Update eks-update-kubeconfig (and, indirectly, set-cluster) to support Tenants and new aws-teams configuration
why
Improved compatibility with current Cloud Posse reference architecture
usage and other support notes
The Geodesic set-cluster and eks-update-kubeconfig commands are helpers that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. While admittedly brittle and somewhat complex, please keep in mind they are completely optional shortcuts that you are in no way forced to use if you do not like them. They are simply shortcuts to manage multiple KUBECONFIG files and build the full command, which you can use directly:
set-cluster <cluster short name> <role short name>
The cluster short name is [tenant-]environment-stage which expands to namespace-[tenant-]-environment-stage-eks-cluster. If your cluster name does not follow this pattern, you can set a new pattern with EKS_CLUSTER_NAME_PATTERN but it is admittedly unwieldy.
The role short name is something like "admin" or "terraform" and is expected to be the suffix to an AWS config profile prefix of namespace-[tenant-]-gbl-stage-. So, for example, with NAMESPACE=eg and a Tenant named core:
set-cluster core-use1-dev developer
Would set up the eg-core-use1-dev-eks-cluster to be accessed by the eg-core-gbl-dev-developer profile.
The previous default role name is whatever role name you currently had. Now that we encourage aws-teams to use managers and devops as team names, this is no longer appropriate. The new default role name is admin, but this can be changed via the environment variable EKS_DEFAULT_AWS_ROLE.
Users using "tenant" labels can set a default Tenant value via export TENANT.
Other configuration is possible via environment variables; see the source at
rootfs/usr/local/bin/eks-update-kubeconfig
rootfs/etc/profile.d/set-cluster.sh
roadmap and other support notes
The Geodesic set-cluster and eks-update-kubeconfig are helper functions that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. They do so by making a lot of assumptions about the name of the cluster, the structure of the name of the cluster, the name of available AWS "profiles", and the desired profile to use. This update is an interim update to better support recent changes in the Cloud Posse reference architecture.
These commands will never be fully general purpose. If you are not following Cloud Posse conventions, or even if you are but are using blue/green deployments, these commands may not work for you. Cloud Posse is NOT committed to making them more broadly usable. You can use them as starting points for your own shortcuts.
what
eks-update-kubeconfig
(and, indirectly,set-cluster
) to support Tenants and newaws-teams
configurationwhy
usage and other support notes
The Geodesic
set-cluster
andeks-update-kubeconfig
commands are helpers that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. While admittedly brittle and somewhat complex, please keep in mind they are completely optional shortcuts that you are in no way forced to use if you do not like them. They are simply shortcuts to manage multiple KUBECONFIG files and build the full command, which you can use directly:The full
set-cluster
command isThe cluster short name is
[tenant-]environment-stage
which expands tonamespace-[tenant-]-environment-stage-eks-cluster
. If your cluster name does not follow this pattern, you can set a new pattern withEKS_CLUSTER_NAME_PATTERN
but it is admittedly unwieldy.The role short name is something like "admin" or "terraform" and is expected to be the suffix to an AWS config profile prefix of
namespace-[tenant-]-gbl-stage-
. So, for example, withNAMESPACE=eg
and a Tenant namedcore
:Would set up the
eg-core-use1-dev-eks-cluster
to be accessed by theeg-core-gbl-dev-developer
profile.The previous default role name is whatever role name you currently had. Now that we encourage
aws-teams
to usemanagers
anddevops
as team names, this is no longer appropriate. The new default role name isadmin
, but this can be changed via the environment variableEKS_DEFAULT_AWS_ROLE
.Users using "tenant" labels can set a default Tenant value via
export TENANT
.Other configuration is possible via environment variables; see the source at
roadmap and other support notes
The Geodesic
set-cluster
andeks-update-kubeconfig
are helper functions that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. They do so by making a lot of assumptions about the name of the cluster, the structure of the name of the cluster, the name of available AWS "profiles", and the desired profile to use. This update is an interim update to better support recent changes in the Cloud Posse reference architecture.These commands will never be fully general purpose. If you are not following Cloud Posse conventions, or even if you are but are using blue/green deployments, these commands may not work for you. Cloud Posse is NOT committed to making them more broadly usable. You can use them as starting points for your own shortcuts.