-
Improvement
-
Resolution: Fixed
-
Minor
-
None
The kubernetes-plugin currently supports authenticating into the cluster via the server certificate and username/password.
Amazon's EKS works differently, where you need to use an authentication plugin to generate tokens. The instructions are here (https://docs.aws.amazon.com/eks/latest/userguide/configure-kubectl.html)
The short version is that you need to have an executable in your path, which generates auth tokens on demand. The kubectl file for connecting to EKS looks like so:
apiVersion: v1 clusters: - cluster: server: https://SOME-LONG-ID.yl4.us-west-2.eks.amazonaws.com certificate-authority-data: <ca cert goes here> name: eks-cluster contexts: - context: cluster: eks-cluster user: eks-user name: marcin current-context: eks kind: Config preferences: {} users: - name: eks-user user: exec: apiVersion: client.authentication.k8s.io/v1alpha1 command: heptio-authenticator-aws args: - "token" - "-i" - "eks-cluster-name"
This configuration is described here:
https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#eks-configure-kubectl
I wonder if you guys could extend the current plugin to accept a kubeconfig file instead of the resources within it. This way, I could generate whatever kubeconfig is necessary myself, and created an image derived from yours which would contain heptio-authenticator-aws. This would allow for more generalized authentication without you having to support every conceivable alternative.
- links to