[eks] [request]: Programmatic access to Skylens API

[dany74q]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request A programmatic way to access the Skylens API available through the AWS console website (curl -XPOST https://<region>.console.aws.amazon.com/eks/api/skylens -d '{"method":"GET","path":"/clusters/<cluster-name>/k8sapi/api/v1/pods","region":"<region>","params":{"limit":100,"continue":""},"headers":{}}');

This seem to operate as a reverse proxy that directs traffic to a requested EKS cluster, on top of which one could view resources in the AWS console.

Currently, just from a few minutes of tinkering, it seems like the API requires to pass the aws-creds cookie, along with the x-csrf-token header, which makes it difficult to invoke the API programmatically w/o scraping or headless browsers.

It would've been extremely nice if one could've passed an authorization header to this or similar API to talk with public & private clusters in a k8s agnostic way, and with relying on an AWS STS token alone (i.e. w/o modifying the aws-auth configmap per-cluster)

Which service(s) is this request for? EKS

[oleksandr-san]

From what I see, currently, the SkyLens API requires the user (or role) to be added to the aws-auth config map. You can not bypass the EKS RBAC mechanism.

Still, It will be handy to have an endpoint to read resources for clusters with a private EKS control plane programmatically.