kubectl cannot authenticate with AWS EKSkubectl: The connection to the server XXX.XXX.XXXXXX was refusedHow do I get Kubernetes to work without the “connection over port 8080” error?Kubernetes cni config uninitializedHorizontalPodAutoscaling on Amazon EKSCurrent status of HorizontalPodAutoscaling on Amazon EKSAWS EKS CNI Creating Duplicate Network Interfaces Causing OutagesAWS EKS update-kubeconfig does not respect --role-arn flagUnable to list services in AWS EKSHTTP/2 for ALB with EKS on AWSEKS suddenly failing with disk pressure

Are there any vegetarian astronauts?

Is there any set of 2-6 notes that doesn't have a chord name?

Could Sauron have read Tom Bombadil's mind if Tom had held the Palantir?

Does Hubble need to dump momentum of its reaction wheels?

Going to get married soon, should I do it on Dec 31 or Jan 1?

Do equal angles necessarily mean a polygon is regular?

Is it possible to buy a train ticket CDG airport to Paris truly online?

Do French speakers not use the subjunctive informally?

Does image quality of the lens affect "focus and recompose" technique?

Is there a short way to compare many values mutually at same time without using multiple 'and's?

Why does the A-4 Skyhawk sit nose-up when on ground?

How to positively portray high and mighty characters?

Should my manager be aware of private LinkedIn approaches I receive? How to politely have this happen?

What does "THREE ALPHA in Virginia" mean?

What determines the "strength of impact" of a falling object on the ground, momentum or energy?

Bash echo $-1 prints hb1. Why?

Finding closed forms for various addition laws on elliptic curves, FullSimplify fails even with assumptions?

What are the penalties for overstaying in USA?

Analog is Obtuse!

How many satellites can stay in a Lagrange point?

Why is the Turkish president's surname spelt in Russian as Эрдоган, with г?

Is my Rep in Stack-Exchange Form?

What would Earth look like at night in medieval times?

Can a US president have someone sent to prison?



kubectl cannot authenticate with AWS EKS


kubectl: The connection to the server XXX.XXX.XXXXXX was refusedHow do I get Kubernetes to work without the “connection over port 8080” error?Kubernetes cni config uninitializedHorizontalPodAutoscaling on Amazon EKSCurrent status of HorizontalPodAutoscaling on Amazon EKSAWS EKS CNI Creating Duplicate Network Interfaces Causing OutagesAWS EKS update-kubeconfig does not respect --role-arn flagUnable to list services in AWS EKSHTTP/2 for ALB with EKS on AWSEKS suddenly failing with disk pressure






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I cannot get kubectl to authenticate with the EKS Kubernetes instance my coworker created. I've followed the documentation: the AWS CLI can run aws eks commands (I'm an AWS Full Administrator), and the heptio authenticatior is in my path and can generate tokens.



When I run kubectl I get this error:



$ kubectl version
Client Version: version.InfoMajor:"1", Minor:"10", GitVersion:"v1.10.4",
GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean",
BuildDate:"2018-06-06T15:22:13Z", GoVersion:"go1.9.6", Compiler:"gc",
Platform:"darwin/amd64"
error: You must be logged in to the server (the server has asked for the client
to provide credentials)


Here's my ~/.kube/config file. It's the exact kubeconfig my coworker can successfully use.



apiVersion: v1
clusters:
- cluster:
server: https://myinstance.sk1.us-east-1.eks.amazonaws.com
certificate-authority-data: base64_cert name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws
current-context: aws
kind: Config
preferences:
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: heptio-authenticator-aws
args:
- "token"
- "-i"
- "dev-qa"
# - "-r"
# - "<role-arn>"









share|improve this question






























    2















    I cannot get kubectl to authenticate with the EKS Kubernetes instance my coworker created. I've followed the documentation: the AWS CLI can run aws eks commands (I'm an AWS Full Administrator), and the heptio authenticatior is in my path and can generate tokens.



