EKS Missing Pods, Deployments & Services

Importing EKS clusters requires two sets of authorization to correctly connect and display EKS data,

AWS API Access
EKS API Server Access

and the EKS Cluster API Server must have a Public VPC endpoint.

Failure to provide both levels of authorization and running the API Server on a Public or Public + Private VPC will result in partial functionality.

If a cluster is successfully imported and no Pod, Deployment or Services data is displayed on the Workloads dashboard then one of two issues may be the cause; first the associated service account in AWS may not have the required EKS cluster access, or the EKS Cluster API Server is not available on a Public or Public+Private VPC.

EKS Cluster Authorization

EKS cluster details are collected from the Cluster's API Server, this data populates the Workloads, Storage and RBAC dashboards.

For data collection to function correctly the service account used to import the cluster must be added to the clusters RBAC ConfigMap to provide either the User (Service Account) or a Role (that the Service Account is enrolled within) access to the cluster. Specifically the system:mastersgroup

To add the service account used to import the cluster to the EKS Cluster follow the steps outlined by AWS - Provide Access for IAM Users and Roles to Existing EKS Clusters

Below is an example ConfigMap

Example IAM User Config Map
    
 
apiVersion: v1 kind: ConfigMap metadata:   name: aws-auth   namespace: kube-system data:   mapRoles: |     - rolearn: arn:aws:iam::11122223333:role/EKS-Worker-NodeInstanceRole-1I00GBC9U4U7B       username: system:node:{{EC2PrivateDNSName}}       groups:         - system:bootstrappers         - system:nodes   mapUsers: |     - userarn: arn:aws:iam::11122223333:user/designated_user       username: designated_user       groups:         - system:masters
Copy

Last updated by Chris Jones on Oct 21, 2021

Was this page helpful?