Creating an IAM OIDC provider for your cluster
Your cluster has an OpenID Connect
Prerequisites
An existing Amazon EKS cluster. To deploy one, see Getting started with Amazon EKS.
Version
2.11.3
or later or1.27.93
or later of the AWS CLI installed and configured on your device or AWS CloudShell. You can check your current version withaws --version | cut -d / -f2 | cut -d ' ' -f1
. Package managers suchyum
,apt-get
, or Homebrew for macOS are often several versions behind the latest version of the AWS CLI. To install the latest version, see Installing, updating, and uninstalling the AWS CLI and Quick configuration withaws configure
in the AWS Command Line Interface User Guide. The AWS CLI version installed in the AWS CloudShell may also be several versions behind the latest version. To update it, see Installing AWS CLI to your home directory in the AWS CloudShell User Guide.The
kubectl
command line tool is installed on your device or AWS CloudShell. The version can be the same as or up to one minor version earlier or later than the Kubernetes version of your cluster. For example, if your cluster version is1.24
, you can usekubectl
version1.23
,1.24
, or1.25
with it. To install or upgradekubectl
, see Installing or updating kubectl.An existing
kubectl
config
file that contains your cluster configuration. To create akubectl
config
file, see Creating or updating a kubeconfig file for an Amazon EKS cluster.
You can create an IAM OIDC provider for your cluster using eksctl
or the
AWS Management Console.
Next step
Configuring a Kubernetes service account to assume an IAM role