    When I run kubectl I get this error:



    $ kubectl version
    Client Version: version.InfoMajor:"1", Minor:"10", GitVersion:"v1.10.4",
    GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean",
    BuildDate:"2018-06-06T15:22:13Z", GoVersion:"go1.9.6", Compiler:"gc",
    Platform:"darwin/amd64"
    error: You must be logged in to the server (the server has asked for the client
    to provide credentials)


    Here's my ~/.kube/config file. It's the exact kubeconfig my coworker can successfully use.



    apiVersion: v1
    clusters:
    - cluster:
    server: https://myinstance.sk1.us-east-1.eks.amazonaws.com
    certificate-authority-data: base64_cert name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws
    current-context: aws
    kind: Config
    preferences:
    users:
    - name: aws
    user:
    exec:
    apiVersion: client.authentication.k8s.io/v1alpha1
    command: heptio-authenticator-aws
    args:
    - "token"
    - "-i"
    - "dev-qa"
    # - "-r"
    # - "<role-arn>"









    share|improve this question


























      2












      2








      2


      2






      I cannot get kubectl to authenticate with the EKS Kubernetes instance my coworker created. I've followed the documentation: the AWS CLI can run aws eks commands (I'm an AWS Full Administrator), and the heptio authenticatior is in my path and can generate tokens.



      When I run kubectl I get this error:



      $ kubectl version
      Client Version: version.InfoMajor:"1", Minor:"10", GitVersion:"v1.10.4",
      GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean",
      BuildDate:"2018-06-06T15:22:13Z", GoVersion:"go1.9.6", Compiler:"gc",
      Platform:"darwin/amd64"
      error: You must be logged in to the server (the server has asked for the client
      to provide credentials)


      Here's my ~/.kube/config file. It's the exact kubeconfig my coworker can successfully use.



      apiVersion: v1
      clusters:
      - cluster:
      server: https://myinstance.sk1.us-east-1.eks.amazonaws.com
      certificate-authority-data: base64_cert name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws
      current-context: aws
      kind: Config
      preferences:
      users:
      - name: aws
      user:
      exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
      - "token"
      - "-i"
      - "dev-qa"
      # - "-r"
      # - "<role-arn>"









      share|improve this question
















      I cannot get kubectl to authenticate with the EKS Kubernetes instance my coworker created. I've followed the documentation: the AWS CLI can run aws eks commands (I'm an AWS Full Administrator), and the heptio authenticatior is in my path and can generate tokens.



      When I run kubectl I get this error:



      $ kubectl version
      Client Version: version.InfoMajor:"1", Minor:"10", GitVersion:"v1.10.4",
      GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean",
      BuildDate:"2018-06-06T15:22:13Z", GoVersion:"go1.9.6", Compiler:"gc",
      Platform:"darwin/amd64"
      error: You must be logged in to the server (the server has asked for the client
      to provide credentials)


      Here's my ~/.kube/config file. It's the exact kubeconfig my coworker can successfully use.



      apiVersion: v1
      clusters:
      - cluster:
      server: https://myinstance.sk1.us-east-1.eks.amazonaws.com
      certificate-authority-data: base64_cert name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws
      current-context: aws
      kind: Config
      preferences:
      users:
      - name: aws
      user:
      exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
      - "token"
      - "-i"
      - "dev-qa"
      # - "-r"
      # - "<role-arn>"






      amazon-web-services kubernetes






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 11 '18 at 0:02







      spiffytech

















      asked Jun 10 '18 at 23:47









      spiffytechspiffytech

      5011 gold badge6 silver badges12 bronze badges




      5011 gold badge6 silver badges12 bronze badges




















          5 Answers
          5






          active

          oldest

          votes


















          4














          I needed to add my IAM user to the mapUsers section of the ConfigMap configmap/aws-auth, per these AWS docs.



          You can edit the configmap using the same AWS user that initially created the cluster.



          $ kubectl edit -n kube-system configmap/aws-auth

          apiVersion: v1
          data:
          mapRoles: |
          - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
          username: system:node:EC2PrivateDNSName
          groups:
          - system:bootstrappers
          - system:nodes
          mapUsers: |
          - userarn: arn:aws:iam::555555555555:user/admin
          username: admin
          groups:
          - system:masters
          - userarn: arn:aws:iam::111122223333:user/ops-user
          username: ops-user
          groups:
          - system:masters
          mapAccounts: |
          - "111122223333"





          share|improve this answer




















          • 1





            This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

            – user183744
            Jun 21 '18 at 20:08











          • I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

            – Marcello Romani
            Aug 4 '18 at 12:27











          • I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

            – einarc
            Mar 8 at 20:57



















          0














          Unfortunately, AWS doesn't yet have a command like GKE's "gcloud container clusters get-credentials", which creates kubectl config for you. So, you need to create kubectl config file manually.



