# 使用 AWS CLI 的 Amazon EKS 示例
以下代码示例演示如何通过将 AWS Command Line Interface与 Amazon EKS 结合使用,来执行操作和实现常见场景。
*操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
## 操作
### `associate-access-policy`
以下代码示例演示了如何使用 `associate-access-policy`。
**AWS CLI**
**将访问策略及其范围与集群的访问条目相关联**
以下 `associate-access-policy` 将访问策略及其范围与指定集群的访问条目相关联。
```
aws eks associate-access-policy \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/Admin \
--policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy \
--access-scope type=namespace,namespaces=default
```
输出:
```
{
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:role/Admin",
"associatedAccessPolicy": {
"policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy",
"accessScope": {
"type": "namespace",
"namespaces": [
"default"
]
},
"associatedAt": "2025-05-24T15:59:51.981000-05:00",
"modifiedAt": "2025-05-24T15:59:51.981000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[将访问策略与访问条目关联起来](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AssociateAccessPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/associate-access-policy.html)。
### `associate-encryption-config`
以下代码示例演示了如何使用 `associate-encryption-config`。
**AWS CLI**
**将加密配置关联到现有集群**
以下 `associate-encryption-config` 示例在尚未启用加密的现有 EKS 集群上启用加密。
```
aws eks associate-encryption-config \
--cluster-name my-eks-cluster \
--encryption-config '[{"resources":["secrets"],"provider":{"keyArn":"arn:aws:kms:region-code:account:key/key"}}]'
```
输出:
```
{
"update": {
"id": "3141b835-8103-423a-8e68-12c2521ffa4d",
"status": "InProgress",
"type": "AssociateEncryptionConfig",
"params": [
{
"type": "EncryptionConfig",
"value": "[{\"resources\":[\"secrets\"],\"provider\":{\"keyArn\":\"arn:aws:kms:region-code:account:key/key\"}}]"
}
],
"createdAt": "2024-03-14T11:01:26.297000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[在现有集群中启用密钥加密](https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AssociateEncryptionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/associate-encryption-config.html)。
### `associate-identity-provider-config`
以下代码示例演示了如何使用 `associate-identity-provider-config`。
**AWS CLI**
**将身份提供商关联到您的 Amazon EKS 集群**
以下 `associate-identity-provider-config` 示例将身份提供商关联到您的 Amazon EKS 集群。
```
aws eks associate-identity-provider-config \
--cluster-name my-eks-cluster \
--oidc 'identityProviderConfigName=my-identity-provider,issuerUrl=https://oidc.eks.us-east-2.amazonaws.com/id/38D6A4619A0A69E342B113ED7F1A7652,clientId=kubernetes,usernameClaim=email,usernamePrefix=my-username-prefix,groupsClaim=my-claim,groupsPrefix=my-groups-prefix,requiredClaims={Claim1=value1,Claim2=value2}' \
--tags env=dev
```
输出:
```
{
"update": {
"id": "8c6c1bef-61fe-42ac-a242-89412387b8e7",
"status": "InProgress",
"type": "AssociateIdentityProviderConfig",
"params": [
{
"type": "IdentityProviderConfig",
"value": "[{\"type\":\"oidc\",\"name\":\"my-identity-provider\"}]"
}
],
"createdAt": "2024-04-11T13:46:49.648000-04:00",
"errors": []
},
"tags": {
"env": "dev"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[通过 OpenID Connect 身份提供商对集群的用户进行身份验证 – 关联 OIDC 身份提供商](https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html#associate-oidc-identity-provider)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AssociateIdentityProviderConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/associate-identity-provider-config.html)。
### `create-access-entry`
以下代码示例演示了如何使用 `create-access-entry`。
**AWS CLI**
**示例 1:为 EKS 集群创建访问条目**
以下 `create-access-entry` 示例创建一个访问条目,该条目支持 IAM 主体访问 EKS 集群。
```
aws eks create-access-entry \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:user/eks-user
```
输出:
```
{
"accessEntry": {
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:user/eks-user",
"kubernetesGroups": [],
"accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-user/a1b2c3d4-5678-90ab-cdef-a6506e3d36p0",
"createdAt": "2025-04-14T22:45:48.097000-05:00",
"modifiedAt": "2025-04-14T22:45:48.097000-05:00",
"tags": {},
"username": "arn:aws:iam::111122223333:user/eks-user",
"type": "STANDARD"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[创建访问条目](https://docs.aws.amazon.com/eks/latest/userguide/creating-access-entries.html)。
**示例 2:通过指定访问条目的类型为 EKS 集群创建访问条目**
以下 `create-access-entry` 示例在 EKS 集群中创建类型为 `EC2_LINUX` 的访问条目。默认情况下,会创建类型为 `STANDARD` 的访问条目。除了默认类型之外,如果我们指定任何其它访问条目类型,则需要在 CLI 中传递 IAM 角色 ARN。
```
aws eks create-access-entry \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/admin-test-ip \
--type EC2_LINUX
```
输出:
```
{
"accessEntry": {
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:role/admin-test-ip",
"kubernetesGroups": [
"system:nodes"
],
"accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/role/111122223333/admin-test-ip/accb5418-f493-f390-3e6e-c3f19f725fcp",
"createdAt": "2025-05-06T19:42:45.453000-05:00",
"modifiedAt": "2025-05-06T19:42:45.453000-05:00",
"tags": {},
"username": "system:node:{{EC2PrivateDNSName}}",
"type": "EC2_LINUX"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[创建访问条目](https://docs.aws.amazon.com/eks/latest/userguide/creating-access-entries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateAccessEntry](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-access-entry.html)。
### `create-addon`
以下代码示例演示了如何使用 `create-addon`。
**AWS CLI**
**示例 1:为相应的 EKS 集群版本创建具有默认兼容版本的 Amazon EKS 附加组件**
以下 `create-addon` 示例命令为相应的 EKS 集群版本创建具有默认兼容版本的 Amazon EKS 附加组件。
```
aws eks create-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "CREATING",
"addonVersion": "v1.15.1-eksbuild.1",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/1ec71ee1-b9c2-8915-4e17-e8be0a55a149",
"createdAt": "2024-03-14T12:20:03.264000-04:00",
"modifiedAt": "2024-03-14T12:20:03.283000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 2:使用特定附加组件版本创建 Amazon EKS 附加组件**
以下 `create-addon` 示例命令使用特定附加组件版本创建 Amazon EKS 附加组件。
```
aws eks create-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name \
--addon-version v1.16.4-eksbuild.2
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "CREATING",
"addonVersion": "v1.16.4-eksbuild.2",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/34c71ee6-7738-6c8b-c6bd-3921a176b5ff",
"createdAt": "2024-03-14T12:30:24.507000-04:00",
"modifiedAt": "2024-03-14T12:30:24.521000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 3:创建具有自定义配置值的 Amazon EKS 附加组件并解决冲突详细信息**
以下 `create-addon` 示例命令创建具有自定义配置值的 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks create-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name \
--addon-version v1.16.4-eksbuild.2 \
--configuration-values '{"resources":{"limits":{"cpu":"100m"}}}' \
--resolve-conflicts OVERWRITE
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "CREATING",
"addonVersion": "v1.16.4-eksbuild.2",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/a6c71ee9-0304-9237-1be8-25af1b0f1ffb",
"createdAt": "2024-03-14T12:35:58.313000-04:00",
"modifiedAt": "2024-03-14T12:35:58.327000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {},
"configurationValues": "{\"resources\":{\"limits\":{\"cpu\":\"100m\"}}}"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 4:使用自定义 JSON 配置值文件创建 Amazon EKS 附加组件**
以下 `create-addon` 示例命令创建具有自定义配置值的 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks create-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name \
--addon-version v1.16.4-eksbuild.2 \
--configuration-values 'file://configuration-values.json' \
--resolve-conflicts OVERWRITE \
--tags '{"eks-addon-key-1": "value-1" , "eks-addon-key-2": "value-2"}'
```
的内容`configuration-values.json`:
```
{
"resources": {
"limits": {
"cpu": "150m"
}
},
"env": {
"AWS_VPC_K8S_CNI_LOGLEVEL": "ERROR"
}
}
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "CREATING",
"addonVersion": "v1.16.4-eksbuild.2",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/d8c71ef8-fbd8-07d0-fb32-6a7be19ececd",
"createdAt": "2024-03-14T13:10:51.763000-04:00",
"modifiedAt": "2024-03-14T13:10:51.777000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {
"eks-addon-key-1": "value-1",
"eks-addon-key-2": "value-2"
},
"configurationValues": "{\n \"resources\": {\n \"limits\": {\n \"cpu\": \"150m\"\n }\n },\n \"env\": {\n \"AWS_VPC_K8S_CNI_LOGLEVEL\": \"ERROR\"\n }\n}"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 5:使用自定义 YAML 配置值文件创建 Amazon EKS 附加组件**
以下 `create-addon` 示例命令创建具有自定义配置值的 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks create-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name \
--addon-version v1.16.4-eksbuild.2 \
--configuration-values 'file://configuration-values.yaml' \
--resolve-conflicts OVERWRITE \
--tags '{"eks-addon-key-1": "value-1" , "eks-addon-key-2": "value-2"}'
```
的内容`configuration-values.yaml`:
```
resources:
limits:
cpu: '100m'
env:
AWS_VPC_K8S_CNI_LOGLEVEL: 'DEBUG'
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "CREATING",
"addonVersion": "v1.16.4-eksbuild.2",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/d4c71efb-3909-6f36-a548-402cd4b5d59e",
"createdAt": "2024-03-14T13:15:45.220000-04:00",
"modifiedAt": "2024-03-14T13:15:45.237000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {
"eks-addon-key-3": "value-3",
"eks-addon-key-4": "value-4"
},
"configurationValues": "resources:\n limits:\n cpu: '100m'\nenv:\n AWS_VPC_K8S_CNI_LOGLEVEL: 'INFO'"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateAddon](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-addon.html)。
### `create-cluster`
以下代码示例演示了如何使用 `create-cluster`。
**AWS CLI**
**创建新集群**
此示例命令将在您的默认区域中创建一个名为 `prod` 的集群。
命令:
```
aws eks create-cluster --name prod \
--role-arn arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI \
--resources-vpc-config subnetIds=subnet-6782e71e,subnet-e7e761ac,securityGroupIds=sg-6979fe18
```
输出:
```
{
"cluster": {
"name": "prod",
"arn": "arn:aws:eks:us-west-2:012345678910:cluster/prod",
"createdAt": 1527808069.147,
"version": "1.10",
"roleArn": "arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-6782e71e",
"subnet-e7e761ac"
],
"securityGroupIds": [
"sg-6979fe18"
],
"vpcId": "vpc-950809ec"
},
"status": "CREATING",
"certificateAuthority": {}
}
}
```
**创建启用了私有端点访问和日志记录的新集群**
此示例命令在您的默认区域中创建一个名为 `example` 的集群,该集群禁用了公共端点访问,启用了私有端点访问和所有日志记录类型。
命令:
```
aws eks create-cluster --name example --kubernetes-version 1.12 \
--role-arn arn:aws:iam::012345678910:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q \
--resources-vpc-config subnetIds=subnet-0a188dccd2f9a632f,subnet-09290d93da4278664,subnet-0f21dd86e0e91134a,subnet-0173dead68481a583,subnet-051f70a57ed6fcab6,subnet-01322339c5c7de9b4,securityGroupIds=sg-0c5b580845a031c10,endpointPublicAccess=false,endpointPrivateAccess=true \
--logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'
```
输出:
```
{
"cluster": {
"name": "example",
"arn": "arn:aws:eks:us-west-2:012345678910:cluster/example",
"createdAt": 1565804921.901,
"version": "1.12",
"roleArn": "arn:aws:iam::012345678910:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-0a188dccd2f9a632f",
"subnet-09290d93da4278664",
"subnet-0f21dd86e0e91134a",
"subnet-0173dead68481a583",
"subnet-051f70a57ed6fcab6",
"subnet-01322339c5c7de9b4"
],
"securityGroupIds": [
"sg-0c5b580845a031c10"
],
"vpcId": "vpc-0f622c01f68d4afec",
"endpointPublicAccess": false,
"endpointPrivateAccess": true
},
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": true
}
]
},
"status": "CREATING",
"certificateAuthority": {},
"platformVersion": "eks.3"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateCluster](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-cluster.html)。
### `create-fargate-profile`
以下代码示例演示了如何使用 `create-fargate-profile`。
**AWS CLI**
**示例 1:为具有命名空间的选择器创建 EKS Fargate 配置文件**
以下 `create-fargate-profile` 示例为具有命名空间的选择器创建 EKS Fargate 配置文件。
```
aws eks create-fargate-profile \
--cluster-name my-eks-cluster \
--pod-execution-role-arn arn:aws:iam::111122223333:role/role-name \
--fargate-profile-name my-fargate-profile \
--selectors '[{"namespace": "default"}]'
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/a2c72bca-318e-abe8-8ed1-27c6d4892e9e",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T12:38:47.368000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "default"
}
],
"status": "CREATING",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——创建 Fargate 配置文件](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#create-fargate-profile)。
