From 7c4fb27a4ad4c08b306d6727bf5aa191051016d8 Mon Sep 17 00:00:00 2001 From: Mike Metral <1112768+metral@users.noreply.github.com> Date: Mon, 30 Mar 2020 11:17:31 -0700 Subject: [PATCH] refactor(aws-auth): replace aws-iam-authenticator with aws eks get-token Note: for existing clusters, this change will recompute the kubeconfig used, as its arguments and settings get updated to work with `aws eks get-token`. It should not affect cluster access. --- CHANGELOG.md | 5 +++++ README.md | 4 ++-- nodejs/eks/cluster.ts | 12 ++++++------ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 84e0aee3f..f0a529bb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ### Improvements +- refactor(aws-auth): replace aws-iam-authenticator with aws eks get-token + [#362](https://github.com/pulumi/pulumi-eks/pull/362) + Note: for existing clusters, this change will recompute the kubeconfig used, + as its arguments and settings get updated to work with get-token. + It should not affect cluster access. - feat(cluster): add getKubeconfig method to generate scoped kubeconfigs [#356](https://github.com/pulumi/pulumi-eks/pull/356) diff --git a/README.md b/README.md index 7923d3063..ab041e84b 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,8 @@ This includes: 1. [Install Pulumi](https://www.pulumi.com/docs/reference/install). 1. Install [Node.js](https://nodejs.org/en/download). 1. Install a package manager for Node.js, such as [NPM](https://www.npmjs.com/get-npm) or [Yarn](https://yarnpkg.com/lang/en/docs/install). -1. [Configure AWS Credentials](https://www.pulumi.com/docs/reference/clouds/aws/setup/). -1. [Install AWS IAM Authenticator for Kubernetes](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html). +1. [Install and Configure the AWS CLI](https://www.pulumi.com/docs/reference/clouds/aws/setup/). + * AWS CLI version >= 1.18.17. See the [AWS docs](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) for more details. 1. [Install `kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl). ## Installing diff --git a/nodejs/eks/cluster.ts b/nodejs/eks/cluster.ts index 0123d2af8..c947b26b4 100644 --- a/nodejs/eks/cluster.ts +++ b/nodejs/eks/cluster.ts @@ -161,11 +161,11 @@ function generateKubeconfig( clusterEndpoint: pulumi.Input, certData: pulumi.Input, opts?: KubeconfigOptions) { - let args = ["token", "-i", clusterName]; + let args = ["eks", "get-token", "--cluster-name", clusterName]; let env: { [key: string]: pulumi.Input} | undefined; if (opts?.roleArn) { - args = [...args, "-r", opts.roleArn]; + args = [...args, "--role", opts.roleArn]; } if (opts?.profileName) { env = { @@ -197,7 +197,7 @@ function generateKubeconfig( user: { exec: { apiVersion: "client.authentication.k8s.io/v1alpha1", - command: "aws-iam-authenticator", + command: "aws", args: args, env: env, }, @@ -276,12 +276,12 @@ export function getRoleProvider(name: string, region?: aws.Region, profile?: str * Create the core components and settings required for the EKS cluster. */ export function createCore(name: string, args: ClusterOptions, parent: pulumi.ComponentResource): CoreData { - // Check to ensure that aws-iam-authenticator is installed, as we'll need it in order to deploy k8s resources + // Check to ensure that aws CLI is installed, as we'll need it in order to deploy k8s resources // to the EKS cluster. try { - which.sync("aws-iam-authenticator"); + which.sync("aws"); } catch (err) { - throw new Error("Could not find aws-iam-authenticator for EKS. See https://github.com/pulumi/eks#installing for installation instructions."); + throw new Error("Could not find aws CLI for EKS. See https://github.com/pulumi/pulumi-eks for installation instructions."); } if (args.instanceRole && args.instanceRoles) {