grosser
commented
4 years ago what is the error ?
Open thrawny opened 4 years ago
grosser
commented
4 years ago what is the error ?
grosser
commented
4 years ago try kubectl get pods or similar with the config file to make sure it actually works
thrawny
commented
4 years ago the config works fine for me, i'm using the cluster already for some things
the error in samson is just "can't connect to api server" or something like that
here is an example config, as you can see it uses exec and uses the aws cli to fetch a token
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxx
server: https://xxxx.sk1.eu-west-1.eks.amazonaws.com
name: arn:aws:eks:eu-west-1:123:cluster/foo
contexts:
- context:
cluster: arn:aws:eks:eu-west-1:123:cluster/foo
user: arn:aws:eks:eu-west-1:123:cluster/foo
name: foo
current-context: foo
kind: Config
preferences: {}
users:
- name: arn:aws:eks:eu-west-1:123:cluster/foo
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- eu-west-1
- eks
- get-token
- --cluster-name
- foo
command: aws
env: nullyeah samson does not support that syntax ... as per https://github.com/abonas/kubeclient/issues/397 (kubeclient is what samson uses to talk to kubernetes) "use the --token option and also --api-server" ... I guess that means generate a token and put that into the config ... but that will break after 12h I think (when the token expires) so some code like https://github.com/abonas/kubeclient/pull/404/files might help ... but I don't have the time/eks-cluster to tinker with that ... PR welcome if you get it working, otherwise try and see if eks offer any other auth mechanism
thrawny
commented
4 years ago Ye I figured it wouldn't just work as is. Just wanted to make sure. A quick workaround is to put a proxy in front of EKS that does the auth and have samson call the proxy. I have that working, but it's not a long term solution. Will see if I try to make a PR for this. Thx for the input!
jandragsbaek
commented
3 years ago @thrawny Would you mind explainng what you ended up doing? I'm in a similar position to yours.
thrawny
commented
3 years ago You setup a proxy that calls eks and then samson calls the proxy. In my specific case I made a simple golang app. It would just proxy requests to eks including auth headers and so on. Don't expose the proxy externally! When I made it I was hoping it would be a temporary thing but as many things go, it ended up being temporarily permanent.
jandragsbaek
commented
3 years ago @thrawny That sounds neat. Is that something you would be willing to open source? It sounds like something that has potential other use-cases as well 🚀
Documentation about the kubernetes plugin mentions connecting to EKS clusters. I naively tried using the kubeconfig you get using EKS and adding to samson, but I just got an error.
So my question is just; How to solve getting samson to talk to an EKS cluster?