          As mentioned in creating a kubeconfig for Amazon EKS document, you should get two things from the cluster:




          1. Retrieve the endpoint for your cluster. Use this for the <endpoint-url> in your kubeconfig file.



            aws eks describe-cluster --cluster-name <cluster-name> --query cluster.endpoint



          2. Retrieve the certificateAuthority.data for your cluster. Use this for the <base64-encoded-ca-cert> in your kubeconfig file.



            aws eks describe-cluster --cluster-name <cluster-name> --query cluster.certificateAuthority.data


          Create the default kubectl folder if it does not already exist.



          mkdir -p ~/.kube


          Open your favorite text editor and paste the following kubeconfig code block into it.



          apiVersion: v1
          clusters:
          - cluster:
          server: <endpoint-url>
          certificate-authority-data: <base64-encoded-ca-cert>
          name: kubernetes
          contexts:
          - context:
          cluster: kubernetes
          user: aws
          name: aws
          current-context: aws
          kind: Config
          preferences:
          users:
          - name: aws
          user:
          exec:
          apiVersion: client.authentication.k8s.io/v1alpha1
          command: heptio-authenticator-aws
          args:
          - "token"
          - "-i"
          - "<cluster-name>"
          # - "-r"
          # - "<role-arn>"
          # env:
          # - name: AWS_PROFILE
          # value: "<aws-profile>"


          Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
          Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
          Replace the <cluster-name> with your cluster name.



          Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save the file to ~/.kube/config-devel.



          Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.



          export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel


          (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.



          For Bash shells on macOS:



          echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile


          For Bash shells on Linux:



          echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc


          Test your configuration.



          kubectl get svc


          Output:



          NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
          svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m


          Note

          If you receive the error "heptio-authenticator-aws": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.






          share|improve this answer























          • I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

            – spiffytech
            Jun 11 '18 at 13:10











          • There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

            – VAS
            Jun 11 '18 at 15:53


















          0














          Pass in your AWS configuration variables in line with your command (or set them as global variables).



          Example:



          AWS_PROFILE=profile_name kubectl get all





          share|improve this answer






























            0














            I resolved this issue by fixing the base64 encoded certificate in the kubeconfig file I created. The documentation is a little confusing because it says to use the --cluster-name switch with the aws cli for the EKS service and for me the --name switch worked. This printed the base64 value to the cli and I copy pasta it into the kubeconfig file saved and it worked.



            $ AWS_ACCESS_KEY_ID=[YOUR_ID_HERE] AWS_SECRET_ACCESS_KEY=[YOUR_SECRET_HERE] aws eks describe-cluster --name staging --query cluster.certificateAuthority.data





            share|improve this answer






























              0














              Things have gotten a bit simpler over time. To get started on Linux (or indeed WSL) you will need to:




              1. Install the AWS CLI and configure valid AWS CLI credentials (aws configure or e.g. use AWS SSO to generate time-limited credentials on the fly)

              2. Install eksctl and kubectl

              3. Install aws-iam-authenticator

              At this point, assuming you already have a running Kubernetes Cluster in your AWS account you can generate/update the kube configuration in $HOME/.kube/config with this one command:



              aws eks update-kubeconfig --name test



              Where test is your cluster name according to the AWS Console (or aws eks list-clusters).



              You can now run for instance kubectl get svc without getting an error.






              share|improve this answer

























                Your Answer








                StackExchange.ready(function()
                var channelOptions =
                tags: "".split(" "),
                id: "2"
                ;
                initTagRenderer("".split(" "), "".split(" "), channelOptions);

                StackExchange.using("externalEditor", function()
                // Have to fire editor after snippets, if snippets enabled
                if (StackExchange.settings.snippets.snippetsEnabled)
                StackExchange.using("snippets", function()
                createEditor();
                );

                else
                createEditor();

