search

mkimuram / k8sviz

Generate Kubernetes architecture diagrams from the actual state in a namespace
Apache License 2.0
288 stars 49 forks source link

aws-iam-authenticator binary not included in Docker image for AWS EKS Cluster with IAM #51

Open epowell opened 1 year ago

epowell commented 1 year ago

Similar to issue #49 , but for AWS EKS.

When you connect to an Elastic Kubernetes Service (EKS) cluster using IAM and an SSO provider, the ~/.kube/config file will use aws-iam-authenticator in the command resulting in the following error:

$ ./k8sviz.sh
...
getting credentials: exec: executable aws-iam-authenticator not found

I added these commands to the Dockerfile locally, referencing the AWS instructions here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html

diff --git a/Dockerfile b/Dockerfile
index daeade8..b0f71de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,17 @@ FROM vanilla AS aws
 RUN apk add --no-cache \
         python3 \
         py3-pip \
+        curl \
     && pip3 install --upgrade pip \
     && pip3 install \
         awscli \
     && rm -rf /var/cache/apk/*

+RUN curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 \
+    && chmod +x ./aws-iam-authenticator \
+    && mv ./aws-iam-authenticator /bin/aws-iam-authenticator
+
+
 FROM vanilla AS gcloud
 RUN apk add --no-cache \
         python3 \

However, this is not enough for my host's kube config to be used - it needs cached credentials from the .kube directory, in addition to the ~/.kube/config file. So I changed the docker run command to mount the config directory in its entirety:

diff --git a/k8sviz.sh b/k8sviz.sh
index 014d28d..b1fa26a 100755
--- a/k8sviz.sh
+++ b/k8sviz.sh
@@ -69,7 +69,7 @@ fi
 docker run --network host                                    \
   --user $(id -u):$(id -g)                                   \
   -v ${ABSDIR}:/work                                         \
-  -v ${KUBECONFIG}:/config:ro                                \
+  -v ${ABSKUBEDIR}:/.kube:ro                                  \
   -it --rm ${FLAGS_image}                                    \
-  /k8sviz -kubeconfig /config                                \
+  /k8sviz -kubeconfig /.kube/${KUBEFILE}                      \
   -n ${FLAGS_namespace} -t ${FLAGS_type} -o /work/${FILENAME}

After this, I am successfully able to run k8sviz from my local machine!

jadiaheno commented 2 months ago

hey @epowell do you have a branch somewhere that i can pull?

edit: Just build the container with target --target: aws