Create an IAM OIDC provider for your cluster
Your cluster has an OpenID Connect
Prerequisites
-
An existing Amazon EKS cluster. To deploy one, see Getting started with Amazon EKS.
-
Version
2.12.3
or later or version1.27.160
or later of the Amazon Command Line Interface (Amazon CLI) installed and configured on your device or Amazon CloudShell. To check your current version, use
. Package managers suchaws --version | cut -d / -f2 | cut -d ' ' -f1
yum
,apt-get
, or Homebrew for macOS are often several versions behind the latest version of the Amazon CLI. To install the latest version, see Installing, updating, and uninstalling the Amazon CLI and Quick configuration with aws configure in the Amazon Command Line Interface User Guide. The Amazon CLI version that is installed in Amazon CloudShell might also be several versions behind the latest version. To update it, see Installing Amazon CLI to your home directory in the Amazon CloudShell User Guide. -
The
kubectl
command line tool is installed on your device or Amazon CloudShell. The version can be the same as or up to one minor version earlier or later than the Kubernetes version of your cluster. For example, if your cluster version is1.28
, you can usekubectl
version1.27
,1.28
, or1.29
with it. To install or upgradekubectl
, see Installing or updating kubectl. -
An existing
kubectl
config
file that contains your cluster configuration. To create akubectl
config
file, see Creating or updating a kubeconfig file for an Amazon EKS cluster.
You can create an IAM OIDC provider for your cluster using eksctl
or the
Amazon Web Services Management Console.
Next step
Configure a Kubernetes service account to assume an IAM role