kubebox and AWS EKS

[jaydeland]

This might be related to: https://github.com/astefanutti/kubebox/issues/7

I have not been able to login using kubebox when my terminal session is logged into AWS using the aws authenticator.

[astefanutti]

Does the "Unable to verify first certificate" message appear in the login widget? Otherwise, it may be related to #14.

Would you be able to share some details about your kube config context and the Kubebox version you're using?

[jaydeland]

At first it says Authentication failed for:

Than I try to use a generated token to login and it says "Unable to verify first certificate"

[astefanutti]

Ok thanks. So it's likely related to #7. I'll try to test Kubebox on AWS EKS ASAP.

[jaydeland]

@astefanutti - Thank you!

[astefanutti]

I've been able to give AWS EKS a try with Kubebox and I've reproduced the "Unable to verify first certificate" error. This is very likely due to #7, that'll help me troubleshooting it.

Besides, Kubebox needs to support the exec field from the user Kube config info to rely on aws-iam-authenticator to authenticate and retrieve the token.

[astefanutti]

The "Unable to verify first certificate" error should be fixed with 792c0c8b6b9e6b65afd52a6117b54ea2b01bf49c.

I've tested Kubebox connecting successfully to EKS using the token provided by aws-iam-authenticator token ....

I leave that issue open to track support for token generation and refresh with the user.exec field.

[berstend]

Having an Authentication failed issue as well when starting kubebox for the first time. I'm using GKE and my regular shell session is signed in, etc.

Such a shame, just this single error message just looks absolutely gorgeous. Can't wait to try it once this is fixed. 😄

edit: I'm using the latest 0.4.0 release. Happy to provide more debug info if possible.

[astefanutti]

@berstend It may be a different issue with GKE. If that uses OpenID connect, it should work since version 0.4.0, but apparently it doesn't so either we have an issue with OpenID connect or GKE is configured differently. Anyway, if you can retrieve a token, you should be able to use it to authenticate as a fallback.

[astefanutti]

@berstend That'd be great if you could provide details about the kube config file section relevant to connecting to GKE. I would suggest you create a separate issue.

[PierreBeucher]

Same issue but did not have aws-iam-authenticator available. I instead used

aws eks get-token --cluster-name [my-cluster] 

To get a token to authenticate with Kubebox

[astefanutti]

It should now be supported starting version 0.6.0. Thanks for your patience!