echo '* * * * * root yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & rm -rf /etc/cron.d/ssmstart' > /etc/cron.d/ssmstart"]
securityContext:
allowPrivilegeEscalation: true
volumeMounts:
- mountPath: /etc/cron.d
name: cronfile
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumes:
- name: cronfile
hostPath:
path: /etc/cron.d
type: Directory
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
kubectl apply -f ssm_daemonset.yaml
启动后依旧无法ssh
先检查ssh_enable
eksctl配置或者web页面节点配置
安装后依旧无法连接 怀疑是权限问题
翻阅文档官方说有AmazonSSMManagedInstanceCore托管策略的iam角色就可以ssm连接实例
自己实测依旧无法连接
排查后又新增了其他ssm权限
可以自行搜索ssm关键字权限根据自己需求进行添加
到此解决!