Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

K8s integration with IAM Role #7

Open
AmitBaranes opened this issue Jun 22, 2022 · 5 comments
Open

K8s integration with IAM Role #7

AmitBaranes opened this issue Jun 22, 2022 · 5 comments
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@AmitBaranes
Copy link

AmitBaranes commented Jun 22, 2022
edited
Loading

When running aws eks update-kubeconfig with --role-arn new entry created under .kube/config. which contains the following:

- name: arn:aws:eks:eu-west-1:123456789:cluster/xxx
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - --region
      - eu-west-1
      - eks
      - get-token
      - --cluster-name
      - yyy
      - --role
      - arn:aws:iam::123456789:role/admin
      command: aws

Any kubectl command or IDE for k8s failed to run due to the fact that alias aws="aws-mfa-secure session" contains a space, this caused the kubeconfig to fail the command.

My questions are -

  1. Do you have any workaround?
  2. Can you add another command to skip the session usage? ( e.g aws-mfa-secure without the session )
@tongueroo tongueroo added help wanted Extra attention is needed good first issue Good for newcomers enhancement New feature or request labels Jun 23, 2022
@ShaharHD
Copy link

ShaharHD commented Jun 23, 2022
edited
Loading

Possible workaround can be:

- name: arn:aws:eks:eu-west-1:123456789:cluster/xxx
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - session
      - --region
      - eu-west-1
      - eks
      - get-token
      - --cluster-name
      - yyy
      - --role
      - arn:aws:iam::123456789:role/admin
      command: aws-mfa-secure

as the alias is blocking somehow the passing of the additional needed arguments

@AmitBaranes
Copy link
Author

AmitBaranes commented Jun 23, 2022
edited
Loading

this will require everyone that using EKS + aws-mfa-secure to update the kube/config manually. I'd like to avoid it and use the aws command.

@ShaharHD
Copy link

@tongueroo maybe a simple workaround from the aws-mfa-secure side would be to add "busybox style" linked scripts which uses the filename as the command (and will act as the alias)

for example:
aws-mfa-secure-session will be translated into aws-mfa-secure session command.

@AmitBaranes
Copy link
Author

@tongueroo any estimation here?

@tongueroo
Copy link
Collaborator

No estimate. Will consider and review PRs. No sweat either way of course 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tongueroo @ShaharHD @AmitBaranes