eks-rest-go

module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 1, 2023 License: MIT

README

EKS Rest Go

This module uses the aws-sdk-go-v2 module to lookup EKS cluster information, and then uses the Kubernetes client-go module to create and return a *rest.Config that is authenticated using IAM credentials.

This is useful when you need to connect to the Kubernetes Master API of an EKS cluster from outside the cluster, such as from a Lambda or other AWS Service.

Requirements

This module uses IAM credentials to describe the EKS Cluster, and requires the permission eks:DescribeCluster on the resource you are trying to connect to.

Example IAM Policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowClusterLogin",
            "Effect": "Allow",
            "Action": "eks:DescribeCluster",
            "Resource": "arn:aws:eks:us-east-1:111122223333:cluster/my-cluster-name"
        }
    ]
}

This module also assumes you have configured an IAM User or Role with access to your cluster following the AWS Guide Enabling IAM user and role access to your cluster

Example AWS Auth ConfigMag
apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: arn:aws:iam::111122223333:/role/worker--node-role
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
    - rolearn: arn:aws:iam::111122223333:role/my-custom-role
      username: arn:aws:iam::111122223333:role/my-custom-role
      groups:
        - my-custom-group

Usage

Using a Default AWS Config (most common) - Full Example

import eksrest "github.com/jjulien/eks-rest-go/rest"

restConfig, _ := eksrest.DefaultConfig(context.TODO(), clusterName)
clientSet, _ := kubernetes.NewForConfig(restConfig)

Using a Custom AWS Config - Full Example

import eksrest "github.com/jjulien/eks-rest-go/rest"

defaultCfg, _ := config.LoadDefaultConfig(context.TODO())
stsClient := sts.NewFromConfig(defaultCfg)
credProvider := stscreds.NewAssumeRoleProvider(stsClient, customRoleArn)
awsCfg := aws.Config{
	Region:      "us-east-1",
	Credentials: credProvider,
}
restConfig, _ := eksrest.WithAwsConfig(context.TODO(). clusterName, awsCfg)
clientSet, _ := kubernetes.NewForConfig(restConfig)

License

See LICENSE

Directories

Path Synopsis
examples
customConfig Module
defaultConfig Module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL