Search code examples
amazon-web-servicesamazon-eksaws-sdk-go

Unable to obtain kubeconfig of an AWS EKS cluster in Go code


I have created an AWS EKS cluster. In order to obtain its kubeconfig, I usually run aws eks update-kubeconfig --name cluster-name --region us-west-2 using a shell.

However, I now wish to obtain the kubeconfig in Go without having to run anything in the shell (the goal being to create and then manipulate an EKS cluster in a Go test). I am able to describe an EKS cluster using this code:

package main

import (
    "fmt"

    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/eks"
)

func main() {
    sess := session.Must(session.NewSession(&aws.Config{
        Region: aws.String("us-west-2"),
    }))
    eksSvc := eks.New(sess, aws.NewConfig().WithRegion("us-west-2"))


    clusterOutput, err := eksSvc.DescribeCluster(&eks.DescribeClusterInput{
        Name: aws.String("cluster-name"),
    })
    if err != nil {
        panic(err)
    }
    fmt.Printf("%#v\n", clusterOutput)
}

After that, I currently have no idea about how could I get the kubeconfig of that cluster in order to then use it with the Go client for Kubernetes without having to use aws eks separately.

I have checked the AWS documentation, AWS CLI codebase, and eksctl codebase with no luck so far. The connection to an EKS cluster is only documented in this webpage and it uses a shell: https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-connection/

Any ideas?


Solution

  • The general flow goes something like this:

    1. DescribeCluster (as you have done) and extract some necessary data
    2. Using the necessary data, get a token using aws-iam-authenticator's package token
    3. Using that token, create a Kubernetes clientset with the help of client-go.
    package main
    
    import (
        "encoding/base64"
        "log"
    
        "github.com/aws/aws-sdk-go/aws"
        "github.com/aws/aws-sdk-go/aws/session"
    
        "github.com/aws/aws-sdk-go/service/eks"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "k8s.io/client-go/kubernetes"
        "k8s.io/client-go/rest"
    
        "sigs.k8s.io/aws-iam-authenticator/pkg/token"
    )
    
    func newClientset(cluster *eks.Cluster) (*kubernetes.Clientset, error) {
        log.Printf("%+v", cluster)
        gen, err := token.NewGenerator(true, false)
        if err != nil {
            return nil, err
        }
        opts := &token.GetTokenOptions{
            ClusterID: aws.StringValue(cluster.Name),
        }
        tok, err := gen.GetWithOptions(opts)
        if err != nil {
            return nil, err
        }
        ca, err := base64.StdEncoding.DecodeString(aws.StringValue(cluster.CertificateAuthority.Data))
        if err != nil {
            return nil, err
        }
        clientset, err := kubernetes.NewForConfig(
            &rest.Config{
                Host:        aws.StringValue(cluster.Endpoint),
                BearerToken: tok.Token,
                TLSClientConfig: rest.TLSClientConfig{
                    CAData: ca,
                },
            },
        )
        if err != nil {
            return nil, err
        }
        return clientset, nil
    }
    
    func main() {
        name := "wonderful-outfit-1583362361"
        region := "us-east-2"
        sess := session.Must(session.NewSession(&aws.Config{
            Region: aws.String(region),
        }))
        eksSvc := eks.New(sess)
    
        input := &eks.DescribeClusterInput{
            Name: aws.String(name),
        }
        result, err := eksSvc.DescribeCluster(input)
        if err != nil {
            log.Fatalf("Error calling DescribeCluster: %v", err)
        }
        clientset, err := newClientset(result.Cluster)
        if err != nil {
            log.Fatalf("Error creating clientset: %v", err)
        }
        nodes, err := clientset.CoreV1().Nodes().List(metav1.ListOptions{})
        if err != nil {
            log.Fatalf("Error getting EKS nodes: %v", err)
        }
        log.Printf("There are %d nodes associated with cluster %s", len(nodes.Items), name)
    }
    

    Here's my go.mod for versions:

    module github.com/swoldemi/sandbox
    
    go 1.14
    
    require (
        github.com/aws/aws-sdk-go v1.29.19
        k8s.io/apimachinery v0.0.0-20190612125636-6a5db36e93ad
        k8s.io/client-go v0.0.0-20190425172711-65184652c889
        sigs.k8s.io/aws-iam-authenticator v0.5.0
    )