Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-iam-authenticator binary not included in Docker image for AWS EKS Cluster with IAM #51

Open
epowell opened this issue Jun 15, 2023 · 1 comment
Open

aws-iam-authenticator binary not included in Docker image for AWS EKS Cluster with IAM #51

epowell opened this issue Jun 15, 2023 · 1 comment

Comments

@epowell
Copy link

epowell commented Jun 15, 2023

Similar to issue #49 , but for AWS EKS.

When you connect to an Elastic Kubernetes Service (EKS) cluster using IAM and an SSO provider, the ~/.kube/config file will use aws-iam-authenticator in the command resulting in the following error:

$ ./k8sviz.sh
...
getting credentials: exec: executable aws-iam-authenticator not found

I added these commands to the Dockerfile locally, referencing the AWS instructions here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html

diff --git a/Dockerfile b/Dockerfile
index daeade8..b0f71de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,17 @@ FROM vanilla AS aws
 RUN apk add --no-cache \
         python3 \
         py3-pip \
+        curl \
     && pip3 install --upgrade pip \
     && pip3 install \
         awscli \
     && rm -rf /var/cache/apk/*

+RUN curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 \
+    && chmod +x ./aws-iam-authenticator \
+    && mv ./aws-iam-authenticator /bin/aws-iam-authenticator
+
+
 FROM vanilla AS gcloud
 RUN apk add --no-cache \
         python3 \

However, this is not enough for my host's kube config to be used - it needs cached credentials from the .kube directory, in addition to the ~/.kube/config file. So I changed the docker run command to mount the config directory in its entirety:

diff --git a/k8sviz.sh b/k8sviz.sh
index 014d28d..b1fa26a 100755
--- a/k8sviz.sh
+++ b/k8sviz.sh
@@ -69,7 +69,7 @@ fi
 docker run --network host                                    \
   --user $(id -u):$(id -g)                                   \
   -v ${ABSDIR}:/work                                         \
-  -v ${KUBECONFIG}:/config:ro                                \
+  -v ${ABSKUBEDIR}:/.kube:ro                                  \
   -it --rm ${FLAGS_image}                                    \
-  /k8sviz -kubeconfig /config                                \
+  /k8sviz -kubeconfig /.kube/${KUBEFILE}                      \
   -n ${FLAGS_namespace} -t ${FLAGS_type} -o /work/${FILENAME}

After this, I am successfully able to run k8sviz from my local machine!
@jadiaheno
Copy link

jadiaheno commented Jul 23, 2024
edited
Loading

hey @epowell do you have a branch somewhere that i can pull?

edit: Just build the container with target --target: aws

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@epowell @jadiaheno