Skip to content
/ aws_auth_eks_crd Public

Kubernetes operator to handle configuration of EKS auth by CRD

7 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

coveooss/aws_auth_eks_crd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

189 Commits

.github

.github

 
 

kubernetes

kubernetes

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

catalog-info.yaml

catalog-info.yaml

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

CRD controller for AWS EKS Authenticator

aws-iam-authenticator introduced the possibility to use custom resources to configure roles and user bindings. However, this version of the app was not available in EKS. So here is an operator to reflect IamIdentityMappings changes in the aws-auth configmap.

2024 update: Amazon EKS team has improved the cluster authentication (AuthN) and authorization (AuthZ) user experience with improved cluster access management controls. This operator is now deprecated. See this and the official announcement.

Get started

Language: Python 3.12+

Step 1: Configure your Python environment

  1. Install pyenv to manage your Python environment
  2. Install Python 3.12
  pyenv install 3.12
  1. In the repository, switch to the chosen Python version
  pyenv local 3.12

Step 2: Install Coveo Stew dependencies (CI)

  1. Install pipx
  2. Install Poetry
  3. Install Stew

Step 3: Install Python dependencies

  1. Open a pyenv shell for the correct python version
pyenv shell 3.12
  1. Configure Poetry to use our Python version
poetry env use $(pyenv which python)
  1. Install the dependencies with Poetry for the first time.
poetry install
  1. Run Stew.
stew ci

Step 4: Set up PyCharm's environment

  1. Find the path of the virtual environment created by Poetry:
  poetry env info
  1. Set that poetry environment as your PyCharm virtual environment for the project

Test Operator

kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py

You can also test the operator locally in a minikube context.

WARNING: Make sure you change your context to minikube before doing these commands.
  1. Create a test config-map kubectl apply -f kubernetes/test/configmap.yaml
  2. Create the IamIdentityMapping crd kubectl apply -f kubernetes/iamidentitymappings.yaml
  3. Inspect the current state of the configmap with kubectl get cm -n kube-system aws-auth -o yaml
  4. Start the operator in minikube kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py
  5. Create, in a different terminal, an IamIdentityMapping kubectl apply -f kubernetes/test/test-iam-rolearn.yaml
  6. Verify the change is applied by the operator in the configmap with kubectl get cm -n kube-system aws-auth -o yaml

Deploy

With kubectl

  • Deploy the CRD definition

kubectl apply -f kubernetes/iamidentitymapping.yaml

  • Deploy the operator

kubectl apply -f kubernetes/auth-operator.yaml

With Kustomize

# Choose a specific ref and tag if needed
REF=master
TAG=0.8.1

cat <<EOF > kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: kube-system

resources:
- https://github.com/coveooss/aws_auth_eks_crd//kubernetes/?ref=$REF

images:
- name: coveo/aws-auth-operator:0.1
  newName: ghcr.io/coveooss/aws_auth_eks_crd
  newTag: $TAG

EOF

# Deploy
kustomize build . | kubectl apply -f -

About

Kubernetes operator to handle configuration of EKS auth by CRD

Resources

Readme
Activity
Custom properties

Stars

7 stars

Watchers

5 watching

Forks

11 forks
Report repository

Releases 8

0.9.0 Latest
May 21, 2024
+ 7 releases

Packages 1

 

Contributors 14

Languages