The kubernetes-plugin currently supports authenticating into the cluster via the server certificate and username/password.

Amazon's EKS works differently, where you need to use an authentication plugin to generate tokens. The instructions are here (https://docs.aws.amazon.com/eks/latest/userguide/configure-kubectl.html)

The short version is that you need to have an executable in your path, which generates auth tokens on demand. The kubectl file for connecting to EKS looks like so:

apiVersion: v1
clusters:
- cluster:
    server: https://SOME-LONG-ID.yl4.us-west-2.eks.amazonaws.com
    certificate-authority-data: <ca cert goes here>
  name: eks-cluster
contexts:
- context:
    cluster: eks-cluster
    user: eks-user
  name: marcin
current-context: eks
kind: Config
preferences: {}
users:
- name: eks-user
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
        - "token"
        - "-i"
        - "eks-cluster-name"

This configuration is described here:
https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#eks-configure-kubectl

I wonder if you guys could extend the current plugin to accept a kubeconfig file instead of the resources within it. This way, I could generate whatever kubeconfig is necessary myself, and created an image derived from yours which would contain heptio-authenticator-aws. This would allow for more generalized authentication without you having to support every conceivable alternative.