**示例 2:为具有命名空间和标签的选择器创建 EKS Fargate 配置文件**
以下 `create-fargate-profile` 示例为具有命名空间和标签的选择器创建 EKS Fargate 配置文件。
```
aws eks create-fargate-profile \
--cluster-name my-eks-cluster \
--pod-execution-role-arn arn:aws:iam::111122223333:role/role-name \
--fargate-profile-name my-fargate-profile \
--selectors '[{"namespace": "default", "labels": {"labelname1": "labelvalue1"}}]'
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/88c72bc7-e8a4-fa34-44e4-2f1397224bb3",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T12:33:48.125000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "default",
"labels": {
"labelname1": "labelvalue1"
}
}
],
"status": "CREATING",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——创建 Fargate 配置文件](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#create-fargate-profile)。
**示例 3:为具有单个命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 的选择器创建 EKS Fargate 配置文件**
以下 `create-fargate-profile` 示例为具有单个命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 的选择器创建 EKS Fargate 配置文件。
```
aws eks create-fargate-profile \
--cluster-name my-eks-cluster \
--pod-execution-role-arn arn:aws:iam::111122223333:role/role-name \
--fargate-profile-name my-fargate-profile \
--selectors '[{"namespace": "default", "labels": {"labelname1": "labelvalue1"}}]' \
--subnets '["subnet-09d912bb63ef21b9a", "subnet-04ad87f71c6e5ab4d", "subnet-0e2907431c9988b72"]'
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/e8c72bc8-e87b-5eb6-57cb-ed4fe57577e3",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T12:35:58.640000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "default",
"labels": {
"labelname1": "labelvalue1"
}
}
],
"status": "CREATING",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——创建 Fargate 配置文件](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#create-fargate-profile)。
**示例 4:为具有多个命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 的选择器创建 EKS Fargate 配置文件**
以下 `create-fargate-profile` 示例为具有多个命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 的选择器创建 EKS Fargate 配置文件。
```
aws eks create-fargate-profile \
--cluster-name my-eks-cluster \
--pod-execution-role-arn arn:aws:iam::111122223333:role/role-name \
--fargate-profile-name my-fargate-profile \
--selectors '[{"namespace": "default1", "labels": {"labelname1": "labelvalue1", "labelname2": "labelvalue2"}}, {"namespace": "default2", "labels": {"labelname1": "labelvalue1", "labelname2": "labelvalue2"}}]' \
--subnets '["subnet-09d912bb63ef21b9a", "subnet-04ad87f71c6e5ab4d", "subnet-0e2907431c9988b72"]' \
--tags '{"eks-fargate-profile-key-1": "value-1" , "eks-fargate-profile-key-2": "value-2"}'
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/4cc72bbf-b766-8ee6-8d29-e62748feb3cd",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T12:15:55.271000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "default1",
"labels": {
"labelname2": "labelvalue2",
"labelname1": "labelvalue1"
}
},
{
"namespace": "default2",
"labels": {
"labelname2": "labelvalue2",
"labelname1": "labelvalue1"
}
}
],
"status": "CREATING",
"tags": {
"eks-fargate-profile-key-2": "value-2",
"eks-fargate-profile-key-1": "value-1"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——创建 Fargate 配置文件](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#create-fargate-profile)。
**示例 5:为命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 创建带有通配符选择器的 EKS Fargate 配置文件**
以下 `create-fargate-profile` 示例为具有多个命名空间和标签以及要将容器组(Pod)启动到的子网的 ID 的选择器创建 EKS Fargate 配置文件。
```
aws eks create-fargate-profile \
--cluster-name my-eks-cluster \
--pod-execution-role-arn arn:aws:iam::111122223333:role/role-name \
--fargate-profile-name my-fargate-profile \
--selectors '[{"namespace": "prod*", "labels": {"labelname*?": "*value1"}}, {"namespace": "*dev*", "labels": {"labelname*?": "*value*"}}]' \
--subnets '["subnet-09d912bb63ef21b9a", "subnet-04ad87f71c6e5ab4d", "subnet-0e2907431c9988b72"]' \
--tags '{"eks-fargate-profile-key-1": "value-1" , "eks-fargate-profile-key-2": "value-2"}'
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/e8c72bd6-5966-0bfe-b77b-1802893e5a6f",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T13:05:20.550000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "prod*",
"labels": {
"labelname*?": "*value1"
}
},
{
"namespace": "*dev*",
"labels": {
"labelname*?": "*value*"
}
}
],
"status": "CREATING",
"tags": {
"eks-fargate-profile-key-2": "value-2",
"eks-fargate-profile-key-1": "value-1"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——创建 Fargate 配置文件](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#create-fargate-profile)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFargateProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-fargate-profile.html)。
### `create-nodegroup`
以下代码示例演示了如何使用 `create-nodegroup`。
**AWS CLI**
**示例 1:为 Amazon EKS 集群创建托管节点组**
以下 `create-nodegroup` 示例为 Amazon EKS 集群创建托管节点组。
```
aws eks create-nodegroup \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--node-role arn:aws:iam::111122223333:role/role-name \
--subnets "subnet-0e2907431c9988b72" "subnet-04ad87f71c6e5ab4d" "subnet-09d912bb63ef21b9a" \
--scaling-config minSize=1,maxSize=3,desiredSize=1 \
--region us-east-2
```
输出:
```
{
"nodegroup": {
"nodegroupName": "my-eks-nodegroup",
"nodegroupArn": "arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-nodegroup/bac7550f-b8b8-5fbb-4f3e-7502a931119e",
"clusterName": "my-eks-cluster",
"version": "1.26",
"releaseVersion": "1.26.12-20240329",
"createdAt": "2024-04-04T13:19:32.260000-04:00",
"modifiedAt": "2024-04-04T13:19:32.260000-04:00",
"status": "CREATING",
"capacityType": "ON_DEMAND",
"scalingConfig": {
"minSize": 1,
"maxSize": 3,
"desiredSize": 1
},
"instanceTypes": [
"t3.medium"
],
"subnets": [
"subnet-0e2907431c9988b72, subnet-04ad87f71c6e5ab4d, subnet-09d912bb63ef21b9a"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::111122223333:role/role-name",
"diskSize": 20,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 1
},
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[创建托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/create-managed-node-group.html)。
**示例 2:使用自定义实例类型和磁盘大小为 Amazon EKS 集群创建托管节点组**
以下 `create-nodegroup` 示例使用自定义实例类型和磁盘大小为 Amazon EKS 集群创建托管节点组。
```
aws eks create-nodegroup \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--node-role arn:aws:iam::111122223333:role/role-name \
--subnets "subnet-0e2907431c9988b72" "subnet-04ad87f71c6e5ab4d" "subnet-09d912bb63ef21b9a" \
--scaling-config minSize=1,maxSize=3,desiredSize=1 \
--capacity-type ON_DEMAND \
--instance-types 'm5.large' \
--disk-size 50 \
--region us-east-2
```
输出:
```
{
"nodegroup": {
"nodegroupName": "my-eks-nodegroup",
"nodegroupArn": "arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-nodegroup/c0c7551b-e4f9-73d9-992c-a450fdb82322",
"clusterName": "my-eks-cluster",
"version": "1.26",
"releaseVersion": "1.26.12-20240329",
"createdAt": "2024-04-04T13:46:07.595000-04:00",
"modifiedAt": "2024-04-04T13:46:07.595000-04:00",
"status": "CREATING",
"capacityType": "ON_DEMAND",
"scalingConfig": {
"minSize": 1,
"maxSize": 3,
"desiredSize": 1
},
"instanceTypes": [
"m5.large"
],
"subnets": [
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::111122223333:role/role-name",
"diskSize": 50,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 1
},
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[创建托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/create-managed-node-group.html)。
**示例 3:使用自定义实例类型、磁盘大小、AMI 类型、容量类型、更新配置、标签、污点和标记为 Amazon EKS 集群创建托管节点组**
以下 `create-nodegroup` 示例使用自定义实例类型、磁盘大小、AMI 类型、容量类型、更新配置、标签、污点和标记为 Amazon EKS 集群创建托管节点组。
```
aws eks create-nodegroup \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--node-role arn:aws:iam::111122223333:role/role-name \
--subnets "subnet-0e2907431c9988b72" "subnet-04ad87f71c6e5ab4d" "subnet-09d912bb63ef21b9a" \
--scaling-config minSize=1,maxSize=5,desiredSize=4 \
--instance-types 't3.large' \
--disk-size 50 \
--ami-type AL2_x86_64 \
--capacity-type SPOT \
--update-config maxUnavailable=2 \
--labels '{"my-eks-nodegroup-label-1": "value-1" , "my-eks-nodegroup-label-2": "value-2"}' \
--taints '{"key": "taint-key-1" , "value": "taint-value-1", "effect": "NO_EXECUTE"}' \
--tags '{"my-eks-nodegroup-key-1": "value-1" , "my-eks-nodegroup-key-2": "value-2"}'
```
输出:
```
{
"nodegroup": {
"nodegroupName": "my-eks-nodegroup",
"nodegroupArn": "arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-nodegroup/88c75524-97af-0cb9-a9c5-7c0423ab5314",
"clusterName": "my-eks-cluster",
"version": "1.26",
"releaseVersion": "1.26.12-20240329",
"createdAt": "2024-04-04T14:05:07.940000-04:00",
"modifiedAt": "2024-04-04T14:05:07.940000-04:00",
"status": "CREATING",
"capacityType": "SPOT",
"scalingConfig": {
"minSize": 1,
"maxSize": 5,
"desiredSize": 4
},
"instanceTypes": [
"t3.large"
],
"subnets": [
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::111122223333:role/role-name",
"labels": {
"my-eks-nodegroup-label-2": "value-2",
"my-eks-nodegroup-label-1": "value-1"
},
"taints": [
{
"key": "taint-key-1",
"value": "taint-value-1",
"effect": "NO_EXECUTE"
}
],
"diskSize": 50,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 2
},
"tags": {
"my-eks-nodegroup-key-1": "value-1",
"my-eks-nodegroup-key-2": "value-2"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[创建托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/create-managed-node-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateNodegroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-nodegroup.html)。
### `create-pod-identity-association`
以下代码示例演示了如何使用 `create-pod-identity-association`。
**AWS CLI**
**示例 1:在 EKS 集群中创建 EKS 容器组身份关联**
以下 `create-pod-identity-association` 示例在 EKS 集群中的服务账户与 IAM 角色之间创建 EKS 容器组身份关联。
```
aws eks create-pod-identity-association \
--cluster-name eks-customer \
--namespace default \
--service-account default \
--role-arn arn:aws:iam::111122223333:role/my-role
```
输出:
```
{
"association": {
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"roleArn": "arn:aws:iam::111122223333:role/my-role",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-8mvwvh57cu74mgcst",
"associationId": "a-8mvwvh57cu74mgcst",
"tags": {},
"createdAt": "2025-05-24T19:40:13.961000-05:00",
"modifiedAt": "2025-05-24T19:40:13.961000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
**示例 2:使用标签在 EKS 集群中创建 EKS 容器组身份关联**
以下 `create-pod-identity-association` 使用标签在 EKS 集群中的服务账户与 IAM 角色之间创建 EKS 容器组身份关联。
```
aws eks create-pod-identity-association \
--cluster-name eks-customer \
--namespace default \
--service-account default \
--role-arn arn:aws:iam::111122223333:role/my-role \
--tags Key1=value1,Key2=value2
```
输出:
```
{
"association": {
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"roleArn": "arn:aws:iam::111122223333:role/my-role",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgoda",
"associationId": "a-9njjin9gfghecgoda",
"tags": {
"Key2": "value2",
"Key1": "value1"
},
"createdAt": "2025-05-24T19:52:14.135000-05:00",
"modifiedAt": "2025-05-24T19:52:14.135000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreatePodIdentityAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/create-pod-identity-association.html)。
### `delete-access-entry`
以下代码示例演示了如何使用 `delete-access-entry`。
**AWS CLI**
**删除与集群关联的访问条目**
以下 `delete-access-entry` 删除与名为 `eks-customer` 的 EKS 集群关联的访问条目。
```
aws eks delete-access-entry \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/Admin
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[删除访问条目](https://docs.aws.amazon.com/eks/latest/userguide/deleting-access-entries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeleteAccessEntry](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-access-entry.html)。
### `delete-addon`
以下代码示例演示了如何使用 `delete-addon`。
**AWS CLI**
**示例 1:删除 Amazon EKS 附加组件,但在 EKS 集群上保留附加组件软件**
以下 `delete-addon` 示例命令删除 Amazon EKS 附加组件,但在 EKS 集群上保留附加组件软件。
```
aws eks delete-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon \
--preserve
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "DELETING",
"addonVersion": "v1.9.3-eksbuild.7",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/a8c71ed3-944e-898b-9167-c763856af4b8",
"createdAt": "2024-03-14T11:49:09.009000-04:00",