                );

                function createEditor()
                StackExchange.prepareEditor(
                heartbeatType: 'answer',
                autoActivateHeartbeat: false,
                convertImagesToLinks: true,
                noModals: true,
                showLowRepImageUploadWarning: true,
                reputationToPostImages: 10,
                bindNavPrevention: true,
                postfix: "",
                imageUploader:
                brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                allowUrls: true
                ,
                onDemand: true,
                discardSelector: ".discard-answer"
                ,immediatelyShowMarkdownHelp:true
                );



                );













                draft saved

                draft discarded


















                StackExchange.ready(
                function ()
                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f916022%2fkubectl-cannot-authenticate-with-aws-eks%23new-answer', 'question_page');

                );

                Post as a guest















                Required, but never shown

























                5 Answers
                5






                active

                oldest

                votes








                5 Answers
                5






                active

                oldest

                votes









                active

                oldest

                votes






                active

                oldest

                votes









                4














                I needed to add my IAM user to the mapUsers section of the ConfigMap configmap/aws-auth, per these AWS docs.



                You can edit the configmap using the same AWS user that initially created the cluster.



                $ kubectl edit -n kube-system configmap/aws-auth

                apiVersion: v1
                data:
                mapRoles: |
                - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
                username: system:node:EC2PrivateDNSName
                groups:
                - system:bootstrappers
                - system:nodes
                mapUsers: |
                - userarn: arn:aws:iam::555555555555:user/admin
                username: admin
                groups:
                - system:masters
                - userarn: arn:aws:iam::111122223333:user/ops-user
                username: ops-user
                groups:
                - system:masters
                mapAccounts: |
                - "111122223333"





                share|improve this answer




















                • 1





                  This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                  – user183744
                  Jun 21 '18 at 20:08











                • I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                  – Marcello Romani
                  Aug 4 '18 at 12:27











                • I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                  – einarc
                  Mar 8 at 20:57
















                4














                I needed to add my IAM user to the mapUsers section of the ConfigMap configmap/aws-auth, per these AWS docs.



                You can edit the configmap using the same AWS user that initially created the cluster.



                $ kubectl edit -n kube-system configmap/aws-auth

                apiVersion: v1
                data:
                mapRoles: |
                - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
                username: system:node:EC2PrivateDNSName
                groups:
                - system:bootstrappers
                - system:nodes
                mapUsers: |
                - userarn: arn:aws:iam::555555555555:user/admin
                username: admin
                groups:
                - system:masters
                - userarn: arn:aws:iam::111122223333:user/ops-user
                username: ops-user
                groups:
                - system:masters
                mapAccounts: |
                - "111122223333"





                share|improve this answer




















                • 1





                  This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                  – user183744
                  Jun 21 '18 at 20:08











                • I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                  – Marcello Romani
                  Aug 4 '18 at 12:27











                • I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                  – einarc
                  Mar 8 at 20:57














                4












                4








                4







                I needed to add my IAM user to the mapUsers section of the ConfigMap configmap/aws-auth, per these AWS docs.



                You can edit the configmap using the same AWS user that initially created the cluster.



                $ kubectl edit -n kube-system configmap/aws-auth

                apiVersion: v1
                data:
                mapRoles: |
                - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
                username: system:node:EC2PrivateDNSName
                groups:
                - system:bootstrappers
                - system:nodes
                mapUsers: |
                - userarn: arn:aws:iam::555555555555:user/admin
                username: admin
                groups:
                - system:masters
                - userarn: arn:aws:iam::111122223333:user/ops-user
                username: ops-user
                groups:
                - system:masters
                mapAccounts: |
                - "111122223333"





                share|improve this answer















                I needed to add my IAM user to the mapUsers section of the ConfigMap configmap/aws-auth, per these AWS docs.



                You can edit the configmap using the same AWS user that initially created the cluster.



