eks cluster - adding worker nodes - how does applying a configmap makes my nodes visible to the k8s cluster?

2/25/2019

I'm trying out AWS EKS following this guide https://learn.hashicorp.com/terraform/aws/eks-intro

I understand all the steps except for the last one where the instructions say to apply a configmap. Before this step, I couldn't see my worker nodes from the cluster kubectl get nodes. But, I can see my worker nodes after applying this configmap. Can someone please explain to me how this configmap actually accomplishes this feat.

Here is the configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: ${aws_iam_role.demo-node.arn}
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes

Thanks,

Ashutosh Singh

-- ashutosh singh
amazon-web-services
eks
kubernetes

1 Answer

2/25/2019

The data in that configmap are what enables the worker node to join the cluster. Specifically, it needs the proper role ARN permissions. In the tutorial you are following, look at how aws_iam_role.demo-node.arn is defined, then look up the permissions associated with those policies. You can experiment around and remove/add other policies and see how it affects the node's ability to interact with the cluster.

-- swagrov
Source: StackOverflow