Friday, November 1, 2019

AWS EKS ~/.kube/config (heptio vs awscli)

You can config your kubectl to talk to EKS both ways

AWSCli Token
pankaj@PGautam-X280:~/terraform/eks3-thar$ aws eks get-token --cluster-name thar-eks-dev-cluster-2
{"kind": "ExecCredential", "apiVersion": "client.authentication.k8s.io/v1alpha1", "spec": {}, "status": {"expirationTimestamp": "2019-11-01T21:59:14Z", "token": "k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR
5JlZlcnNpb249MjAxMS0wNi0xNSZYLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZY
Q1MTRaJlgtQW16LUV4cGlyZXM9NjAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JTNCeC1rO
HMtYXdzLWlkJlgtQW16LVNpZ25hdHVyZT0yNTdmNTE4YjBjOWNjZGE4MmNmOTk1YWI2ND
FmYzZjZTM2YTdhYTZiM2UwNjBmZGUwZDg3ZTMzMWQ1NGYyODQ5"}}


Heptio Token
pankaj@PGautam-X280:~/terraform/eks3-thar$ aws-iam-authenticator token -i eks-thar-techops-dev-cluster-1
{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1alpha1","spec":{},"status":{"token":"k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aX
R5JlZlcnNpb249MjAxMS0wNi0xNSZYLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYL
JlgtQW16LUV4cGlyZXM9NjAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JTNCeC1rOHMtYXdzL
WlkJlgtQW16LVNpZ25hdHVyZT00M2Q2NmUzNWI4ZWNlNDExNzEwYmMxOTNjNzI4YmEzMGM
wN2E2ZjZjNjRmZDIxN2Y1ZjYwODk0NGNmZmMwM2Zk"}}


AWSCli configuration file:

apiVersion: v1
clusters:
- cluster:
    server: https://093E146E63E428CC642F01362F6BE661.sk1.us-west-2.eks.amazonaws.com
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURB
ZtQm1WQ1U4OXZDamZpOXBNaQo2Nmp3NkxTWSttbnFQYzhVcUdVbks5WURhZU01b0ZvULQo=
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: aws
      env:
      - name: AWS_PROFILE
        value: opssbx
      args:
      - "eks"
      - "get-token"
      - "--cluster-name"
      - "thar-eks-dev-cluster-2"
      # - "--role"
      # - "arn:aws:iam::191829356374:role/ops"

 
Heptio configuration file:
apiVersion: v1
clusters:
- cluster:
    server: https://093E146E63E428CC642F01362F6BE661.sk1.us-west-2.eks.amazonaws.com
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURB
TkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHV
npNQjRYRFRFNU1URXdNVEU1TURJMU1Wb1hEVEk1TVRBeU9URTVNREkxTVZvd0ZURVR
NQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQl
GSUNBVEUtLS0tLQo=
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: opssbx
      args:
        - "token"
        - "-i"
        - "thar-eks-dev-cluster-2"
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)