kube-forwarder icon indicating copy to clipboard operation
kube-forwarder copied to clipboard

Published 20 hours ago verified publisher icon pixel-point

support multiple AWS profiles

Open asherf opened this issue 4 years ago • 4 comments

Thanks for developing this tool!

I have multiple AWS profile in my AWS configuration (~/.aws/config) I'd love it if Kube Forwarder detected that and allowed my to choose one before it tries to run aws --region XXXXXX eks get-token --cluster-name XXXXX so I can avoid the error message I see in this use case.

asherf avatar Aug 11 '19 02:08 asherf

Hi @asherf, thank you for the feature request! Could you tell me, please, does kubectl do so? If it does, the feature will be more important and will get a higher priority?

proAlexandr avatar Aug 19 '19 06:08 proAlexandr

@proAlexandr I run kubectl from the command line, where I have an AWS_PROFILE environment variable set so it knows which AWS profile to use. this gets set automatically for me using direnv based on the directory I am in. since I start Kube Forwarder from my desktop, it doesn't see this variable.

asherf avatar Aug 19 '19 15:08 asherf

@asherf Am I right the problem is that you have to exec aws --region XXXXXX eks get-token --cluster-name XXXXX each time when you are forwarding ports and the token is expired? Would it help if there had been a field "Before script" in the clusters config (in Kube Forwarder) where you could write the command and it would be executed automatically before forwarding?

For example, if you had "test" cluster with "test-eu" region, you would place aws --region test-eu eks get-token --cluster-name test in the field and the token would be automatically renewed when you are forwarding the resource in Kube Forwarder. In this case, there is no need to implement a complex specific logic for aws.

So, does "Before script" field resolve your issue?

proAlexandr avatar Aug 21 '19 07:08 proAlexandr

@proAlexandr I don't have to do that... I am relatively new to k8s, but I think we use certs in our .kubeconfig so I din't have to keep calling the get-token (probably called it once when I got things setup). I use k8s tools in vscode and that works fine... but keep in mind that I start vscode from the command line (where I have the AWS_PROFILE set).

When I tried running kube-forwarder from the command line with AWS_PROFILE set, everything worked fine... so I think all kube-forwarder needs to do, is to be aware of a ~/.aws/config file and enumerate the profiles there (and potentially use credentials from ~/.aws/credentials

asherf avatar Aug 21 '19 17:08 asherf