Eksctl: non-owners should be able to delete clusters

Created on 29 Jul 2019  ·  4Comments  ·  Source: weaveworks/eksctl

This is a follow-up to #1042. We only produced a fix for the error message.

Any AWS admin must be able to force deletion of an EKS cluster without contacting or impersonating the cluster owner. It was possible before #1010 (in a general case, i.e. when there was no ELBs or other resources standing in the way).

aredeletions kinfeature needs-investigation prioritbacklog stale
Source
picture errordeveloper
👍7

Most helpful comment

Why only the owner? Shouldn't it be that any user on the system:masters group in K8s should be able to delete the cluster?

picture marc1161 on 30 Aug 2019
👍3

All 4 comments

To me, it doesn't make sense that people who can delete the full infrastructure aren't a Kubernetes admin

2opremio picture 2opremio on 30 Jul 2019

One example use-case is this: an IAM user has created a cluster, they lost access to the account and another IAM user wants to delete cluster the first user created.

A user has also reported their own perspective in #1081.

errordeveloper picture errordeveloper on 5 Aug 2019

Why only the owner? Shouldn't it be that any user on the system:masters group in K8s should be able to delete the cluster?

marc1161 picture marc1161 on 30 Aug 2019
👍3

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] picture github-actions[bot] on 25 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

brunojcm picture brunojcm  ·  3Comments
arun-gupta picture arun-gupta  ·  3Comments
dewittcx picture dewittcx  ·  3Comments
errordeveloper picture errordeveloper  ·  4Comments
scottyhq picture scottyhq  ·  3Comments