"modifiedAt": "2024-03-14T12:03:49.776000-04:00",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS》**中的[管理 Amazon EKS 附加组件 – 删除附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#removing-an-add-on)。
**示例 2:删除 Amazon EKS 附加组件,并从 EKS 集群中删除该附加组件软件**
以下 `delete-addon` 示例命令删除 Amazon EKS 附加组件,并从 EKS 集群中删除该附加组件软件。
```
aws eks delete-addon \
--cluster-name my-eks-cluster \
--addon-name my-eks-addon
```
输出:
```
{
"addon": {
"addonName": "my-eks-addon",
"clusterName": "my-eks-cluster",
"status": "DELETING",
"addonVersion": "v1.15.1-eksbuild.1",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/my-eks-addon/bac71ed1-ec43-3bb6-88ea-f243cdb58954",
"createdAt": "2024-03-14T11:45:31.983000-04:00",
"modifiedAt": "2024-03-14T11:58:40.136000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/role-name",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS》**中的[管理 Amazon EKS 附加组件 – 删除附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#removing-an-add-on)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteAddon](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-addon.html)。
### `delete-cluster`
以下代码示例演示了如何使用 `delete-cluster`。
**AWS CLI**
**删除 Amazon EKS 集群控制面板**
以下 `delete-cluster` 示例删除 Amazon EKS 集群控制面板。
```
aws eks delete-cluster \
--name my-eks-cluster
```
输出:
```
{
"cluster": {
"name": "my-eks-cluster",
"arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster",
"createdAt": "2024-03-14T11:31:44.348000-04:00",
"version": "1.27",
"endpoint": "https://DALSJ343KE23J3RN45653DSKJTT647TYD.yl4.us-east-2.eks.amazonaws.com",
"roleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-cluster-ServiceRole-zMF6CBakwwbW",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-0fb75d2d8401716e7",
"subnet-02184492f67a3d0f9",
"subnet-04098063527aab776",
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"securityGroupIds": [
"sg-0c1327f6270afbb36"
],
"clusterSecurityGroupId": "sg-01c84d09d70f39a7f",
"vpcId": "vpc-0012b8e1cc0abb17d",
"endpointPublicAccess": true,
"endpointPrivateAccess": true,
"publicAccessCidrs": [
"0.0.0.0/0"
]
},
"kubernetesNetworkConfig": {
"serviceIpv4Cidr": "10.100.0.0/16",
"ipFamily": "ipv4"
},
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": true
}
]
},
"identity": {
"oidc": {
"issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/DALSJ343KE23J3RN45653DSKJTT647TYD"
}
},
"status": "DELETING",
"certificateAuthority": {
"data": "XXX_CA_DATA_XXX"
},
"platformVersion": "eks.16",
"tags": {
"aws:cloudformation:stack-name": "eksctl-my-eks-cluster-cluster",
"alpha.eksctl.io/cluster-name": "my-eks-cluster",
"karpenter.sh/discovery": "my-eks-cluster",
"aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-cluster/e752ea00-e217-11ee-beae-0a9599c8c7ed",
"auto-delete": "no",
"eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster",
"EKS-Cluster-Name": "my-eks-cluster",
"alpha.eksctl.io/cluster-oidc-enabled": "true",
"aws:cloudformation:logical-id": "ControlPlane",
"alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z",
"Name": "eksctl-my-eks-cluster-cluster/ControlPlane"
},
"accessConfig": {
"authenticationMode": "API_AND_CONFIG_MAP"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[删除 Amazon EKS 集群](https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteCluster](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-cluster.html)。
### `delete-fargate-profile`
以下代码示例演示了如何使用 `delete-fargate-profile`。
**AWS CLI**
**示例 1:为具有命名空间的选择器创建 EKS Fargate 配置文件**
以下 `delete-fargate-profile` 示例为具有命名空间的选择器创建 EKS Fargate 配置文件。
```
aws eks delete-fargate-profile \
--cluster-name my-eks-cluster \
--fargate-profile-name my-fargate-profile
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/1ac72bb3-3fc6-2631-f1e1-98bff53bed62",
"clusterName": "my-eks-cluster",
"createdAt": "2024-03-19T11:48:39.975000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/role-name",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "default",
"labels": {
"foo": "bar"
}
}
],
"status": "DELETING",
"tags": {}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的 [AWS Fargate 配置文件——删除 Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html#delete-fargate-profile)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFargateProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-fargate-profile.html)。
### `delete-nodegroup`
以下代码示例演示了如何使用 `delete-nodegroup`。
**AWS CLI**
**示例 1:删除 Amazon EKS 集群的托管节点组**
以下 `delete-nodegroup` 示例删除 Amazon EKS 集群的托管节点组。
```
aws eks delete-nodegroup \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup
```
输出:
```
{
"nodegroup": {
"nodegroupName": "my-eks-nodegroup",
"nodegroupArn": "arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-nodegroup/1ec75f5f-0e21-dcc0-b46e-f9c442685cd8",
"clusterName": "my-eks-cluster",
"version": "1.26",
"releaseVersion": "1.26.12-20240329",
"createdAt": "2024-04-08T13:25:15.033000-04:00",
"modifiedAt": "2024-04-08T13:25:31.252000-04:00",
"status": "DELETING",
"capacityType": "SPOT",
"scalingConfig": {
"minSize": 1,
"maxSize": 5,
"desiredSize": 4
},
"instanceTypes": [
"t3.large"
],
"subnets": [
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::111122223333:role/role-name",
"labels": {
"my-eks-nodegroup-label-2": "value-2",
"my-eks-nodegroup-label-1": "value-1"
},
"taints": [
{
"key": "taint-key-1",
"value": "taint-value-1",
"effect": "NO_EXECUTE"
}
],
"diskSize": 50,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 2
},
"tags": {
"my-eks-nodegroup-key-1": "value-1",
"my-eks-nodegroup-key-2": "value-2"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteNodegroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-nodegroup.html)。
### `delete-pod-identity-association`
以下代码示例演示了如何使用 `delete-pod-identity-association`。
**AWS CLI**
**删除 EKS 容器组身份关联**
以下 `delete-pod-identity-association` 示例从名为 `eks-customer` 的 EKS 集群中删除关联 ID 为 `a-9njjin9gfghecgocd` 的 EKS 容器组身份关联。
```
aws eks delete-pod-identity-association \
--cluster-name eks-customer \
--association-id a-9njjin9gfghecgocd
```
输出:
```
{
"association": {
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"roleArn": "arn:aws:iam::111122223333:role/s3-role",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
"associationId": "a-9njjin9gfghecgocd",
"tags": {
"Key2": "value2",
"Key1": "value1"
},
"createdAt": "2025-05-24T19:52:14.135000-05:00",
"modifiedAt": "2025-05-25T21:10:56.923000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeletePodIdentityAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/delete-pod-identity-association.html)。
### `deregister-cluster`
以下代码示例演示了如何使用 `deregister-cluster`。
**AWS CLI**
**取消注册已连接的集群以将其从 Amazon EKS 控制面板中删除**
以下 `deregister-cluster` 示例取消注册已连接的集群以将其从 Amazon EKS 控制面板中删除。
```
aws eks deregister-cluster \
--name my-eks-anywhere-cluster
```
输出:
```
{
"cluster": {
"name": "my-eks-anywhere-cluster",
"arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-anywhere-cluster",
"createdAt": "2024-04-12T12:38:37.561000-04:00",
"status": "DELETING",
"tags": {},
"connectorConfig": {
"activationId": "dfb5ad28-13c3-4e26-8a19-5b2457638c74",
"activationExpiry": "2024-04-15T12:38:37.082000-04:00",
"provider": "EKS_ANYWHERE",
"roleArn": "arn:aws:iam::111122223333:role/AmazonEKSConnectorAgentRole"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[取消注册集群](https://docs.aws.amazon.com/eks/latest/userguide/deregister-connected-cluster.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeregisterCluster](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/deregister-cluster.html)。
### `describe-access-entry`
以下代码示例演示了如何使用 `describe-access-entry`。
**AWS CLI**
**描述 EKS 集群的访问条目**
以下 `describe-access-entry` 示例描述 EKS 集群的访问条目。
```
aws eks describe-access-entry \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:user/eks-admin-user
```
输出:
```
{
"accessEntry": {
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:user/eks-admin-user",
"kubernetesGroups": [],
"accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-admin-user/0acb1bc6-cb0a-ede6-11ae-a6506e3d36p0",
"createdAt": "2025-04-14T22:45:48.097000-05:00",
"modifiedAt": "2025-04-14T22:45:48.097000-05:00",
"tags": {},
"username": "arn:aws:iam::111122223333:user/eks-admin-user",
"type": "STANDARD"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[使用 EKS 访问条目向 IAM 用户授予 Kubernetes 访问权限](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DescribeAccessEntry](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-access-entry.html)。
### `describe-addon-configuration`
以下代码示例演示了如何使用 `describe-addon-configuration`。
**AWS CLI**
**示例 1:创建或更新 Amazon vpc-cni 附加组件时可用的配置选项**
以下 `describe-addon-configuration` 示例返回您在为相应版本的 vpc-cni 附加组件创建或更新附加组件时使用的所有可用配置架构。
```
aws eks describe-addon-configuration \
--addon-name vpc-cni \
--addon-version v1.15.1-eksbuild.1
```
输出:
```
{
"addonName": "vpc-cni",
"addonVersion": "v1.15.1-eksbuild.1",
"configurationSchema": "{\"$ref\":\"#/definitions/VpcCni\",\"$schema\":\"http://json-schema.org/draft-06/schema#\",\"definitions\":{\"Affinity\":{\"type\":[\"object\",\"null\"]},\"EniConfig\":{\"additionalProperties\":false,\"properties\":{\"create\":{\"type\":\"boolean\"},\"region\":{\"type\":\"string\"},\"subnets\":{\"additionalProperties\":{\"additionalProperties\":false,\"properties\":{\"id\":{\"type\":\"string\"},\"securityGroups\":{\"items\":{\"type\":\"string\"},\"type\":\"array\"}},\"required\":[\"id\"],\"type\":\"object\"},\"minProperties\":1,\"type\":\"object\"}},\"required\":[\"create\",\"region\",\"subnets\"],\"type\":\"object\"},\"Env\":{\"additionalProperties\":false,\"properties\":{\"ADDITIONAL_ENI_TAGS\":{\"type\":\"string\"},\"ANNOTATE_POD_IP\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_EC2_ENDPOINT\":{\"type\":\"string\"},\"AWS_EXTERNAL_SERVICE_CIDRS\":{\"type\":\"string\"},\"AWS_MANAGE_ENIS_NON_SCHEDULABLE\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_CNI_NODE_PORT_SUPPORT\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_ENI_MTU\":{\"format\":\"integer\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_EXTERNALSNAT\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_LOGLEVEL\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_LOG_FILE\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_RANDOMIZESNAT\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_VETHPREFIX\":{\"type\":\"string\"},\"AWS_VPC_K8S_PLUGIN_LOG_FILE\":{\"type\":\"string\"},\"AWS_VPC_K8S_PLUGIN_LOG_LEVEL\":{\"type\":\"string\"},\"CLUSTER_ENDPOINT\":{\"type\":\"string\"},\"DISABLE_INTROSPECTION\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_LEAKED_ENI_CLEANUP\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_METRICS\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_NETWORK_RESOURCE_PROVISIONING\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_POD_V6\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_BANDWIDTH_PLUGIN\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_POD_ENI\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_PREFIX_DELEGATION\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_V4_EGRESS\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_V6_EGRESS\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENI_CONFIG_ANNOTATION_DEF\":{\"type\":\"string\"},\"ENI_CONFIG_LABEL_DEF\":{\"type\":\"string\"},\"INTROSPECTION_BIND_ADDRESS\":{\"type\":\"string\"},\"IP_COOLDOWN_PERIOD\":{\"format\":\"integer\",\"type\":\"string\"},\"MAX_ENI\":{\"format\":\"integer\",\"type\":\"string\"},\"MINIMUM_IP_TARGET\":{\"format\":\"integer\",\"type\":\"string\"},\"POD_SECURITY_GROUP_ENFORCING_MODE\":{\"type\":\"string\"},\"WARM_ENI_TARGET\":{\"format\":\"integer\",\"type\":\"string\"},\"WARM_IP_TARGET\":{\"format\":\"integer\",\"type\":\"string\"},\"WARM_PREFIX_TARGET\":{\"format\":\"integer\",\"type\":\"string\"}},\"title\":\"Env\",\"type\":\"object\"},\"Init\":{\"additionalProperties\":false,\"properties\":{\"env\":{\"$ref\":\"#/definitions/InitEnv\"}},\"title\":\"Init\",\"type\":\"object\"},\"InitEnv\":{\"additionalProperties\":false,\"properties\":{\"DISABLE_TCP_EARLY_DEMUX\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_V6_EGRESS\":{\"format\":\"boolean\",\"type\":\"string\"}},\"title\":\"InitEnv\",\"type\":\"object\"},\"Limits\":{\"additionalProperties\":false,\"properties\":{\"cpu\":{\"type\":\"string\"},\"memory\":{\"type\":\"string\"}},\"title\":\"Limits\",\"type\":\"object\"},\"NodeAgent\":{\"additionalProperties\":false,\"properties\":{\"enableCloudWatchLogs\":{\"format\":\"boolean\",\"type\":\"string\"},\"enablePolicyEventLogs\":{\"format\":\"boolean\",\"type\":\"string\"},\"healthProbeBindAddr\":{\"format\":\"integer\",\"type\":\"string\"},\"metricsBindAddr\":{\"format\":\"integer\",\"type\":\"string\"}},\"title\":\"NodeAgent\",\"type\":\"object\"},\"Resources\":{\"additionalProperties\":false,\"properties\":{\"limits\":{\"$ref\":\"#/definitions/Limits\"},\"requests\":{\"$ref\":\"#/definitions/Limits\"}},\"title\":\"Resources\",\"type\":\"object\"},\"Tolerations\":{\"additionalProperties\":false,\"items\":{\"type\":\"object\"},\"type\":\"array\"},\"VpcCni\":{\"additionalProperties\":false,\"properties\":{\"affinity\":{\"$ref\":\"#/definitions/Affinity\"},\"enableNetworkPolicy\":{\"format\":\"boolean\",\"type\":\"string\"},\"enableWindowsIpam\":{\"format\":\"boolean\",\"type\":\"string\"},\"eniConfig\":{\"$ref\":\"#/definitions/EniConfig\"},\"env\":{\"$ref\":\"#/definitions/Env\"},\"init\":{\"$ref\":\"#/definitions/Init\"},\"livenessProbeTimeoutSeconds\":{\"type\":\"integer\"},\"nodeAgent\":{\"$ref\":\"#/definitions/NodeAgent\"},\"readinessProbeTimeoutSeconds\":{\"type\":\"integer\"},\"resources\":{\"$ref\":\"#/definitions/Resources\"},\"tolerations\":{\"$ref\":\"#/definitions/Tolerations\"}},\"title\":\"VpcCni\",\"type\":\"object\"}},\"description\":\"vpc-cni\"}"
