Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for aws eks get-token authenticator and IAM role ARN #993

Merged
merged 4 commits into from
Jul 18, 2019
Merged

Add support for aws eks get-token authenticator and IAM role ARN #993

merged 4 commits into from
Jul 18, 2019

Conversation

cPu1
Copy link
Contributor

@cPu1 cPu1 commented Jul 5, 2019
edited
Loading

Description

This PR adds support for:

  1. Using aws eks get-token as the authenticator for signing requests if neither aws-iam-authenticator nor heptio-authenticator-aws is available in PATH.
  2. Specifying a role ARN to use for aws-iam-authenticator and aws eks get-token, to eksctl create cluster and eksctl utils write-kubeconfig via flag --authenticator-role-arn.

Support for aws eks get-token was added recently, so presence of aws in PATH does not imply aws eks get-token would work. Instead of inspecting the version or checking if it supports get-token, we simply use it as a fallback if other authenticators aren't available in PATH and aws is available (which is also the motivation for using aws eks get-token since most users would already have aws installed).

Checklist

  • Code compiles correctly (i.e make build)
  • Added tests that cover your change (if possible)
  • All unit tests passing (i.e. make test)
  • Added/modified documentation as required (such as the README.md, and examples directory)
  • Manually tested

@cPu1 cPu1 force-pushed the authenticator-role-arn-788-749 branch from cc73132 to 8abab85 Compare July 5, 2019 15:38
@errordeveloper
Copy link
Contributor

Thanks @cPu1! I'll review in detail next week, I think overall this is in the right direction :)

@cPu1 cPu1 force-pushed the authenticator-role-arn-788-749 branch from 8abab85 to 05abb47 Compare July 8, 2019 11:17
@cPu1 cPu1 requested a review from martina-if July 8, 2019 13:05
@martina-if
Copy link
Contributor

LGTM

martina-if
martina-if previously approved these changes Jul 8, 2019
View reviewed changes
errordeveloper
errordeveloper suggested changes Jul 17, 2019
View reviewed changes
Copy link
Contributor

@errordeveloper errordeveloper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, thanks! Please make sure to add the docs. I've merged #999 just now also.

@errordeveloper errordeveloper force-pushed the authenticator-role-arn-788-749 branch from 05abb47 to 95bfb55 Compare July 18, 2019 14:50
@errordeveloper errordeveloper merged commit 079c5b7 into master Jul 18, 2019
@errordeveloper errordeveloper deleted the authenticator-role-arn-788-749 branch July 18, 2019 15:01
@gemagomez gemagomez added this to the 0.2.0 milestone Jul 25, 2019
toabctl added a commit to toabctl/amazon-eks-ami that referenced this pull request Apr 22, 2021
@toabctl
Revert "Revert "Removing dependency on Authenticator binary" (awslabs…
7f4e9ad 
…#446)"

This reintroduces the switch to use "aws eks get-token" instead of the
aws-iam-authenticator. The reason (see [0]) why that switch got
reverted was, that eksctl wasn't able to handle the situation where
aws-iam-authenticator was not there. But that changed (see [1] and
[2]) so switching to aws-cli for getting a token should be good now.

This reverts commit d6e021b.

[0] awslabs#446
[1] eksctl-io/eksctl#788
[2] eksctl-io/eksctl#993
@toabctl toabctl mentioned this pull request Apr 22, 2021
Closed
@aclevername aclevername mentioned this pull request Nov 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@errordeveloper errordeveloper errordeveloper approved these changes

@martina-if martina-if martina-if left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.2.0
4 participants
@cPu1 @errordeveloper @martina-if @gemagomez