Skip to content

EKS Cheat Sheet

Update kubeconfig

Update kubeconfig file with AWS EKS cluster credentials. 

aws eks --profile $PROFILE --region eu-west-2 update-kubeconfig --name $CLUSTERNAME

Add-ons

Commands to list and verify EKS add-ons and their versions for a specific Kubernetes version. 

# Get latest version for a specific add-on and Kubernetes version
aws eks describe-addon-versions --profile $PROFILE \
    --kubernetes-version=1.30 \
    --addon-name=vpc-cni \
    --query 'sort_by(addons, &addonName)[].{owner: owner, addonName: addonName, type: type, Version: addonVersions[0].addonVersion}'

# Get all latest add-on versions for a Kubernetes version
aws eks --profile $PROFILE describe-addon-versions \
    --kubernetes-version=1.30 \
    --query 'sort_by(addons, &addonName)[].{owner: owner, addonName: addonName, type: type, Version: addonVersions[0].addonVersion}'

# Get available configuration options for a specific add-on version
aws eks --profile $PROFILE describe-addon-configuration \
    --addon-name vpc-cni \
    --addon-version v1.15.5-eksbuild.1 \
    --output yaml

# List add-ons installed on your cluster
aws eks --profile $PROFILE list-addons --cluster-name uk-as-dev-cluster1

ECR public registry — unable to retrieve credentials

When accessing a Helm chart hosted on the AWS ECR public registry, you may get an authentication failure.

Error 

helm pull oci://public.ecr.aws/karpenter/karpenter

Error: GET "https://public.ecr.aws/v2/karpenter/karpenter/tags/list":
unable to retrieve credentials

Solution — log in to the ECR public registry first: 

aws ecr-public get-login-password \
    --region us-east-1 | helm registry login \
    --username AWS \
    --password-stdin public.ecr.aws

Service accounts

# List IAM service accounts
eksctl get iamserviceaccount --profile $PROFILE --cluster $CLUSTERNAME