}
```
**示例 2:创建或更新 Amazon coredns 附加组件时可用的配置选项**
以下 `describe-addon-configuration` 示例返回您在为相应版本的 coredns 附加组件创建或更新附加组件时使用的所有可用配置架构。
```
aws eks describe-addon-configuration \
--addon-name coredns \
--addon-version v1.8.7-eksbuild.4
```
输出:
```
{
"addonName": "coredns",
"addonVersion": "v1.8.7-eksbuild.4",
"configurationSchema": "{\"$ref\":\"#/definitions/Coredns\",\"$schema\":\"http://json-schema.org/draft-06/schema#\",\"definitions\":{\"Coredns\":{\"additionalProperties\":false,\"properties\":{\"computeType\":{\"type\":\"string\"},\"corefile\":{\"description\":\"Entire corefile contents to use with installation\",\"type\":\"string\"},\"nodeSelector\":{\"additionalProperties\":{\"type\":\"string\"},\"type\":\"object\"},\"replicaCount\":{\"type\":\"integer\"},\"resources\":{\"$ref\":\"#/definitions/Resources\"}},\"title\":\"Coredns\",\"type\":\"object\"},\"Limits\":{\"additionalProperties\":false,\"properties\":{\"cpu\":{\"type\":\"string\"},\"memory\":{\"type\":\"string\"}},\"title\":\"Limits\",\"type\":\"object\"},\"Resources\":{\"additionalProperties\":false,\"properties\":{\"limits\":{\"$ref\":\"#/definitions/Limits\"},\"requests\":{\"$ref\":\"#/definitions/Limits\"}},\"title\":\"Resources\",\"type\":\"object\"}}}"
}
```
有关更多信息,请参阅《Amazon EKS》**中的[为 Amazon EKS 集群创建或更新 kubeconfig 文件](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeAddonConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-addon-configuration.html)。
### `describe-addon-versions`
以下代码示例演示了如何使用 `describe-addon-versions`。
**AWS CLI**
**示例 1:列出 EKS 集群的所有可用附加组件**
以下 `describe-addon-versions` 示例列出了所有可用的 AWS 附加组件。
```
aws eks describe-addon-versions \
--query 'sort_by(addons &owner)[].{publisher: publisher, owner: owner, addonName: addonName, type: type}' \
--output table
```
输出:
```
--------------------------------------------------------------------------------------------------------------------
| DescribeAddonVersions |
+---------------------------------------------+------------------+-----------------------+-------------------------+
| addonName | owner | publisher | type |
+---------------------------------------------+------------------+-----------------------+-------------------------+
| vpc-cni | aws | eks | networking |
| snapshot-controller | aws | eks | storage |
| kube-proxy | aws | eks | networking |
| eks-pod-identity-agent | aws | eks | security |
| coredns | aws | eks | networking |
| aws-mountpoint-s3-csi-driver | aws | s3 | storage |
| aws-guardduty-agent | aws | eks | security |
| aws-efs-csi-driver | aws | eks | storage |
| aws-ebs-csi-driver | aws | eks | storage |
| amazon-cloudwatch-observability | aws | eks | observability |
| adot | aws | eks | observability |
| upwind-security_upwind-operator | aws-marketplace | Upwind Security | security |
| upbound_universal-crossplane | aws-marketplace | upbound | infra-management |
| tetrate-io_istio-distro | aws-marketplace | tetrate-io | policy-management |
| teleport_teleport | aws-marketplace | teleport | policy-management |
| stormforge_optimize-live | aws-marketplace | StormForge | cost-management |
| splunk_splunk-otel-collector-chart | aws-marketplace | Splunk | monitoring |
| solo-io_istio-distro | aws-marketplace | Solo.io | service-mesh |
| rafay-systems_rafay-operator | aws-marketplace | rafay-systems | kubernetes-management |
| new-relic_kubernetes-operator | aws-marketplace | New Relic | observability |
| netapp_trident-operator | aws-marketplace | NetApp Inc. | storage |
| leaksignal_leakagent | aws-marketplace | leaksignal | monitoring |
| kubecost_kubecost | aws-marketplace | kubecost | cost-management |
| kong_konnect-ri | aws-marketplace | kong | ingress-service-type |
| kasten_k10 | aws-marketplace | Kasten by Veeam | data-protection |
| haproxy-technologies_kubernetes-ingress-ee | aws-marketplace | HAProxy Technologies | ingress-controller |
| groundcover_agent | aws-marketplace | groundcover | monitoring |
| grafana-labs_kubernetes-monitoring | aws-marketplace | Grafana Labs | monitoring |
| factorhouse_kpow | aws-marketplace | factorhouse | monitoring |
| dynatrace_dynatrace-operator | aws-marketplace | dynatrace | monitoring |
| datree_engine-pro | aws-marketplace | datree | policy-management |
| datadog_operator | aws-marketplace | Datadog | monitoring |
| cribl_cribledge | aws-marketplace | Cribl | observability |
| calyptia_fluent-bit | aws-marketplace | Calyptia Inc | observability |
| accuknox_kubearmor | aws-marketplace | AccuKnox | security |
+---------------------------------------------+------------------+-----------------------+-------------------------+
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 2:列出 EKS 支持的指定 Kubernetes 版本的所有可用附加组件**
以下 `describe-addon-versions` 示例列出了 EKS 支持的指定 Kubernetes 版本的所有可用附加组件。
```
aws eks describe-addon-versions \
--kubernetes-version=1.26 \
--query 'sort_by(addons &owner)[].{publisher: publisher, owner: owner, addonName: addonName, type: type}' \
--output table
```
输出:
```
--------------------------------------------------------------------------------------------------------------------
| DescribeAddonVersions |
+---------------------------------------------+------------------+-----------------------+-------------------------+
| addonName | owner | publisher | type |
+---------------------------------------------+------------------+-----------------------+-------------------------+
| vpc-cni | aws | eks | networking |
| snapshot-controller | aws | eks | storage |
| kube-proxy | aws | eks | networking |
| eks-pod-identity-agent | aws | eks | security |
| coredns | aws | eks | networking |
| aws-mountpoint-s3-csi-driver | aws | s3 | storage |
| aws-guardduty-agent | aws | eks | security |
| aws-efs-csi-driver | aws | eks | storage |
| aws-ebs-csi-driver | aws | eks | storage |
| amazon-cloudwatch-observability | aws | eks | observability |
| adot | aws | eks | observability |
| upwind-security_upwind-operator | aws-marketplace | Upwind Security | security |
| tetrate-io_istio-distro | aws-marketplace | tetrate-io | policy-management |
| stormforge_optimize-live | aws-marketplace | StormForge | cost-management |
| splunk_splunk-otel-collector-chart | aws-marketplace | Splunk | monitoring |
| solo-io_istio-distro | aws-marketplace | Solo.io | service-mesh |
| rafay-systems_rafay-operator | aws-marketplace | rafay-systems | kubernetes-management |
| new-relic_kubernetes-operator | aws-marketplace | New Relic | observability |
| netapp_trident-operator | aws-marketplace | NetApp Inc. | storage |
| leaksignal_leakagent | aws-marketplace | leaksignal | monitoring |
| kubecost_kubecost | aws-marketplace | kubecost | cost-management |
| kong_konnect-ri | aws-marketplace | kong | ingress-service-type |
| haproxy-technologies_kubernetes-ingress-ee | aws-marketplace | HAProxy Technologies | ingress-controller |
| groundcover_agent | aws-marketplace | groundcover | monitoring |
| grafana-labs_kubernetes-monitoring | aws-marketplace | Grafana Labs | monitoring |
| dynatrace_dynatrace-operator | aws-marketplace | dynatrace | monitoring |
| datadog_operator | aws-marketplace | Datadog | monitoring |
| cribl_cribledge | aws-marketplace | Cribl | observability |
| calyptia_fluent-bit | aws-marketplace | Calyptia Inc | observability |
| accuknox_kubearmor | aws-marketplace | AccuKnox | security |
+---------------------------------------------+------------------+-----------------------+-------------------------+
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
**示例 3:列出 EKS 支持的指定 Kubernetes 版本的所有可用 vpc-cni 附加组件版本**
以下 `describe-addon-versions` 示例列出了 EKS 支持的指定 Kubernetes 版本的所有可用 vpc-cni 附加组件版本。
```
aws eks describe-addon-versions \
--kubernetes-version=1.26 \
--addon-name=vpc-cni \
--query='addons[].addonVersions[].addonVersion'
```
输出:
```
[
"v1.18.0-eksbuild.1",
"v1.17.1-eksbuild.1",
"v1.16.4-eksbuild.2",
"v1.16.3-eksbuild.2",
"v1.16.2-eksbuild.1",
"v1.16.0-eksbuild.1",
"v1.15.5-eksbuild.1",
"v1.15.4-eksbuild.1",
"v1.15.3-eksbuild.1",
"v1.15.1-eksbuild.1",
"v1.15.0-eksbuild.2",
"v1.14.1-eksbuild.1",
"v1.14.0-eksbuild.3",
"v1.13.4-eksbuild.1",
"v1.13.3-eksbuild.1",
"v1.13.2-eksbuild.1",
"v1.13.0-eksbuild.1",
"v1.12.6-eksbuild.2",
"v1.12.6-eksbuild.1",
"v1.12.5-eksbuild.2",
"v1.12.0-eksbuild.2"
]
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 创建附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeAddonVersions](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-addon-versions.html)。
### `describe-addon`
以下代码示例演示了如何使用 `describe-addon`。
**AWS CLI**
**描述在 Amazon EKS 集群中主动运行的 EKS 附加组件**
以下 `describe-addon` 示例描述在您的 Amazon EKS 集群中主动运行的 EKS 附加组件。
```
aws eks describe-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni
```
输出:
```
{
"addon": {
"addonName": "vpc-cni",
"clusterName": "my-eks-cluster",
"status": "ACTIVE",
"addonVersion": "v1.16.4-eksbuild.2",
"health": {
"issues": []
},
"addonArn": "arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/vpc-cni/0ec71efc-98dd-3203-60b0-4b939b2a5e5f",
"createdAt": "2024-03-14T13:18:45.417000-04:00",
"modifiedAt": "2024-03-14T13:18:49.557000-04:00",
"serviceAccountRoleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm",
"tags": {
"eks-addon-key-3": "value-3",
"eks-addon-key-4": "value-4"
},
"configurationValues": "resources:\n limits:\n cpu: '100m'\nenv:\n AWS_VPC_K8S_CNI_LOGLEVEL: 'DEBUG'"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeAddon](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-addon.html)。
### `describe-cluster`
以下代码示例演示了如何使用 `describe-cluster`。
**AWS CLI**
**描述在 Amazon EKS 集群中主动运行的 EKS 附加组件**
以下 `describe-cluster` 示例描述在您的 Amazon EKS 集群中主动运行的 EKS 附加组件。
```
aws eks describe-cluster \
--name my-eks-cluster
```
输出:
```
{
"cluster": {
"name": "my-eks-cluster",
"arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster",
"createdAt": "2024-03-14T11:31:44.348000-04:00",
"version": "1.26",
"endpoint": "https://JSA79429HJDASKJDJ8223829MNDNASW.yl4.us-east-2.eks.amazonaws.com",
"roleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-cluster-ServiceRole-zMF6CBakwwbW",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-0fb75d2d8401716e7",
"subnet-02184492f67a3d0f9",
"subnet-04098063527aab776",
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"securityGroupIds": [
"sg-0c1327f6270afbb36"
],
"clusterSecurityGroupId": "sg-01c84d09d70f39a7f",
"vpcId": "vpc-0012b8e1cc0abb17d",
"endpointPublicAccess": true,
"endpointPrivateAccess": true,
"publicAccessCidrs": [
"22.19.18.2/32"
]
},
"kubernetesNetworkConfig": {
"serviceIpv4Cidr": "10.100.0.0/16",
"ipFamily": "ipv4"
},
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": true
}
]
},
"identity": {
"oidc": {
"issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/JSA79429HJDASKJDJ8223829MNDNASW"
}
},
"status": "ACTIVE",
"certificateAuthority": {
"data": "CA_DATA_STRING..."
