-
Notifications
You must be signed in to change notification settings - Fork 82
/
kubeconfig.go
100 lines (94 loc) · 2.82 KB
/
kubeconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package eks
import (
"bytes"
"context"
"fmt"
"io/ioutil"
"text/template"
"time"
"go.uber.org/zap"
"k8s.io/utils/exec"
)
type kubeconfig struct {
ClusterAPIServerEndpoint string
ClusterCA string
AWSIAMAuthenticatorPath string
ClusterName string
}
const tmplKUBECONFIG = `
apiVersion: v1
kind: Config
clusters:
- cluster:
server: {{ .ClusterAPIServerEndpoint }}
certificate-authority-data: {{ .ClusterCA }}
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: {{ .AWSIAMAuthenticatorPath }}
args:
- token
- -i
- {{ .ClusterName }}
`
// https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html
// https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
// aws eks update-kubeconfig --name --role-arn --kubeconfig
func (ts *Tester) updateKUBECONFIG() error {
if ts.cfg.AWSIAMAuthenticatorPath != "" && ts.cfg.AWSIAMAuthenticatorDownloadURL != "" {
tpl := template.Must(template.New("tmplKUBECONFIG").Parse(tmplKUBECONFIG))
buf := bytes.NewBuffer(nil)
if err := tpl.Execute(buf, kubeconfig{
ClusterAPIServerEndpoint: ts.cfg.Status.ClusterAPIServerEndpoint,
ClusterCA: ts.cfg.Status.ClusterCA,
AWSIAMAuthenticatorPath: ts.cfg.AWSIAMAuthenticatorPath,
ClusterName: ts.cfg.Name,
}); err != nil {
return err
}
ts.lg.Info("writing KUBECONFIG with aws-iam-authenticator", zap.String("kubeconfig-path", ts.cfg.KubeConfigPath))
if err := ioutil.WriteFile(ts.cfg.KubeConfigPath, buf.Bytes(), 0777); err != nil {
return err
}
ts.lg.Info("wrote KUBECONFIG with aws-iam-authenticator", zap.String("kubeconfig-path", ts.cfg.KubeConfigPath))
return ts.cfg.Sync()
}
args := []string{
"eks",
fmt.Sprintf("--region=%s", ts.cfg.Region),
"update-kubeconfig",
fmt.Sprintf("--name=%s", ts.cfg.Name),
fmt.Sprintf("--kubeconfig=%s", ts.cfg.KubeConfigPath),
"--verbose",
}
if ts.cfg.Parameters.ResolverURL != "" {
args = append(args, fmt.Sprintf("--endpoint=%s", ts.cfg.Parameters.ResolverURL))
}
ts.lg.Info("writing KUBECONFIG with 'aws eks update-kubeconfig'",
zap.String("kubeconfig-path", ts.cfg.KubeConfigPath),
zap.String("aws-cli-path", ts.cfg.AWSCLIPath),
zap.Strings("aws-args", args),
)
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
ao, err := exec.New().CommandContext(
ctx,
ts.cfg.AWSCLIPath,
args...,
).CombinedOutput()
cancel()
if err != nil {
return fmt.Errorf("'aws eks update-kubeconfig' failed (output %q, error %v)", string(ao), err)
}
ts.lg.Info("'aws eks update-kubeconfig' success", zap.String("kubeconfig-path", ts.cfg.KubeConfigPath))
return ts.cfg.Sync()
}