Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix generating EKS token #838

Merged
merged 1 commit into from
Jan 6, 2025
Merged

Fix generating EKS token #838

merged 1 commit into from
Jan 6, 2025

Conversation

mikkeloscar
Copy link
Contributor

This fixes getting a correct token for EKS clusters such that CLM can authenticate to an EKS cluster cross account.

This broke in #834 as the aws-iam-authenticator library was updated and the call was changed to not pass the existing session.

The problem was that when not passing the session, it falls back to setup a session from the current environment. When CLM is running centrally the current environment is an IAM role in the central account instead of an assumed role in the target account which has access to the targeted EKS cluster. The fix is to get a token in a way where we use the assumed role session to setup an STS client. Other API calls were removed from the upstream library in kubernetes-sigs/aws-iam-authenticator#750

@mikkeloscar
Fix generating EKS token
823d930 
Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@mikkeloscar
Copy link
Contributor Author

👍

1 similar comment
@zaklawrencea
Copy link
Member

👍

@mikkeloscar mikkeloscar merged commit 3ca2d0b into master Jan 6, 2025
10 checks passed
@mikkeloscar mikkeloscar deleted the fix-eks-token branch January 6, 2025 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikkeloscar @zaklawrencea