},
"platformVersion": "eks.14",
"tags": {
"aws:cloudformation:stack-name": "eksctl-my-eks-cluster-cluster",
"alpha.eksctl.io/cluster-name": "my-eks-cluster",
"karpenter.sh/discovery": "my-eks-cluster",
"aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-cluster/e752ea00-e217-11ee-beae-0a9599c8c7ed",
"auto-delete": "no",
"eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster",
"EKS-Cluster-Name": "my-eks-cluster",
"alpha.eksctl.io/cluster-oidc-enabled": "true",
"aws:cloudformation:logical-id": "ControlPlane",
"alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z",
"Name": "eksctl-my-eks-cluster-cluster/ControlPlane"
},
"health": {
"issues": []
},
"accessConfig": {
"authenticationMode": "API_AND_CONFIG_MAP"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeCluster](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-cluster.html)。
### `describe-fargate-profile`
以下代码示例演示了如何使用 `describe-fargate-profile`。
**AWS CLI**
**描述 Fargate 配置文件**
以下 `describe-fargate-profile` 示例描述了 Fargate 配置文件。
```
aws eks describe-fargate-profile \
--cluster-name my-eks-cluster \
--fargate-profile-name my-fargate-profile
```
输出:
```
{
"fargateProfile": {
"fargateProfileName": "my-fargate-profile",
"fargateProfileArn": "arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/96c766ce-43d2-f9c9-954c-647334391198",
"clusterName": "my-eks-cluster",
"createdAt": "2024-04-11T10:42:52.486000-04:00",
"podExecutionRoleArn": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-farga-FargatePodExecutionRole-1htfAaJdJUEO",
"subnets": [
"subnet-09d912bb63ef21b9a",
"subnet-04ad87f71c6e5ab4d",
"subnet-0e2907431c9988b72"
],
"selectors": [
{
"namespace": "prod*",
"labels": {
"labelname*?": "*value1"
}
},
{
"namespace": "*dev*",
"labels": {
"labelname*?": "*value*"
}
}
],
"status": "ACTIVE",
"tags": {
"eks-fargate-profile-key-2": "value-2",
"eks-fargate-profile-key-1": "value-1"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeFargateProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-fargate-profile.html)。
### `describe-identity-provider-config`
以下代码示例演示了如何使用 `describe-identity-provider-config`。
**AWS CLI**
**描述与 Amazon EKS 集群关联的身份提供商配置**
以下 `describe-identity-provider-config` 示例描述了与您的 Amazon EKS 集群关联的身份提供商配置。
```
aws eks describe-identity-provider-config \
--cluster-name my-eks-cluster \
--identity-provider-config type=oidc,name=my-identity-provider
```
输出:
```
{
"identityProviderConfig": {
"oidc": {
"identityProviderConfigName": "my-identity-provider",
"identityProviderConfigArn": "arn:aws:eks:us-east-2:111122223333:identityproviderconfig/my-eks-cluster/oidc/my-identity-provider/8ac76722-78e4-cec1-ed76-d49eea058622",
"clusterName": "my-eks-cluster",
"issuerUrl": "https://oidc.eks.us-east-2.amazonaws.com/id/38D6A4619A0A69E342B113ED7F1A7652",
"clientId": "kubernetes",
"usernameClaim": "email",
"usernamePrefix": "my-username-prefix",
"groupsClaim": "my-claim",
"groupsPrefix": "my-groups-prefix",
"requiredClaims": {
"Claim1": "value1",
"Claim2": "value2"
},
"tags": {
"env": "dev"
},
"status": "ACTIVE"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[通过 OpenID Connect 身份提供商对集群的用户进行身份验证](https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeIdentityProviderConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-identity-provider-config.html)。
### `describe-insight`
以下代码示例演示了如何使用 `describe-insight`。
**AWS CLI**
**使用 EKS 集群的 ID 获取该集群的见解的详细信息**
以下 `describe-insight` 示例返回有关使用集群名称和见解 ID 指定的见解的详细信息。
```
aws eks describe-insight \
--cluster-name eks-customer \
--id 38ea7a64-a14f-4e0e-95c7-8dbcab3c3623
```
输出:
```
{
"insight": {
"id": "38ea7a64-a14f-4e0e-95c7-8dbcab3c3623",
"name": "Kubelet version skew",
"category": "UPGRADE_READINESS",
"kubernetesVersion": "1.33",
"lastRefreshTime": "2025-05-24T11:22:50-05:00",
"lastTransitionTime": "2025-05-24T11:22:50-05:00",
"description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause noncompliance with supported Kubernetes kubelet version skew policy.",
"insightStatus": {
"status": "PASSING",
"reason": "Node kubelet versions match the cluster control plane version."
},
"recommendation": "Upgrade your worker nodes to match the Kubernetes version of your cluster control plane.",
"additionalInfo": {
"Kubelet version skew policy": "https://kubernetes.io/releases/version-skew-policy/#kubelet",
"Updating a managed node group": "https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html"
},
"resources": [],
"categorySpecificSummary": {
"deprecationDetails": []
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[查看集群见解](https://docs.aws.amazon.com/eks/latest/userguide/view-cluster-insights.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DescribeInsight](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-insight.html)。
### `describe-nodegroup`
以下代码示例演示了如何使用 `describe-nodegroup`。
**AWS CLI**
**描述 Amazon EKS 集群的托管节点组**
以下 `describe-nodegroup` 示例描述了 Amazon EKS 集群的托管节点组。
```
aws eks describe-nodegroup \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup
```
输出:
```
{
"nodegroup": {
"nodegroupName": "my-eks-nodegroup",
"nodegroupArn": "arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-nodegroup/a8c75f2f-df78-a72f-4063-4b69af3de5b1",
"clusterName": "my-eks-cluster",
"version": "1.26",
"releaseVersion": "1.26.12-20240329",
"createdAt": "2024-04-08T11:42:10.555000-04:00",
"modifiedAt": "2024-04-08T11:44:12.402000-04:00",
"status": "ACTIVE",
"capacityType": "ON_DEMAND",
"scalingConfig": {
"minSize": 1,
"maxSize": 3,
"desiredSize": 1
},
"instanceTypes": [
"t3.medium"
],
"subnets": [
"subnet-0e2907431c9988b72",
"subnet-04ad87f71c6e5ab4d",
"subnet-09d912bb63ef21b9a"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::111122223333:role/role-name",
"labels": {},
"resources": {
"autoScalingGroups": [
{
"name": "eks-my-eks-nodegroup-a8c75f2f-df78-a72f-4063-4b69af3de5b1"
}
]
},
"diskSize": 20,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 1
},
"tags": {}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeNodegroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-nodegroup.html)。
### `describe-pod-identity-association`
以下代码示例演示了如何使用 `describe-pod-identity-association`。
**AWS CLI**
**提供有关容器组身份关联的详细信息**
以下 `describe-pod-identity-association` 示例描述 EKS 集群中的容器组身份关联。
```
aws eks describe-pod-identity-association \
--cluster-name eks-customer \
--association-id a-9njjin9gfghecgocd
```
输出:
```
{
"association": {
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"roleArn": "arn:aws:iam::111122223333:role/my-role",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
"associationId": "a-9njjin9gfghecgocd",
"tags": {
"Key2": "value2",
"Key1": "value1"
},
"createdAt": "2025-05-24T19:52:14.135000-05:00",
"modifiedAt": "2025-05-24T19:52:14.135000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DescribePodIdentityAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-pod-identity-association.html)。
### `describe-update`
以下代码示例演示了如何使用 `describe-update`。
**AWS CLI**
**示例 1:描述集群的更新**
以下 `describe-update` 示例描述了指定集群的更新。
```
aws eks describe-update \
--name my-eks-cluster \
--update-id 10bddb13-a71b-425a-b0a6-71cd03e59161
```
输出:
```
{
"update": {
"id": "10bddb13-a71b-425a-b0a6-71cd03e59161",
"status": "Successful",
"type": "EndpointAccessUpdate",
"params": [
{
"type": "EndpointPublicAccess",
"value": "false"
},
{
"type": "EndpointPrivateAccess",
"value": "true"
}
],
"createdAt": "2024-03-14T10:01:26.297000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新 Amazon EKS 集群 Kubernetes 版本](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)。
**示例 2:描述集群的更新**
以下 `describe-update` 示例描述了指定集群的更新。
```
aws eks describe-update \
--name my-eks-cluster \
--update-id e4994991-4c0f-475a-a040-427e6da52966
```
输出:
```
{
"update": {
"id": "e4994991-4c0f-475a-a040-427e6da52966",
"status": "Successful",
"type": "AssociateEncryptionConfig",
"params": [
{
"type": "EncryptionConfig",
"value": "[{\"resources\":[\"secrets\"],\"provider\":{\"keyArn\":\"arn:aws:kms:region-code:account:key/key\"}}]"
}
],
"createdAt": "2024-03-14T11:01:26.297000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新 Amazon EKS 集群 Kubernetes 版本](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)。
**示例 3:描述集群的更新**
以下 `describe-update` 示例描述了指定集群的更新。
```
aws eks describe-update \
--name my-eks-cluster \
--update-id b5f0ba18-9a87-4450-b5a0-825e6e84496f
```
输出:
```
{
"update": {
"id": "b5f0ba18-9a87-4450-b5a0-825e6e84496f",
"status": "Successful",
"type": "VersionUpdate",
"params": [
{
"type": "Version",
"value": "1.29"
},
{
"type": "PlatformVersion",
"value": "eks.1"
}
],
"createdAt": "2024-03-14T12:05:26.297000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新 Amazon EKS 集群 Kubernetes 版本](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUpdate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/describe-update.html)。
### `disassociate-access-policy`
以下代码示例演示了如何使用 `disassociate-access-policy`。
**AWS CLI**
**取消访问策略与访问条目的关联**
以下 `disassociate-access-policy` 移除与访问条目关联的访问策略。
```
aws eks disassociate-access-policy \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/Admin \
--policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[将访问策略与访问条目关联起来](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DisassociateAccessPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/disassociate-access-policy.html)。
### `disassociate-identity-provider-config`
以下代码示例演示了如何使用 `disassociate-identity-provider-config`。
**AWS CLI**
**取消身份提供商与 Amazon EKS 集群的关联**
以下 `disassociate-identity-provider-config` 示例取消身份提供商与您的 Amazon EKS 集群的关联。
```
aws eks disassociate-identity-provider-config \
--cluster-name my-eks-cluster \
--identity-provider-config 'type=oidc,name=my-identity-provider'
```
输出:
```
{
"update": {
"id": "5f78d14e-c57b-4857-a3e4-cf664ae20949",
"status": "InProgress",
"type": "DisassociateIdentityProviderConfig",
"params": [
{
"type": "IdentityProviderConfig",
"value": "[]"
}
],
"createdAt": "2024-04-11T13:53:43.314000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[通过 OpenID Connect 身份提供商对集群的用户进行身份验证 – 取消 OIDC 身份提供商与集群的关联](https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html#disassociate-oidc-identity-provider)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DisassociateIdentityProviderConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/disassociate-identity-provider-config.html)。
### `get-token`
以下代码示例演示了如何使用 `get-token`。
**AWS CLI**
**示例 1:获取名为“my-eks-cluster”的 Amazon EKS 集群的身份验证令牌**
以下 `get-token` 示例获取名为 my-eks-cluster 的 Amazon EKS 集群的身份验证令牌。
```
aws eks get-token \
--cluster-name my-eks-cluster
```
输出:
```
{
"kind": "ExecCredential",
"apiVersion": "client.authentication.k8s.io/v1beta1",
"spec": {},
"status": {
"expirationTimestamp": "2024-04-11T20:59:56Z",
"token": "k8s-aws-v1.EXAMPLE_TOKEN_DATA_STRING..."
}
}
```
**示例 2:通过在签名令牌时为凭证代入此 roleARN,从而获取名为“my-eks-cluster”的 Amazon EKS 集群的身份验证令牌**
以下 `get-token` 示例通过在签名令牌时为凭证代入此 roleARN,从而获取名为 my-eks-cluster 的 Amazon EKS 集群的身份验证令牌。
```
aws eks get-token \
--cluster-name my-eks-cluster \
--role-arn arn:aws:iam::111122223333:role/eksctl-EKS-Linux-Cluster-v1-24-cluster-ServiceRole-j1k7AfTIQtnM
```
输出:
```
{
"kind": "ExecCredential",
"apiVersion": "client.authentication.k8s.io/v1beta1",
"spec": {},
"status": {
"expirationTimestamp": "2024-04-11T21:05:26Z",
"token": "k8s-aws-v1.EXAMPLE_TOKEN_DATA_STRING..."
