kube-aws-iam-controller icon indicating copy to clipboard operation
kube-aws-iam-controller copied to clipboard

Published 20 hours ago verified publisher icon zalando-incubator

Update supported SDKs for JS support

Open mikesir87 opened this issue 5 years ago • 8 comments

The merge of https://github.com/aws/aws-sdk-js/pull/2559 adds support to the JS AWS SDK.

Haven't tried it out yet, but will be doing so shortly. But, theoretically, it should work based on the change notes/pull request.

Signed-off-by: Michael Irwin [email protected]

mikesir87 avatar Sep 14 '20 18:09 mikesir87

I tried this before and it didn't work. However this prompted me to try again and I was able to make it work when setting ALL of these environment variables:

        - name: AWS_SDK_LOAD_CONFIG
          value: "true"
        # must be set for the AWS SDK/AWS CLI to find the credentials file.
        - name: AWS_SHARED_CREDENTIALS_FILE # used by js SDK
          value: /meta/aws-iam/credentials.process
        - name: AWS_CONFIG_FILE
          value: /meta/aws-iam/credentials.process
        - name: AWS_REGION
          value: eu-central-1

I have not check why AWS_SHARED_CREDENTIALS_FILE AND AWS_CONFIG_FILE must be set, but it doesn't work without from my testing.

We need a dedicated section for JS with this information similar to what we have for the other SDKs.

mikkeloscar avatar Sep 15 '20 12:09 mikkeloscar

Sounds great! I can add a dedicated JS section as well.

As a separate question... have you considered extending the controller to serve as a webhook to automatically add the secret mount and add the env vars? Would be awesome to make it mostly invisible to users. Curious on your thoughts...

mikesir87 avatar Sep 16 '20 15:09 mikesir87

Sounds great! I can add a dedicated JS section as well.

Thanks!

As a separate question... have you considered extending the controller to serve as a webhook to automatically add the secret mount and add the env vars? Would be awesome to make it mostly invisible to users. Curious on your thoughts...

Definitely makes sense. We have not invested in this because we're looking more into adopting the solution from EKS at this point, but we would welcome contributions adding this. One thing which I'm not 100% sure about is if some of the environment variables will conflict cross SDKs, then it's harder to just inject the settings in a webhook, because you need to know which SDK is in use.

mikkeloscar avatar Sep 16 '20 16:09 mikkeloscar

We have not invested in this because we're looking more into adopting the solution from EKS at this point, but we would welcome contributions adding this.

Yeah... we started with this route, but are running clusters not in EKS (either in AWS with a k8s platform or potentially even on-prem). And, trying to figure out how to get all of the pieces working has been tricky, which is why I looked for others and found this one. It's pretty straight forward and easy to understand what's going on.

One thing which I'm not 100% sure about is if some of the environment variables will conflict cross SDKs

Yeah... that was one of my worries too. Might be something that could be tested to figure out.

Anywho... I'll stop chatting about that here as it deserves its own issue/discussion thread. I'll update the MR for ya shortly 👍

mikesir87 avatar Sep 16 '20 16:09 mikesir87

Alrighty... I've added the snippet for the JS SDK. I didn't include a link to an example repo, as I couldn't find one. But, I did find a docker image for a js example and didn't see anything crazy in the app.js that would warrant reminders/additional setup.

mikesir87 avatar Sep 16 '20 20:09 mikesir87

@mikesir87 I pushed the example repo here: https://github.com/mikkeloscar/kube-aws-iam-controller-js-example

mikkeloscar avatar Sep 17 '20 09:09 mikkeloscar

And added the link to the repo. Thanks for making and pushing that 👍

mikesir87 avatar Sep 17 '20 13:09 mikesir87

:+1:

mikkeloscar avatar Sep 17 '20 13:09 mikkeloscar