k8sviz icon indicating copy to clipboard operation
k8sviz copied to clipboard

Published 20 hours ago verified publisher icon mkimuram

Discuss whether AWS SDK needs to be bundled

Open skaffille opened this issue 4 years ago • 10 comments
trafficstars

In the line with #29

RUN apk add --no-cache \
        python3 \
        py3-pip \
    && pip3 install --upgrade pip \
    && pip3 install \
        awscli \
    && rm -rf /var/cache/apk/*

skaffille avatar Aug 24 '21 06:08 skaffille

@skaffille

Thank you for opening this issue.

Could you explain why AWS SDK will be needed, like how it is used in k8sviz for which purpose?

mkimuram avatar Aug 24 '21 17:08 mkimuram

I bumped into this myself using the AWS auth method for EKS. Its a specific use case where proxies the user identity call through the aws cli. The error looks something like this:

Failed to get namespace "default": Get "https://my-cluster-id-string.us-east-1.eks.amazonaws.com/api/v1/namespaces/default": getting credentials: exec: exec: "aws": executable file not found in $PATH

Since the command executes in a container the container must have the aws cli installed in order to authn to the cluster.

2tim avatar Aug 25 '21 16:08 2tim

You could work around this by creating a kube service account and generating a kubeconfig file that has the embedded token for authn in the file then passing it to the script as your kubeconfig file. I'm planning on trying this now.

2tim avatar Aug 25 '21 16:08 2tim

@2tim

Thank you for your explanation. I didn't know this use case and very good to know it. I understand the documents for them are as follows:

I bumped into this myself using the AWS auth method for EKS. Its a specific use case where proxies the user identity call through the aws cli.

https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html

You could work around this by creating a kube service account and generating a kubeconfig file that has the embedded token for authn in the file then passing it to the script as your kubeconfig file.

https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html

I'm planning on trying this now.

Thank you very much for working on it. I will wait for your report. Also, I will consider whether handling above use case directly will be good to go (I still need to understand the detail and need to check whether this kind of commands are allowed to be included in the container images and to be distributed publicly).

mkimuram avatar Aug 25 '21 16:08 mkimuram

@skaffille @2tim

Created #44 to provide a way to include AWS SDK. Could you give feedback if it would be of help (and test if the image built with the command works well, if possible)?

mkimuram avatar Sep 20 '21 17:09 mkimuram

Merged #44. I hope that below works for environments that requires AWS SDK:

$ DEVEL_IMAGE=mkimuram/k8sviz DEVEL_TAG=$(cat version.txt) TARGET=aws make image-build

And below works for Google cloud SDK:

 $ DEVEL_IMAGE=mkimuram/k8sviz DEVEL_TAG=$(cat version.txt) TARGET=gcloud make image-build

mkimuram avatar Jun 06 '22 15:06 mkimuram

@mkimuram i am going to try that and let you know thank you

Sreddy-gs avatar Jun 06 '22 15:06 Sreddy-gs

@mkimuram Getting this error "Unable to locate credentials. You can configure credentials by running "aws configure". Failed to get namespace "default": Get "https://7*/default": getting credentials: exec: executable aws failed with exit code 255", though i have passed aws credentials to the docker image

May be need to have more parameters in shell script to add aws credentials

Sreddy-gs avatar Jun 06 '22 17:06 Sreddy-gs

@Sreddy-gs Yes, Maybe something like below will be needed around here.

-v ~/.aws/config:/awsconfig:ro
-e AWS_CONFIG_FILE=/awsconfig

Could you try?

mkimuram avatar Jun 06 '22 18:06 mkimuram

@mkimuram that worked :) thank you

Sreddy-gs avatar Jun 06 '22 19:06 Sreddy-gs