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/get-token.html)。
### `list-access-entries`
以下代码示例演示了如何使用 `list-access-entries`。
**AWS CLI**
**列出 EKS 集群的访问条目**
以下 `list-access-entries` 返回与 EKS 集群 `eks-customer` 关联的访问条目的列表。
```
aws eks list-access-entries \
--cluster-name eks-customer
```
输出:
```
{
"accessEntries": [
"arn:aws:iam::111122223333:role/Admin",
"arn:aws:iam::111122223333:role/admin-test-ip",
"arn:aws:iam::111122223333:role/assume-worker-node-role",
"arn:aws:iam::111122223333:user/eks-admin-user"
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[使用 EKS 访问条目向 IAM 用户授予 Kubernetes 访问权限](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListAccessEntries](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-access-entries.html)。
### `list-access-policies`
以下代码示例演示了如何使用 `list-access-policies`。
**AWS CLI**
**列出所有可用的访问策略**
此 `list-access-policies` 示例返回所有可用访问策略的列表。
```
aws eks list-access-policies
```
输出:
```
{
"accessPolicies": [
{
"name": "AmazonEKSAdminPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy"
},
{
"name": "AmazonEKSAdminViewPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminViewPolicy"
},
{
"name": "AmazonEKSAutoNodePolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAutoNodePolicy"
},
{
"name": "AmazonEKSBlockStorageClusterPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStorageClusterPolicy"
},
{
"name": "AmazonEKSBlockStoragePolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStoragePolicy"
},
{
"name": "AmazonEKSClusterAdminPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
},
{
"name": "AmazonEKSComputeClusterPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputeClusterPolicy"
},
{
"name": "AmazonEKSComputePolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputePolicy"
},
{
"name": "AmazonEKSEditPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy"
},
{
"name": "AmazonEKSHybridPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSHybridPolicy"
},
{
"name": "AmazonEKSLoadBalancingClusterPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingClusterPolicy"
},
{
"name": "AmazonEKSLoadBalancingPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingPolicy"
},
{
"name": "AmazonEKSNetworkingClusterPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingClusterPolicy"
},
{
"name": "AmazonEKSNetworkingPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingPolicy"
},
{
"name": "AmazonEKSViewPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
},
{
"name": "AmazonEMRJobPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEMRJobPolicy"
},
{
"name": "AmazonSagemakerHyperpodClusterPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodClusterPolicy"
},
{
"name": "AmazonSagemakerHyperpodControllerPolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodControllerPolicy"
},
{
"name": "AmazonSagemakerHyperpodSystemNamespacePolicy",
"arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodSystemNamespacePolicy"
}
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[将访问策略与访问条目关联起来](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 [ListAccessPolicies](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-access-policies.html)**。
### `list-addons`
以下代码示例演示了如何使用 `list-addons`。
**AWS CLI**
**列出名为“my-eks-cluster”的 Amazon EKS 集群中所有已安装的附加组件**
以下 `list-addons` 示例列出了名为 my-eks-cluster 的 Amazon EKS 集群中所有已安装的附加组件。
```
aws eks list-addons \
--cluster-name my-eks-cluster
```
输出:
```
{
"addons": [
"kube-proxy",
"vpc-cni"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListAddons](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-addons.html)。
### `list-associated-access-policies`
以下代码示例演示了如何使用 `list-associated-access-policies`。
**AWS CLI**
**列出与访问条目关联的访问策略**
以下 `list-associated-access-policies` 示例返回与 EKS 集群中的访问条目关联的访问策略列表。
```
aws eks list-associated-access-policies \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/Admin
```
输出:
```
{
"associatedAccessPolicies": [
{
"policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy",
"accessScope": {
"type": "cluster",
"namespaces": []
},
"associatedAt": "2025-05-24T17:26:22.935000-05:00",
"modifiedAt": "2025-05-24T17:26:22.935000-05:00"
}
],
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:role/Admin"
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[使用 EKS 访问条目向 IAM 用户授予 Kubernetes 访问权限](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html)。
+ 有关 API 详细信息,请参阅 *AWS CLI Command Reference* 中的 [ListAssociatedAccessPolicies](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-associated-access-policies.html)。
### `list-clusters`
以下代码示例演示了如何使用 `list-clusters`。
**AWS CLI**
**列出名为“my-eks-cluster”的 Amazon EKS 集群中所有已安装的附加组件**
以下 `list-clusters` 示例列出了名为 my-eks-cluster 的 Amazon EKS 集群中所有已安装的附加组件。
```
aws eks list-clusters
```
输出:
```
{
"clusters": [
"prod",
"qa",
"stage",
"my-eks-cluster"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListClusters](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-clusters.html)。
### `list-fargate-profiles`
以下代码示例演示了如何使用 `list-fargate-profiles`。
**AWS CLI**
**列出名为“my-eks-cluster”的 Amazon EKS 集群中的所有 Fargate 配置文件**
以下 `list-fargate-profiles` 示例列出了名为 my-eks-cluster 的 Amazon EKS 集群中的所有 Fargate 配置文件。
```
aws eks list-fargate-profiles \
--cluster-name my-eks-cluster
```
输出:
```
{
"fargateProfileNames": [
"my-fargate-profile"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFargateProfiles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-fargate-profiles.html)。
### `list-identity-provider-configs`
以下代码示例演示了如何使用 `list-identity-provider-configs`。
**AWS CLI**
**列出与 Amazon EKS 集群关联的身份提供商**
以下 `list-identity-provider-configs` 示例列出了与 Amazon EKS 集群关联的身份提供商。
```
aws eks list-identity-provider-configs \
--cluster-name my-eks-cluster
```
输出:
```
{
"identityProviderConfigs": [
{
"type": "oidc",
"name": "my-identity-provider"
}
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[通过 OpenID Connect 身份提供商对集群的用户进行身份验证](https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListIdentityProviderConfigs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-identity-provider-configs.html)。
### `list-insights`
以下代码示例演示了如何使用 `list-insights`。
**AWS CLI**
**列出指定集群的所有见解**
以下 `list-insights` 示例返回针对指定的集群检查的所有见解的列表。
```
aws eks list-insights \
--cluster-name eks-customer
```
输出:
```
{
"insights": [
{
"id": "38ea7a64-a14f-4e0e-95c7-8dbcab3c3616",
"name": "Kubelet version skew",
"category": "UPGRADE_READINESS",
"kubernetesVersion": "1.33",
"lastRefreshTime": "2025-05-24T11:22:50-05:00",
"lastTransitionTime": "2025-05-24T11:22:50-05:00",
"description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause noncompliance with supported Kubernetes kubelet version skew policy.",
"insightStatus": {
"status": "PASSING",
"reason": "Node kubelet versions match the cluster control plane version."
}
},
{
"id": "9cd91472-f99c-45a9-b7d7-54d4900dee23",
"name": "EKS add-on version compatibility",
"category": "UPGRADE_READINESS",
"kubernetesVersion": "1.33",
"lastRefreshTime": "2025-05-24T11:22:59-05:00",
"lastTransitionTime": "2025-05-24T11:22:50-05:00",
"description": "Checks version of installed EKS add-ons to ensure they are compatible with the next version of Kubernetes. ",
"insightStatus": {
"status": "PASSING",
"reason": "All installed EKS add-on versions are compatible with next Kubernetes version."
}
},
{
"id": "0deb269d-b1e1-458c-a2b4-7a57f940c875",
"name": "Cluster health issues",
"category": "UPGRADE_READINESS",
"kubernetesVersion": "1.33",
"lastRefreshTime": "2025-05-24T11:22:59-05:00",
"lastTransitionTime": "2025-05-24T11:22:50-05:00",
"description": "Checks for any cluster health issues that prevent successful upgrade to the next Kubernetes version on EKS.",
"insightStatus": {
"status": "PASSING",
"reason": "No cluster health issues detected."
}
},
{
"id": "214fa274-344f-420b-812a-5049ce72c9ww",
"name": "kube-proxy version skew",
"category": "UPGRADE_READINESS",
"kubernetesVersion": "1.33",
"lastRefreshTime": "2025-05-24T11:22:50-05:00",
"lastTransitionTime": "2025-05-24T11:22:50-05:00",
"description": "Checks version of kube-proxy in cluster to see if upgrade would cause noncompliance with supported Kubernetes kube-proxy version skew policy.",
"insightStatus": {
"status": "PASSING",
"reason": "kube-proxy versions match the cluster control plane version."
}
}
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[查看集群见解](https://docs.aws.amazon.com/eks/latest/userguide/view-cluster-insights.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListInsights](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-insights.html)。
### `list-nodegroups`
以下代码示例演示了如何使用 `list-nodegroups`。
**AWS CLI**
**列出 Amazon EKS 集群中的所有节点组**
以下 `list-nodegroups` 示例列出了 Amazon EKS 集群中的所有节点组。
```
aws eks list-nodegroups \
--cluster-name my-eks-cluster
```
输出:
```
{
"nodegroups": [
"my-eks-managed-node-group",
"my-eks-nodegroup"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListNodegroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-nodegroups.html)。
### `list-pod-identity-associations`
以下代码示例演示了如何使用 `list-pod-identity-associations`。
**AWS CLI**
**示例 1:列出 EKS 集群中的容器组身份关联**
以下 `list-pod-identity-associations` 返回与所有命名空间和服务账户中名为 `eks-customer` 的 EKS 集群关联的容器组身份关联的列表。
```
aws eks list-pod-identity-associations \
--cluster-name eks-customer
```
输出:
```
{
"associations": [
{
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
"associationId": "a-9njjin9gfghecgocd"
},
{
"clusterName": "eks-customer",
"namespace": "kube-system",
"serviceAccount": "eks-customer",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-dvtacahdvjn01ffbc",
"associationId": "a-dvtacahdvjn01ffbc"
},
{
"clusterName": "eks-customer",
"namespace": "kube-system",
"serviceAccount": "coredns",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-yrpsdroc4ei7k6xps",
"associationId": "a-yrpsdroc4ei7k6xps"
}
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
**示例 2:根据命名空间和服务账户列出 EKS 集群中的容器组身份关联**
以下 `list-pod-identity-associations` 根据命名空间和服务账户返回 EKS 集群中的容器组身份关联的列表。
```
aws eks list-pod-identity-associations \
--cluster-name eks-customer \
--namespace kube-system \
--service-account eks-customer
```
输出:
```
{
"associations": [
{
"clusterName": "eks-customer",
"namespace": "kube-system",
"serviceAccount": "eks-customer",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-dvtacahdvjn01ffbc",
"associationId": "a-dvtacahdvjn01ffbc"
}
]
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListPodIdentityAssociations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-pod-identity-associations.html)。
### `list-tags-for-resource`
以下代码示例演示了如何使用 `list-tags-for-resource`。
**AWS CLI**
**示例 1:列出 Amazon EKS 集群 ARN 的所有标签**
以下 `list-tags-for-resource` 示例列出了 Amazon EKS 集群 ARN 的所有标签。
```
aws eks list-tags-for-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster
```
输出:
```
{
"tags": {
"aws:cloudformation:stack-name": "eksctl-my-eks-cluster-cluster",
"alpha.eksctl.io/cluster-name": "my-eks-cluster",
"karpenter.sh/discovery": "my-eks-cluster",
"aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-cluster/e752ea00-e217-11ee-beae-0a9599c8c7ed",
"auto-delete": "no",
"eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster",
"EKS-Cluster-Name": "my-eks-cluster",
"alpha.eksctl.io/cluster-oidc-enabled": "true",
"aws:cloudformation:logical-id": "ControlPlane",
"alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z",
"Name": "eksctl-my-eks-cluster-cluster/ControlPlane"
}
}
```
**示例 2:列出 Amazon EKS 节点组 ARN 的所有标签**
以下 `list-tags-for-resource` 示例列出了 Amazon EKS 节点组 ARN 的所有标签。
```
aws eks list-tags-for-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-managed-node-group/60c71ed2-2cfb-020f-a5f4-ad32477f198c
```
输出:
```
{
"tags": {
"aws:cloudformation:stack-name": "eksctl-my-eks-cluster-nodegroup-my-eks-managed-node-group",
"aws:cloudformation:stack-id": "arn:aws:cloudformation:us-east-2:111122223333:stack/eksctl-my-eks-cluster-nodegroup-my-eks-managed-node-group/eaa20310-e219-11ee-b851-0ab9ad8228ff",
"eksctl.cluster.k8s.io/v1alpha1/cluster-name": "my-eks-cluster",
"EKS-Cluster-Name": "my-eks-cluster",
"alpha.eksctl.io/nodegroup-type": "managed",
"NodeGroup Name 1": "my-eks-managed-node-group",
"k8s.io/cluster-autoscaler/enabled": "true",
"nodegroup-role": "worker",
"alpha.eksctl.io/cluster-name": "my-eks-cluster",
"alpha.eksctl.io/nodegroup-name": "my-eks-managed-node-group",