                $ kubectl edit -n kube-system configmap/aws-auth

                apiVersion: v1
                data:
                mapRoles: |
                - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
                username: system:node:EC2PrivateDNSName
                groups:
                - system:bootstrappers
                - system:nodes
                mapUsers: |
                - userarn: arn:aws:iam::555555555555:user/admin
                username: admin
                groups:
                - system:masters
                - userarn: arn:aws:iam::111122223333:user/ops-user
                username: ops-user
                groups:
                - system:masters
                mapAccounts: |
                - "111122223333"






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Aug 20 '18 at 19:30

























                answered Jun 18 '18 at 13:19









                spiffytechspiffytech

                5011 gold badge6 silver badges12 bronze badges




                5011 gold badge6 silver badges12 bronze badges







                • 1





                  This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                  – user183744
                  Jun 21 '18 at 20:08











                • I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                  – Marcello Romani
                  Aug 4 '18 at 12:27











                • I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                  – einarc
                  Mar 8 at 20:57













                • 1





                  This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                  – user183744
                  Jun 21 '18 at 20:08











                • I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                  – Marcello Romani
                  Aug 4 '18 at 12:27











                • I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                  – einarc
                  Mar 8 at 20:57








                1




                1





                This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                – user183744
                Jun 21 '18 at 20:08





                This answer worked in my case. If the cluster was created by an IAM user then that user gets automatically mapped into the cluster. HOWEVER ... any other IAM users have to be manually mapped/added.

                – user183744
                Jun 21 '18 at 20:08













                I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                – Marcello Romani
                Aug 4 '18 at 12:27





                I get an error: error: the server doesn't have a resource type "configmap" My understanding is that you have to log in to edit the configmap, resulting in a catch-22 scenario

                – Marcello Romani
                Aug 4 '18 at 12:27













                I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                – einarc
                Mar 8 at 20:57






                I know I'm late to the party but just wanted to clarify that as of 2019 EKS now creates the config file for you: aws eks --region region update-kubeconfig --name cluster_name and you can download the config map from: curl -O amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/… it is all here: docs.aws.amazon.com/eks/latest/userguide/getting-started.html

                – einarc
                Mar 8 at 20:57














                0














                Unfortunately, AWS doesn't yet have a command like GKE's "gcloud container clusters get-credentials", which creates kubectl config for you. So, you need to create kubectl config file manually.



                As mentioned in creating a kubeconfig for Amazon EKS document, you should get two things from the cluster:




                1. Retrieve the endpoint for your cluster. Use this for the <endpoint-url> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.endpoint



                2. Retrieve the certificateAuthority.data for your cluster. Use this for the <base64-encoded-ca-cert> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.certificateAuthority.data


                Create the default kubectl folder if it does not already exist.



                mkdir -p ~/.kube


                Open your favorite text editor and paste the following kubeconfig code block into it.



                apiVersion: v1
                clusters:
                - cluster:
                server: <endpoint-url>
                certificate-authority-data: <base64-encoded-ca-cert>
                name: kubernetes
                contexts:
                - context:
                cluster: kubernetes
                user: aws
                name: aws
                current-context: aws
                kind: Config
                preferences:
                users:
                - name: aws
                user:
                exec:
                apiVersion: client.authentication.k8s.io/v1alpha1
                command: heptio-authenticator-aws
                args:
                - "token"
                - "-i"
                - "<cluster-name>"
                # - "-r"
                # - "<role-arn>"
                # env:
                # - name: AWS_PROFILE
                # value: "<aws-profile>"


                Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
                Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
                Replace the <cluster-name> with your cluster name.



                Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save the file to ~/.kube/config-devel.



                Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.



                export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel


                (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.



                For Bash shells on macOS:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile


                For Bash shells on Linux:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc


                Test your configuration.



                kubectl get svc


                Output:



                NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
                svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m


                Note

                If you receive the error "heptio-authenticator-aws": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.






                share|improve this answer























                • I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                  – spiffytech
                  Jun 11 '18 at 13:10











                • There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                  – VAS
                  Jun 11 '18 at 15:53















                0














                Unfortunately, AWS doesn't yet have a command like GKE's "gcloud container clusters get-credentials", which creates kubectl config for you. So, you need to create kubectl config file manually.



                As mentioned in creating a kubeconfig for Amazon EKS document, you should get two things from the cluster:




                1. Retrieve the endpoint for your cluster. Use this for the <endpoint-url> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.endpoint



                2. Retrieve the certificateAuthority.data for your cluster. Use this for the <base64-encoded-ca-cert> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.certificateAuthority.data


                Create the default kubectl folder if it does not already exist.



                mkdir -p ~/.kube


                Open your favorite text editor and paste the following kubeconfig code block into it.



                apiVersion: v1
                clusters:
                - cluster:
                server: <endpoint-url>
                certificate-authority-data: <base64-encoded-ca-cert>
                name: kubernetes
                contexts:
                - context:
                cluster: kubernetes
                user: aws
                name: aws
                current-context: aws
                kind: Config
                preferences:
                users:
                - name: aws
                user:
                exec:
                apiVersion: client.authentication.k8s.io/v1alpha1
                command: heptio-authenticator-aws
                args:
                - "token"
                - "-i"
                - "<cluster-name>"
                # - "-r"
                # - "<role-arn>"
                # env:
                # - name: AWS_PROFILE
                # value: "<aws-profile>"


                Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
                Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
                Replace the <cluster-name> with your cluster name.



                Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save the file to ~/.kube/config-devel.



                Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.



                export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel


                (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.



                For Bash shells on macOS:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile


                For Bash shells on Linux:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc


                Test your configuration.



                kubectl get svc


                Output:



                NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
                svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m


                Note

                If you receive the error "heptio-authenticator-aws": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.






                share|improve this answer























                • I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                  – spiffytech
                  Jun 11 '18 at 13:10











                • There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                  – VAS
                  Jun 11 '18 at 15:53













                0












                0








                0







                Unfortunately, AWS doesn't yet have a command like GKE's "gcloud container clusters get-credentials", which creates kubectl config for you. So, you need to create kubectl config file manually.



                As mentioned in creating a kubeconfig for Amazon EKS document, you should get two things from the cluster:




                1. Retrieve the endpoint for your cluster. Use this for the <endpoint-url> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.endpoint



                2. Retrieve the certificateAuthority.data for your cluster. Use this for the <base64-encoded-ca-cert> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.certificateAuthority.data


                Create the default kubectl folder if it does not already exist.



                mkdir -p ~/.kube


                Open your favorite text editor and paste the following kubeconfig code block into it.



                apiVersion: v1
                clusters:
                - cluster:
                server: <endpoint-url>
                certificate-authority-data: <base64-encoded-ca-cert>
                name: kubernetes
                contexts:
                - context:
                cluster: kubernetes
                user: aws
                name: aws
                current-context: aws
                kind: Config
                preferences:
                users:
                - name: aws
                user:
                exec:
                apiVersion: client.authentication.k8s.io/v1alpha1
                command: heptio-authenticator-aws
                args:
                - "token"
                - "-i"
                - "<cluster-name>"
                # - "-r"
                # - "<role-arn>"
                # env:
                # - name: AWS_PROFILE
                # value: "<aws-profile>"


                Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
                Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
                Replace the <cluster-name> with your cluster name.



                Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save the file to ~/.kube/config-devel.



                Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.



                export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel


                (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.



                For Bash shells on macOS:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile


                For Bash shells on Linux:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc


                Test your configuration.



                kubectl get svc


                Output:



                NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
                svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m


                Note

                If you receive the error "heptio-authenticator-aws": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.






                share|improve this answer













                Unfortunately, AWS doesn't yet have a command like GKE's "gcloud container clusters get-credentials", which creates kubectl config for you. So, you need to create kubectl config file manually.



                As mentioned in creating a kubeconfig for Amazon EKS document, you should get two things from the cluster:




                1. Retrieve the endpoint for your cluster. Use this for the <endpoint-url> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.endpoint



                2. Retrieve the certificateAuthority.data for your cluster. Use this for the <base64-encoded-ca-cert> in your kubeconfig file.



                  aws eks describe-cluster --cluster-name <cluster-name> --query cluster.certificateAuthority.data


                Create the default kubectl folder if it does not already exist.



                mkdir -p ~/.kube


                Open your favorite text editor and paste the following kubeconfig code block into it.



                apiVersion: v1
                clusters:
                - cluster:
                server: <endpoint-url>
                certificate-authority-data: <base64-encoded-ca-cert>
                name: kubernetes
                contexts:
                - context:
                cluster: kubernetes
                user: aws
                name: aws
                current-context: aws
                kind: Config
                preferences:
                users:
                - name: aws
                user:
                exec:
                apiVersion: client.authentication.k8s.io/v1alpha1
                command: heptio-authenticator-aws
                args:
                - "token"
                - "-i"
                - "<cluster-name>"
                # - "-r"
                # - "<role-arn>"
                # env:
                # - name: AWS_PROFILE
                # value: "<aws-profile>"


                Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
                Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
                Replace the <cluster-name> with your cluster name.



                Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save the file to ~/.kube/config-devel.



                Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.



                export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel


                (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.



                For Bash shells on macOS:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile


                For Bash shells on Linux:



                echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc


                Test your configuration.



                kubectl get svc


                Output:



                NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
                svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m


                Note

                If you receive the error "heptio-authenticator-aws": executable file not found in $PATH, then your kubectl is not configured for Amazon EKS. For more information, see Configure kubectl for Amazon EKS.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jun 11 '18 at 10:17









                VASVAS

                2551 silver badge5 bronze badges




                2551 silver badge5 bronze badges












                • I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                  – spiffytech
                  Jun 11 '18 at 13:10











                • There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                  – VAS
                  Jun 11 '18 at 15:53

















                • I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                  – spiffytech
                  Jun 11 '18 at 13:10











                • There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                  – VAS
                  Jun 11 '18 at 15:53
















                I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                – spiffytech
                Jun 11 '18 at 13:10





                I have followed that same documentation and created my kube config file with the server and certificate data filled in, but I'm getting the error listed in my question.

                – spiffytech
                Jun 11 '18 at 13:10













                There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                – VAS
                Jun 11 '18 at 15:53





                There are several closed issues on that error. Most of them was caused by errors in configuration file. Try to check your configuration file for tabs instead of spaces. It may cause the file to read incorrectly by kubectl.

                – VAS
                Jun 11 '18 at 15:53











                0














                Pass in your AWS configuration variables in line with your command (or set them as global variables).



                Example:



                AWS_PROFILE=profile_name kubectl get all





                share|improve this answer



























                  0














                  Pass in your AWS configuration variables in line with your command (or set them as global variables).



                  Example:



                  AWS_PROFILE=profile_name kubectl get all





                  share|improve this answer

























                    0












                    0








                    0







                    Pass in your AWS configuration variables in line with your command (or set them as global variables).



                    Example:



                    AWS_PROFILE=profile_name kubectl get all





                    share|improve this answer













                    Pass in your AWS configuration variables in line with your command (or set them as global variables).



                    Example:



                    AWS_PROFILE=profile_name kubectl get all






                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Jun 11 '18 at 13:17









                    getgladgetglad

                    1012 bronze badges




                    1012 bronze badges





















                        0














                        I resolved this issue by fixing the base64 encoded certificate in the kubeconfig file I created. The documentation is a little confusing because it says to use the --cluster-name switch with the aws cli for the EKS service and for me the --name switch worked. This printed the base64 value to the cli and I copy pasta it into the kubeconfig file saved and it worked.



                        $ AWS_ACCESS_KEY_ID=[YOUR_ID_HERE] AWS_SECRET_ACCESS_KEY=[YOUR_SECRET_HERE] aws eks describe-cluster --name staging --query cluster.certificateAuthority.data





                        share|improve this answer



























                          0














                          I resolved this issue by fixing the base64 encoded certificate in the kubeconfig file I created. The documentation is a little confusing because it says to use the --cluster-name switch with the aws cli for the EKS service and for me the --name switch worked. This printed the base64 value to the cli and I copy pasta it into the kubeconfig file saved and it worked.



                          $ AWS_ACCESS_KEY_ID=[YOUR_ID_HERE] AWS_SECRET_ACCESS_KEY=[YOUR_SECRET_HERE] aws eks describe-cluster --name staging --query cluster.certificateAuthority.data





                          share|improve this answer

























                            0












                            0








                            0







                            I resolved this issue by fixing the base64 encoded certificate in the kubeconfig file I created. The documentation is a little confusing because it says to use the --cluster-name switch with the aws cli for the EKS service and for me the --name switch worked. This printed the base64 value to the cli and I copy pasta it into the kubeconfig file saved and it worked.



                            $ AWS_ACCESS_KEY_ID=[YOUR_ID_HERE] AWS_SECRET_ACCESS_KEY=[YOUR_SECRET_HERE] aws eks describe-cluster --name staging --query cluster.certificateAuthority.data





                            share|improve this answer













                            I resolved this issue by fixing the base64 encoded certificate in the kubeconfig file I created. The documentation is a little confusing because it says to use the --cluster-name switch with the aws cli for the EKS service and for me the --name switch worked. This printed the base64 value to the cli and I copy pasta it into the kubeconfig file saved and it worked.



