aws-iam-authenticator support added

[ahmetrehaseker]

I want to use click via Amazon EKS therefore i implement authentication method for eks.

[mustafaakin]

We need it a lot

[nicklan]

Thanks for this! Will have a look over in the near future.

[nicklan]

Okay, I've had a look over this and want to get this support in. A couple of concerns i have:

• It seems like we would call the command for every time we talk to the api-server, which is inefficient, since the token is valid for 15 minutes. I think we should cache it and update it only when needed
• This is similar to AuthProvider already does. It would be great if we could combine Exec and AuthProvider to support both use cases.

Lemme know what you think. I can probably have a chance to make the above changes in the nearish future too, based on what you have here, or you can :)

[maver1ck]

Hi,
Any progress on this task ?

[ahmetrehaseker]

I have very little knowledge in rust, I want to do it but it will take time. any help would be great :)

[keramblock]

Hi, is there any progress?

[slyoldfox]

I have also no knowledge in rust but as @nicklan said - the current code "read" okay to me. The only issue being that it should cache the token.
Which makes me actually start to wonder where it stores the token when I use it through kubectl?

Anyway if you really want to use click in the meantime, you can use the following workaround:

Create a new context in your config file, append -token to the name and do the same for the user.
After you authenticated with aws-adfs, fetch your token from command line with:
$ aws-iam-authenticator token -i eks-clustername

You can also use $ aws eks get-token --cluster-name eks-clustername if you have a recent awscli version.

Copy paste the token inside your user yaml part like this:
`

• name: eks-clustername-token
  user:
  token: "k8s-aws-v1.ozijfzoijfoigjeriogjergioergjeoirgj"
  `
  Now you should be able to use this context (eks-clustername-token).
  I know it's convoluted, but I'm sure a quick bash script could help with the search and replace inside your .kube/config so you don't have to copy/paste it anymore.
  I will see if i can script something to help with this, until the caching part is fixed and this lands in click.

[kirikaza]

@ahmetrehaseker you can minimise conflicts if you avoid mixing meaningful changes (like new feature or a bug fix) and cosmetic changes (like reformatting).

[nicklan]

I believe this is provided now by what I merged in #129. If anyone who is interested in EKS auth could try that out, that would be great. I tested by adding the cluster to my config via aws eks update-kubeconfig --name cluster-name and then just running click and it worked.

[nicklan]

closing as this functionality exists and works (afaict)