Preparation

Enabling IAM Roles for Service Accounts on your Cluster

  • The IAM roles for service accounts feature is available on new Amazon EKS Kubernetes version 1.14 clusters, and clusters that were updated to versions 1.14 or 1.13 on or after September 3rd, 2019.
kubectl version --short
1.14 1.13
Client Version: v1.14.6-eks-5047ed Client Version: v1.13.7
Server Version: v1.14.6-eks-5047ed Server Version: v1.13.10-eks-5ac0f1

If your EKS cluster version is lower or not match with above, updating an Amazon EKS Cluster in the User Guide

  • You must use at least version 1.16.232 of the AWS CLI to receive the proper output from this command.
aws --version

aws-cli/1.16.238 Python/2.7.16 Linux/4.14.133-88.112.amzn1.x86_64 botocore/1.12.228

If your aws cli version is lower than 1.16.232, use Installing the AWS CLI in the User Guide

  • Retrieve OpenID Connect issuer URL
aws eks describe-cluster --name eksworkshop-eksctl --query cluster.identity.oidc.issuer --output text

https://oidc.eks.{AWS_REGION}.amazonaws.com/id/D48675832CA65BD10A532F59741CF90B