kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster

Question

I have been trying to follow the getting started guide to EKS. When I tried to call kubectl get service I got the message: error: You must be logged in to the server (Unaut

Answer 1

I just debugged this issue. I have a question. Are you running this on a corporate wifi network? If yes, could you create an EC2 instance and then test if you are able to do kubectl get svc?

Also, try if this command works kubectl get svc --insecure-skip-tls-verify

Answer 2

You need to create the cluster under the same IAM profile that you are accessing it from via AWS cli.

Said in another way, inside ~/.aws/credentials, the profile that is accessing kubectl must match exactly the same IAM that was used to create the cluster.

My recommendation is to use AWS cli to create your clusters as creating from the GUI may be more confusing than helpful. The Getting Started guide is your best bet to get up and running.

Answer 3

If you are using eksctl to manage your aws eks deployments you can add the user to the config map with one command:

eksctl create iamidentitymapping --cluster <cluster-name> --arn arn:aws:iam::<id>:user/<user-name> --group system:masters --username ops-user

Answer 4

I got this error when I created the eks cluster using the root from the eks console. I recreated the eks cluster using an IAM user and use the access keys to update the aws configure. It worked. Now you can add additional IAM users to issue kubectl commands.

Answer 5

Also, make sure your users are in the aws-auth k8s ConfigMap:

https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Answer 6

I had the same problem . It's likely that you are using a root account. It appears root accounts are blocked from assuming the required roles. This error can sometimes be cloaked if you are using expired keys.