如何解决将GitLab与EKS集成时无法通过AWS进行身份验证
试图将GitLab 13.3.2 CE(部署在本地服务器上)与EKS集成。
第二,我使用指定链接中提到的策略在各自的帐户中创建了一个IAM角色。 (https://docs.gitlab.com/ce/user/project/clusters/add_eks_clusters.html)精心执行了此链接中提到的所有步骤。
aws iam角色附带的政策,
以下是创建IAM角色的步骤,
- 登录到IAM控制台
- 单击左侧菜单中的“角色”部分。
- 选择受信任实体的类型作为“另一个AWS账户”
- 填写了帐户ID
- 提供了GitLab项目的Kubernetes控制台中提到的外部ID
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Action": [
"autoscaling:CreateAutoScalingGroup","autoscaling:DescribeAutoScalingGroups","autoscaling:DescribeScalingActivities","autoscaling:UpdateAutoScalingGroup","autoscaling:CreateLaunchConfiguration","autoscaling:DescribeLaunchConfigurations","cloudformation:CreateStack","cloudformation:DescribeStacks","ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:RevokeSecurityGroupEgress","ec2:RevokeSecurityGroupIngress","ec2:CreateSecurityGroup","ec2:createTags","ec2:DescribeImages","ec2:DescribeKeyPairs","ec2:DescribeRegions","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcs","eks:CreateCluster","eks:DescribeCluster","iam:AddRoleToInstanceProfile","iam:AttachRolePolicy","iam:CreateRole","iam:CreateInstanceProfile","iam:CreateServiceLinkedRole","iam:GetRole","iam:ListRoles","iam:PassRole","ssm:GetParameters"
],"Resource": "*"
}
]
}
此后,我复制了新创建角色的ARN,并在“我的项目”的Kubernetes部分中使用了它。 ()
已将其作为响应Error: Request failed with status code 422
Response after clicking on "Authenticate with AWS"
解决方法
将此策略附加到在GitLab中启用EKS时使用了访问密钥和秘密密钥的用户。
{
"Version": "2012-10-17","Statement": {
"Effect": "Allow","Action": "sts:AssumeRole","Resource": "arn:aws:iam::<<account-id>>:role/gitlab-eks-4"
}
}
这为用户提供了担任gitlab-eks角色的特权(已创建该角色,并且在进行EKS集成时已赋予其ARN)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。