"karpenter.sh/discovery": "my-eks-cluster",
"NodeGroup Name 2": "AmazonLinux-Linux-Managed-NG-v1-26-v1",
"auto-delete": "no",
"k8s.io/cluster-autoscaler/my-eks-cluster": "owned",
"aws:cloudformation:logical-id": "ManagedNodeGroup",
"alpha.eksctl.io/eksctl-version": "0.173.0-dev+a7ee89342.2024-03-01T03:40:57Z"
}
}
```
**示例 3:列出 Amazon EKS Fargate 配置文件 ARN 上的所有标签**
以下 `list-tags-for-resource` 示例列出了 Amazon EKS Fargate 配置文件 ARN 上的所有标签。
```
aws eks list-tags-for-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:fargateprofile/my-eks-cluster/my-fargate-profile/d6c76780-e541-0725-c816-36754cab734b
```
输出:
```
{
"tags": {
"eks-fargate-profile-key-2": "value-2",
"eks-fargate-profile-key-1": "value-1"
}
}
```
**示例 4:列出 Amazon EKS 附加组件 ARN 的所有标签**
以下 `list-tags-for-resource` 示例列出了 Amazon EKS 附加组件 ARN 的所有标签。
```
aws eks list-tags-for-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:addon/my-eks-cluster/vpc-cni/0ec71efc-98dd-3203-60b0-4b939b2a5e5f
```
输出:
```
{
"tags": {
"eks-addon-key-2": "value-2",
"eks-addon-key-1": "value-1"
}
}
```
**示例 5:列出 Amazon EKS OIDC 身份提供商 ARN 的所有标签**
以下 `list-tags-for-resource` 示例列出了 Amazon EKS OIDC 身份提供商 ARN 的所有标签。
```
aws eks list-tags-for-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:identityproviderconfig/my-eks-cluster/oidc/my-identity-provider/8ac76722-78e4-cec1-ed76-d49eea058622
```
输出:
```
{
"tags": {
"my-identity-provider": "test"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-tags-for-resource.html)。
### `list-update`
以下代码示例演示了如何使用 `list-update`。
**AWS CLI**
**示例 1:列出与 Amazon EKS 集群名称相关的更新**
以下 `list-updates` 示例列出了 Amazon EKS 集群名称的所有更新 ID。
```
aws eks list-updates \
--name my-eks-cluster
```
输出:
```
{
"updateIds": [
"5f78d14e-c57b-4857-a3e4-cf664ae20949",
"760e5a3f-adad-48c7-88d3-7ac283c09c26",
"cd4ec863-bc55-47d5-a377-3971502f529b",
"f12657ce-e869-4f17-b158-a82ab8b7d937"
]
}
```
**示例 2:列出 Amazon EKS 节点组的所有更新 ID**
以下 `list-updates` 示例列出了 Amazon EKS 节点组的所有更新 ID。
```
aws eks list-updates \
--name my-eks-cluster \
--nodegroup-name my-eks-managed-node-group
```
输出:
```
{
"updateIds": [
"8c6c1bef-61fe-42ac-a242-89412387b8e7"
]
}
```
**示例 3:列出 Amazon EKS 附加组件上的所有更新 ID**
以下 `list-updates` 示例列出了 Amazon EKS 附加组件的所有更新 ID。
```
aws eks list-updates \
--name my-eks-cluster \
--addon-name vpc-cni
```
输出:
```
{
"updateIds": [
"9cdba8d4-79fb-3c83-afe8-00b508d33268"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListUpdate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-update.html)。
### `list-updates`
以下代码示例演示了如何使用 `list-updates`。
**AWS CLI**
**列出集群的更新**
此示例命令列出了默认区域中名为 `example` 的集群的当前更新。
命令:
```
aws eks list-updates --name example
```
输出:
```
{
"updateIds": [
"10bddb13-a71b-425a-b0a6-71cd03e59161"
]
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListUpdates](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/list-updates.html)。
### `register-cluster`
以下代码示例演示了如何使用 `register-cluster`。
**AWS CLI**
**示例 1:将外部 EKS\$1ANYWHERE Kubernetes 集群注册到 Amazon EKS**
以下 `register-cluster` 示例将外部 EKS\$1ANYWHERE Kubernetes 集群注册到 Amazon EKS。
```
aws eks register-cluster \
--name my-eks-anywhere-cluster \
--connector-config 'roleArn=arn:aws:iam::111122223333:role/AmazonEKSConnectorAgentRole,provider=EKS_ANYWHERE'
```
输出:
```
{
"cluster": {
"name": "my-eks-anywhere-cluster",
"arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-eks-anywhere-cluster",
"createdAt": "2024-04-12T12:38:37.561000-04:00",
"status": "PENDING",
"tags": {},
"connectorConfig": {
"activationId": "xxxxxxxxACTIVATION_IDxxxxxxxx",
"activationCode": "xxxxxxxxACTIVATION_CODExxxxxxxx",
"activationExpiry": "2024-04-15T12:38:37.082000-04:00",
"provider": "EKS_ANYWHERE",
"roleArn": "arn:aws:iam::111122223333:role/AmazonEKSConnectorAgentRole"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[连接外部集群](https://docs.aws.amazon.com/eks/latest/userguide/connecting-cluster.html)。
**示例 2:将任何外部 Kubernetes 集群注册到 Amazon EKS**
以下 `register-cluster` 示例将外部 EKS\$1ANYWHERE Kubernetes 集群注册到 Amazon EKS。
```
aws eks register-cluster \
--name my-eks-anywhere-cluster \
--connector-config 'roleArn=arn:aws:iam::111122223333:role/AmazonEKSConnectorAgentRole,provider=OTHER'
```
输出:
```
{
"cluster": {
"name": "my-onprem-k8s-cluster",
"arn": "arn:aws:eks:us-east-2:111122223333:cluster/my-onprem-k8s-cluster",
"createdAt": "2024-04-12T12:42:10.861000-04:00",
"status": "PENDING",
"tags": {},
"connectorConfig": {
"activationId": "xxxxxxxxACTIVATION_IDxxxxxxxx",
"activationCode": "xxxxxxxxACTIVATION_CODExxxxxxxx",
"activationExpiry": "2024-04-15T12:42:10.339000-04:00",
"provider": "OTHER",
"roleArn": "arn:aws:iam::111122223333:role/AmazonEKSConnectorAgentRole"
}
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[连接外部集群](https://docs.aws.amazon.com/eks/latest/userguide/connecting-cluster.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [RegisterCluster](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/register-cluster.html)。
### `tag-resource`
以下代码示例演示了如何使用 `tag-resource`。
**AWS CLI**
**示例 1:将指定的标签添加到 Amazon EKS 集群**
以下 `tag-resource` 示例将指定的标签添加到 Amazon EKS 集群。
```
aws eks tag-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster \
--tag 'my-eks-cluster-test-1=test-value-1,my-eks-cluster-dev-1=dev-value-2'
```
此命令不生成任何输出。
**示例 2:将指定的标签添加到 Amazon EKS 节点组**
以下 `tag-resource` 示例将指定的标签添加到 Amazon EKS 节点组。
```
aws eks tag-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-managed-node-group/60c71ed2-2cfb-020f-a5f4-ad32477f198c \
--tag 'my-eks-nodegroup-test-1=test-value-1,my-eks-nodegroup-dev-1=dev-value-2'
```
此命令不生成任何输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/tag-resource.html)。
### `untag-resource`
以下代码示例演示了如何使用 `untag-resource`。
**AWS CLI**
**示例 1:从 Amazon EKS 集群中删除指定的标签**
以下 `untag-resource` 示例从 Amazon EKS 集群中删除指定的标签。
```
aws eks untag-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster \
--tag-keys "my-eks-cluster-test-1" "my-eks-cluster-dev-1"
```
此命令不生成任何输出。
**示例 2:从 Amazon EKS 节点组中删除指定的标签**
以下 `untag-resource` 示例从 Amazon EKS 节点组中删除指定的标签。
```
aws eks untag-resource \
--resource-arn arn:aws:eks:us-east-2:111122223333:nodegroup/my-eks-cluster/my-eks-managed-node-group/60c71ed2-2cfb-020f-a5f4-ad32477f198c \
--tag-keys "my-eks-nodegroup-test-1" "my-eks-nodegroup-dev-1"
```
此命令不生成任何输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/untag-resource.html)。
### `update-access-entry`
以下代码示例演示了如何使用 `update-access-entry`。
**AWS CLI**
**更新 EKS 集群的访问条目**
以下 `update-access-entry` 通过添加 Kubernetes 组 `tester` 来更新 EKS 集群的访问条目。
```
aws eks update-access-entry \
--cluster-name eks-customer \
--principal-arn arn:aws:iam::111122223333:role/Admin \
--kubernetes-groups tester
```
输出:
```
{
"accessEntry": {
"clusterName": "eks-customer",
"principalArn": "arn:aws:iam::111122223333:role/Admin",
"kubernetesGroups": [
"tester"
],
"accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/role/111122223333/Admin/d2cb8183-d6ec-b82a-d967-eca21902a4b4",
"createdAt": "2025-05-24T11:02:04.432000-05:00",
"modifiedAt": "2025-05-24T17:08:01.608000-05:00",
"tags": {},
"username": "arn:aws:sts::111122223333:assumed-role/Admin/{{SessionName}}",
"type": "STANDARD"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新访问条目](https://docs.aws.amazon.com/eks/latest/userguide/updating-access-entries.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateAccessEntry](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-access-entry.html)。
### `update-addon`
以下代码示例演示了如何使用 `update-addon`。
**AWS CLI**
**示例 1:使用服务账户角色 ARN 更新 Amazon EKS 附加组件**
以下 `update-addon` 示例命令使用服务账户角色 ARN 更新 Amazon EKS 附加组件。
```
aws eks update-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni \
--service-account-role-arn arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm
```
输出:
```
{
"update": {
"id": "c00d2de2-c2e4-3d30-929e-46b8edec2ce4",
"status": "InProgress",
"type": "AddonUpdate",
"params": [
{
"type": "ServiceAccountRoleArn",
"value": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm"
}
],
"updatedAt": "2024-04-12T16:04:55.614000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 更新附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#updating-an-add-on)。
**示例 2:使用特定的附加组件版本更新 Amazon EKS 附加组件**
以下 `update-addon` 示例命令使用特定的附加组件版本更新 Amazon EKS 附加组件。
```
aws eks update-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni \
--service-account-role-arn arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm \
--addon-version v1.16.4-eksbuild.2
```
输出:
```
{
"update": {
"id": "f58dc0b0-2b18-34bd-bc6a-e4abc0011f36",
"status": "InProgress",
"type": "AddonUpdate",
"params": [
{
"type": "AddonVersion",
"value": "v1.16.4-eksbuild.2"
},
{
"type": "ServiceAccountRoleArn",
"value": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm"
}
],
"createdAt": "2024-04-12T16:07:16.550000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 更新附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#updating-an-add-on)。
**示例 3:使用自定义配置值更新 Amazon EKS 附加组件并解决冲突详细信息**
以下 `update-addon` 示例命令使用自定义配置值更新 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks update-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni \
--service-account-role-arn arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm \
--addon-version v1.16.4-eksbuild.2 \
--configuration-values '{"resources": {"limits":{"cpu":"100m"}, "requests":{"cpu":"50m"}}}' \
--resolve-conflicts PRESERVE
```
输出:
```
{
"update": {
"id": "cd9f2173-a8d8-3004-a90f-032f14326520",
"status": "InProgress",
"type": "AddonUpdate",
"params": [
{
"type": "AddonVersion",
"value": "v1.16.4-eksbuild.2"
},
{
"type": "ServiceAccountRoleArn",
"value": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm"
},
{
"type": "ResolveConflicts",
"value": "PRESERVE"
},
{
"type": "ConfigurationValues",
"value": "{\"resources\": {\"limits\":{\"cpu\":\"100m\"}, \"requests\":{\"cpu\":\"50m\"}}}"
}
],
"createdAt": "2024-04-12T16:16:27.363000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 更新附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#updating-an-add-on)。
**示例 4:使用自定义 JSON 配置值文件更新 Amazon EKS 附加组件**
以下 `update-addon` 示例命令使用自定义 JSON 配置值更新 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks update-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni \
--service-account-role-arn arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm \
--addon-version v1.17.1-eksbuild.1 \
--configuration-values 'file://configuration-values.json' \
--resolve-conflicts PRESERVE
```
的内容`configuration-values.json`:
```
{
"resources": {
"limits": {
"cpu": "100m"
},
"requests": {
"cpu": "50m"
}
},
"env": {
"AWS_VPC_K8S_CNI_LOGLEVEL": "ERROR"
}
}
```
输出:
```
{
"update": {
"id": "6881a437-174f-346b-9a63-6e91763507cc",
"status": "InProgress",
"type": "AddonUpdate",
"params": [
{
"type": "AddonVersion",
"value": "v1.17.1-eksbuild.1"
},
{
"type": "ServiceAccountRoleArn",
"value": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm"
},
{
"type": "ResolveConflicts",
"value": "PRESERVE"
},
{
"type": "ConfigurationValues",
"value": "{\n \"resources\": {\n \"limits\": {\n \"cpu\": \"100m\"\n },\n \"requests\": {\n \"cpu\": \"50m\"\n }\n },\n \"env\": {\n \"AWS_VPC_K8S_CNI_LOGLEVEL\": \"ERROR\"\n }\n}"
}
],
"createdAt": "2024-04-12T16:22:55.519000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 更新附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#updating-an-add-on)。
**示例 5:使用自定义 YAML 配置值文件更新 Amazon EKS 附加组件**
以下 `update-addon` 示例命令使用自定义 YAML 配置值更新 Amazon EKS 附加组件并解决冲突详细信息。
```
aws eks update-addon \
--cluster-name my-eks-cluster \
--addon-name vpc-cni \
--service-account-role-arn arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm \
--addon-version v1.18.0-eksbuild.1 \
--configuration-values 'file://configuration-values.yaml' \
--resolve-conflicts PRESERVE
```
的内容`configuration-values.yaml`:
```
resources:
limits:
cpu: '100m'
requests:
cpu: '50m'
env:
AWS_VPC_K8S_CNI_LOGLEVEL: 'DEBUG'
```
输出:
```
{
"update": {
"id": "a067a4c9-69d0-3769-ace9-d235c5b16701",
"status": "InProgress",
"type": "AddonUpdate",
"params": [
{
"type": "AddonVersion",
"value": "v1.18.0-eksbuild.1"
},
{
"type": "ServiceAccountRoleArn",
"value": "arn:aws:iam::111122223333:role/eksctl-my-eks-cluster-addon-vpc-cni-Role1-YfakrqOC1UTm"
},
{
"type": "ResolveConflicts",
"value": "PRESERVE"
},
{
"type": "ConfigurationValues",
"value": "resources:\n limits:\n cpu: '100m'\n requests:\n cpu: '50m'\nenv:\n AWS_VPC_K8S_CNI_LOGLEVEL: 'DEBUG'"