                            $ AWS_ACCESS_KEY_ID=[YOUR_ID_HERE] AWS_SECRET_ACCESS_KEY=[YOUR_SECRET_HERE] aws eks describe-cluster --name staging --query cluster.certificateAuthority.data






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Jun 13 '18 at 0:00









                            Brayton StaffordBrayton Stafford

                            11 bronze badge




                            11 bronze badge





















                                0














                                Things have gotten a bit simpler over time. To get started on Linux (or indeed WSL) you will need to:




                                1. Install the AWS CLI and configure valid AWS CLI credentials (aws configure or e.g. use AWS SSO to generate time-limited credentials on the fly)

                                2. Install eksctl and kubectl

                                3. Install aws-iam-authenticator

                                At this point, assuming you already have a running Kubernetes Cluster in your AWS account you can generate/update the kube configuration in $HOME/.kube/config with this one command:



                                aws eks update-kubeconfig --name test



                                Where test is your cluster name according to the AWS Console (or aws eks list-clusters).



                                You can now run for instance kubectl get svc without getting an error.






                                share|improve this answer



























                                  0














                                  Things have gotten a bit simpler over time. To get started on Linux (or indeed WSL) you will need to:




                                  1. Install the AWS CLI and configure valid AWS CLI credentials (aws configure or e.g. use AWS SSO to generate time-limited credentials on the fly)

                                  2. Install eksctl and kubectl

                                  3. Install aws-iam-authenticator

                                  At this point, assuming you already have a running Kubernetes Cluster in your AWS account you can generate/update the kube configuration in $HOME/.kube/config with this one command:



                                  aws eks update-kubeconfig --name test



                                  Where test is your cluster name according to the AWS Console (or aws eks list-clusters).



                                  You can now run for instance kubectl get svc without getting an error.






                                  share|improve this answer

























                                    0












                                    0








                                    0







                                    Things have gotten a bit simpler over time. To get started on Linux (or indeed WSL) you will need to:




                                    1. Install the AWS CLI and configure valid AWS CLI credentials (aws configure or e.g. use AWS SSO to generate time-limited credentials on the fly)

                                    2. Install eksctl and kubectl

                                    3. Install aws-iam-authenticator

                                    At this point, assuming you already have a running Kubernetes Cluster in your AWS account you can generate/update the kube configuration in $HOME/.kube/config with this one command:



                                    aws eks update-kubeconfig --name test



                                    Where test is your cluster name according to the AWS Console (or aws eks list-clusters).



                                    You can now run for instance kubectl get svc without getting an error.






                                    share|improve this answer













                                    Things have gotten a bit simpler over time. To get started on Linux (or indeed WSL) you will need to:




                                    1. Install the AWS CLI and configure valid AWS CLI credentials (aws configure or e.g. use AWS SSO to generate time-limited credentials on the fly)

                                    2. Install eksctl and kubectl

                                    3. Install aws-iam-authenticator

                                    At this point, assuming you already have a running Kubernetes Cluster in your AWS account you can generate/update the kube configuration in $HOME/.kube/config with this one command:



                                    aws eks update-kubeconfig --name test



                                    Where test is your cluster name according to the AWS Console (or aws eks list-clusters).



                                    You can now run for instance kubectl get svc without getting an error.







                                    share|improve this answer












                                    share|improve this answer



                                    share|improve this answer










                                    answered Jun 9 at 8:21









                                    M JensenM Jensen

                                    11 bronze badge




                                    11 bronze badge



























                                        draft saved

                                        draft discarded
















































                                        Thanks for contributing an answer to Server Fault!


                                        • Please be sure to answer the question. Provide details and share your research!

                                        But avoid


                                        • Asking for help, clarification, or responding to other answers.

                                        • Making statements based on opinion; back them up with references or personal experience.

                                        To learn more, see our tips on writing great answers.




                                        draft saved


                                        draft discarded














                                        StackExchange.ready(
                                        function ()
                                        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f916022%2fkubectl-cannot-authenticate-with-aws-eks%23new-answer', 'question_page');

                                        );

                                        Post as a guest















                                        Required, but never shown





















































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown

































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown







                                        Popular posts from this blog

                                        Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                                        Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                                        Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020