}
],
"createdAt": "2024-04-12T16:25:07.212000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[管理 Amazon EKS 附加组件 – 更新附加组件](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#updating-an-add-on)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateAddon](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-addon.html)。
### `update-cluster-config`
以下代码示例演示了如何使用 `update-cluster-config`。
**AWS CLI**
**更新集群端点访问权限**
此示例命令更新集群以禁用端点公有访问权限并启用私有端点访问权限。
命令:
```
aws eks update-cluster-config --name example \
--resources-vpc-config endpointPublicAccess=false,endpointPrivateAccess=true
```
输出:
```
{
"update": {
"id": "ec883c93-2e9e-407c-a22f-8f6fa6e67d4f",
"status": "InProgress",
"type": "EndpointAccessUpdate",
"params": [
{
"type": "EndpointPublicAccess",
"value": "false"
},
{
"type": "EndpointPrivateAccess",
"value": "true"
}
],
"createdAt": 1565806986.506,
"errors": []
}
}
```
**为集群启用日志记录**
此示例命令为名为 `example` 的集群启用所有集群控制面板日志记录类型。
命令:
```
aws eks update-cluster-config --name example \
--logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'
```
输出:
```
{
"update": {
"id": "7551c64b-1d27-4b1e-9f8e-c45f056eb6fd",
"status": "InProgress",
"type": "LoggingUpdate",
"params": [
{
"type": "ClusterLogging",
"value": "{\"clusterLogging\":[{\"types\":[\"api\",\"audit\",\"authenticator\",\"controllerManager\",\"scheduler\"],\"enabled\":true}]}"
}
],
"createdAt": 1565807210.37,
"errors": []
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateClusterConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html)。
### `update-cluster-version`
以下代码示例演示了如何使用 `update-cluster-version`。
**AWS CLI**
**将名为“my-eks-cluster”的 Amazon EKS 集群更新为指定的 Kubernetes 版本**
以下 `update-cluster-version` 示例将 Amazon EKS 集群更新为指定的 Kubernetes 版本。
```
aws eks update-cluster-version \
--name my-eks-cluster \
--kubernetes-version 1.27
```
输出:
```
{
"update": {
"id": "e4091a28-ea14-48fd-a8c7-975aeb469e8a",
"status": "InProgress",
"type": "VersionUpdate",
"params": [
{
"type": "Version",
"value": "1.27"
},
{
"type": "PlatformVersion",
"value": "eks.16"
}
],
"createdAt": "2024-04-12T16:56:01.082000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新 Amazon EKS 集群 Kubernetes 版本](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateClusterVersion](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-version.html)。
### `update-kubeconfig`
以下代码示例演示了如何使用 `update-kubeconfig`。
**AWS CLI**
**示例 1:通过创建或更新 kubeconfig 来配置 kubectl,以便您可以连接到名为“my-eks-cluster”的 Amazon EKS 集群**
以下 `update-kubeconfig` 示例通过创建或更新 kubeconfig 来配置 kubectl,以便您可以连接到名为 my-eks-cluster 的 Amazon EKS 集群。
```
aws eks update-kubeconfig \
--name my-eks-cluster
```
输出:
```
Updated context arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster in /Users/xxx/.kube/config
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[为 Amazon EKS 集群创建或更新 kubeconfig 文件](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)。
**示例 2:通过创建或更新 kubeconfig(使用可代入集群身份验证角色的 role-arn 选项)来配置 kubectl,以便您可以连接到名为“my-eks-cluster”的 Amazon EKS 集群**
以下 `update-kubeconfig` 示例通过创建或更新 kubeconfig(使用可代入集群身份验证角色的 role-arn 选项)来配置 kubectl,以便您可以连接到名为 my-eks-cluster 的 Amazon EKS 集群。
```
aws eks update-kubeconfig \
--name my-eks-cluster \
--role-arn arn:aws:iam::111122223333:role/eksctl-EKS-Linux-Cluster-v1-24-cluster-ServiceRole-j1k7AfTIQtnM
```
输出:
```
Updated context arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster in /Users/xxx/.kube/config
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[为 Amazon EKS 集群创建或更新 kubeconfig 文件](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)。
**示例 3:通过创建或更新 kubeconfig(使用可代入集群身份验证角色的 role-arn 选项以及自定义集群别名和用户别名)来配置 kubectl,以便您可以连接到名为“my-eks-cluster”的 Amazon EKS 集群**
以下 `update-kubeconfig` 示例通过创建或更新 kubeconfig(使用可代入集群身份验证角色的 role-arn 选项以及自定义集群别名和用户别名)来配置 kubectl,以便您可以连接到名为 my-eks-cluster 的 Amazon EKS 集群。
```
aws eks update-kubeconfig \
--name my-eks-cluster \
--role-arn arn:aws:iam::111122223333:role/eksctl-EKS-Linux-Cluster-v1-24-cluster-ServiceRole-j1k7AfTIQtnM \
--alias stage-eks-cluster \
--user-alias john
```
输出:
```
Updated context stage-eks-cluster in /Users/dubaria/.kube/config
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[为 Amazon EKS 集群创建或更新 kubeconfig 文件](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)。
**示例 4:打印 kubeconfig 文件条目以供查看并配置您的 kubectl,以便您可以连接到名为“my-eks-cluster”的 Amazon EKS 集群**
以下 `update-kubeconfig` 示例通过创建或更新 kubeconfig(使用可代入集群身份验证角色的 role-arn 选项以及自定义集群别名和用户别名)来配置 kubectl,以便您可以连接到名为 my-eks-cluster 的 Amazon EKS 集群。
```
aws eks update-kubeconfig \
--name my-eks-cluster \
--role-arn arn:aws:iam::111122223333:role/eksctl-EKS-Linux-Cluster-v1-24-cluster-ServiceRole-j1k7AfTIQtnM \
--alias stage-eks-cluster \
--user-alias john \
--verbose
```
输出:
```
Updated context stage-eks-cluster in /Users/dubaria/.kube/config
Entries:
context:
cluster: arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster
user: john
name: stage-eks-cluster
name: john
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- --region
- us-east-2
- eks
- get-token
- --cluster-name
- my-eks-cluster
- --output
- json
- --role
- arn:aws:iam::111122223333:role/eksctl-EKS-Linux-Cluster-v1-24-cluster-ServiceRole-j1k7AfTIQtnM
command: aws
cluster:
certificate-authority-data: xxx_CA_DATA_xxx
server: https://DALSJ343KE23J3RN45653DSKJTT647TYD.yl4.us-east-2.eks.amazonaws.com
name: arn:aws:eks:us-east-2:111122223333:cluster/my-eks-cluster
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[为 Amazon EKS 集群创建或更新 kubeconfig 文件](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateKubeconfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-kubeconfig.html)。
### `update-nodegroup-config`
以下代码示例演示了如何使用 `update-nodegroup-config`。
**AWS CLI**
**示例 1:更新托管节点组以向 Amazon EKS 集群的 EKS Worker 节点添加新标签和污点**
以下 `update-nodegroup-config` 示例更新托管节点组以向 Amazon EKS 集群的 EKS Worker 节点添加新标签和污点。
```
aws eks update-nodegroup-config \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--labels 'addOrUpdateLabels={my-eks-nodegroup-label-1=value-1,my-eks-nodegroup-label-2=value-2}' \
--taints 'addOrUpdateTaints=[{key=taint-key-1,value=taint-value-1,effect=NO_EXECUTE}]'
```
输出:
```
{
"update": {
"id": "e66d21d3-bd8b-3ad1-a5aa-b196dc08c7c1",
"status": "InProgress",
"type": "ConfigUpdate",
"params": [
{
"type": "LabelsToAdd",
"value": "{\"my-eks-nodegroup-label-2\":\"value-2\",\"my-eks-nodegroup-label-1\":\"value-1\"}"
},
{
"type": "TaintsToAdd",
"value": "[{\"effect\":\"NO_EXECUTE\",\"value\":\"taint-value-1\",\"key\":\"taint-key-1\"}]"
}
],
"createdAt": "2024-04-08T12:05:19.161000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html)。
**示例 2:更新托管节点组以删除 Amazon EKS 集群的 EKS Worker 节点的标签和污点**
以下 `update-nodegroup-config` 示例更新托管节点组以删除 Amazon EKS 集群的 EKS Worker 节点的标签和污点。
```
aws eks update-nodegroup-config \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--labels 'removeLabels=my-eks-nodegroup-label-1, my-eks-nodegroup-label-2' \
--taints 'removeTaints=[{key=taint-key-1,value=taint-value-1,effect=NO_EXECUTE}]'
```
输出:
```
{
"update": {
"id": "67a08692-9e59-3ace-a916-13929f44cec3",
"status": "InProgress",
"type": "ConfigUpdate",
"params": [
{
"type": "LabelsToRemove",
"value": "[\"my-eks-nodegroup-label-1\",\"my-eks-nodegroup-label-2\"]"
},
{
"type": "TaintsToRemove",
"value": "[{\"effect\":\"NO_EXECUTE\",\"value\":\"taint-value-1\",\"key\":\"taint-key-1\"}]"
}
],
"createdAt": "2024-04-08T12:17:31.817000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html)。
**示例 3:更新托管节点组以删除和添加 Amazon EKS 集群的 EKS Worker 节点的标签和污点**
以下 `update-nodegroup-config` 示例更新托管节点组以删除和添加 Amazon EKS 集群的 EKS Worker 节点的标签和污点。
```
aws eks update-nodegroup-config \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--labels 'addOrUpdateLabels={my-eks-nodegroup-new-label-1=new-value-1,my-eks-nodegroup-new-label-2=new-value-2},removeLabels=my-eks-nodegroup-label-1, my-eks-nodegroup-label-2' \
--taints 'addOrUpdateTaints=[{key=taint-new-key-1,value=taint-new-value-1,effect=PREFER_NO_SCHEDULE}],removeTaints=[{key=taint-key-1,value=taint-value-1,effect=NO_EXECUTE}]'
```
输出:
```
{
"update": {
"id": "4a9c8c45-6ac7-3115-be71-d6412a2339b7",
"status": "InProgress",
"type": "ConfigUpdate",
"params": [
{
"type": "LabelsToAdd",
"value": "{\"my-eks-nodegroup-new-label-1\":\"new-value-1\",\"my-eks-nodegroup-new-label-2\":\"new-value-2\"}"
},
{
"type": "LabelsToRemove",
"value": "[\"my-eks-nodegroup-label-1\",\"my-eks-nodegroup-label-2\"]"
},
{
"type": "TaintsToAdd",
"value": "[{\"effect\":\"PREFER_NO_SCHEDULE\",\"value\":\"taint-new-value-1\",\"key\":\"taint-new-key-1\"}]"
},
{
"type": "TaintsToRemove",
"value": "[{\"effect\":\"NO_EXECUTE\",\"value\":\"taint-value-1\",\"key\":\"taint-key-1\"}]"
}
],
"createdAt": "2024-04-08T12:30:55.486000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html)。
**示例 4:更新托管节点组以更新 Amazon EKS 集群的 EKS Worker 节点的扩展配置和更新配置**
以下 `update-nodegroup-config` 示例更新托管节点组以更新 Amazon EKS 集群的 EKS Worker 节点的扩展配置和更新配置。
```
aws eks update-nodegroup-config \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--scaling-config minSize=1,maxSize=5,desiredSize=2 \
--update-config maxUnavailable=2
```
输出:
```
{
"update": {
"id": "a977160f-59bf-3023-805d-c9826e460aea",
"status": "InProgress",
"type": "ConfigUpdate",
"params": [
{
"type": "MinSize",
"value": "1"
},
{
"type": "MaxSize",
"value": "5"
},
{
"type": "DesiredSize",
"value": "2"
},
{
"type": "MaxUnavailable",
"value": "2"
}
],
"createdAt": "2024-04-08T12:35:17.036000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateNodegroupConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-nodegroup-config.html)。
### `update-nodegroup-version`
以下代码示例演示了如何使用 `update-nodegroup-version`。
**AWS CLI**
**示例 1:更新 Amazon EKS 托管节点组的 Kubernetes 版本或 AMI 版本**
以下 `update-nodegroup-version` 示例将 Amazon EKS 托管节点组的 Kubernetes 版本或 AMI 版本更新为 Kubernetes 集群的最新可用版本。
```
aws eks update-nodegroup-version \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--no-force
```
输出:
```
{
"update": {
"id": "a94ebfc3-6bf8-307a-89e6-7dbaa36421f7",
"status": "InProgress",
"type": "VersionUpdate",
"params": [
{
"type": "Version",
"value": "1.26"
},
{
"type": "ReleaseVersion",
"value": "1.26.12-20240329"
}
],
"createdAt": "2024-04-08T13:16:00.724000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[更新托管节点组](https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html)。
**示例 2:更新 Amazon EKS 托管节点组的 Kubernetes 版本或 AMI 版本**
以下 `update-nodegroup-version` 示例将 Amazon EKS 托管节点组的 Kubernetes 版本或 AMI 版本更新为指定的 AMI 发行版本。
```
aws eks update-nodegroup-version \
--cluster-name my-eks-cluster \
--nodegroup-name my-eks-nodegroup \
--kubernetes-version '1.26' \
--release-version '1.26.12-20240307' \
--no-force
```
输出:
```
{
"update": {
"id": "4db06fe1-088d-336b-bdcd-3fdb94995fb7",
"status": "InProgress",
"type": "VersionUpdate",
"params": [
{
"type": "Version",
"value": "1.26"
},
{
"type": "ReleaseVersion",
"value": "1.26.12-20240307"
}
],
"createdAt": "2024-04-08T13:13:58.595000-04:00",
"errors": []
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的“更新托管节点组”– 。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateNodegroupVersion](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-nodegroup-version.html)。
### `update-pod-identity-association`
以下代码示例演示了如何使用 `update-pod-identity-association`。
**AWS CLI**
**更新 EKS 容器组身份关联**
以下 `update-pod-identity-association` 示例通过针对关联 ID `a-9njjin9gfghecgocd` 将关联的 IAM 角色从 `arn:aws:iam::111122223333:role/my-role` 更改为 `arn:aws:iam::111122223333:role/s3-role`,来更新 EKS 容器组身份关联。此 API 仅支持更新关联的 IAM 角色。
```
aws eks update-pod-identity-association \
--cluster-name eks-customer \
--association-id a-9njjin9gfghecgocd \
--role-arn arn:aws:iam::111122223333:role/s3-role
```
输出:
```
{
"association": {
"clusterName": "eks-customer",
"namespace": "default",
"serviceAccount": "default",
"roleArn": "arn:aws:iam::111122223333:role/s3-role",
"associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
"associationId": "a-9njjin9gfghecgocd",
"tags": {
"Key2": "value2",
"Key1": "value1"
},
"createdAt": "2025-05-24T19:52:14.135000-05:00",
"modifiedAt": "2025-05-25T21:01:53.120000-05:00"
}
}
```
有关更多信息,请参阅《Amazon EKS 用户指南》**中的[了解 EKS 容器组身份如何向容器组(pod)授予对 AWS 服务的访问权限](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdatePodIdentityAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-pod-identity-association.html)。