Skip to content
/ aws_auth_eks_crd Public
forked from coveooss/aws_auth_eks_crd

Kubernetes operator to handle configuration of EKS auth by CRD

0 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

we-dcode/aws_auth_eks_crd

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

129 Commits

.github/workflows

.github/workflows

 
 

charts/aws_auth_operator

charts/aws_auth_operator

 
 

ci

ci

 
 

kubernetes

kubernetes

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

conftest.py

conftest.py

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

tox.ini

tox.ini

 
 

Repository files navigation

CRD controller for AWS EKS Authenticator

aws-iam-authenticator recently introduced the possibility to use custom resources to configure roles and user bindings. However, this version of the app is not available in EKS and is not planned to at this moment. So here is an operator to reflect IamIdentityMappings changes in the aws-auth configmap.

Get started

  1. Install poetry
  2. Install the dependencies in a virtual environment poetry install
  3. Add the git pre-commit hook poetry run pre-commit install.
  4. Make your IDE use the virtualenv that was created by poetry.

To run all tests, use poetry run pytest

To manually run all linters, use pre-commit run after staging your changes

NOTE

Every commit will be checked against all linters with pre-commit. If it fails, simply fix the issues, stage new changes, and commit again.

Test Operator

kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py

You can also test the operator locally in a minikube context.

WARNING: Make sure you change your context to minikube before doing these commands.
  1. Create a test config-map kubectl apply -f kubernetes/test/configmap.yaml
  2. Create the IamIdentityMapping crd kubectl apply -f kubernetes/iamidentitymappings.yaml
  3. Inspect the current state of the configmap with kubectl get cm -n kube-system aws-auth -o yaml
  4. Start the operator in minikube kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py
  5. Create, in a different terminal, an IamIdentityMapping kubectl apply -f kubernetes/test/test-iam-rolearn.yaml
  6. Verify the change is applied by the operator in the configmap with kubectl get cm -n kube-system aws-auth -o yaml

Deploy

With kubectl

  • Deploy the CRD definition

kubectl apply -f kubernetes/iamidentitymapping.yaml

  • Deploy the operator

kubectl apply -f kubernetes/auth-operator.yaml

With Kustomize

# Choose a specific ref and tag if needed
REF=master
TAG=0.6.4

cat <<EOF > kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: kube-system

resources:
- https://github.com/coveooss/aws_auth_eks_crd//kubernetes/?ref=$REF

images:
- name: coveo/aws-auth-operator:0.1
  newName: ghcr.io/coveooss/aws_auth_eks_crd
  newTag: $TAG

EOF

# Deploy
kustomize build . | kubectl apply -f -

About

Kubernetes operator to handle configuration of EKS auth by CRD

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 5

aws_auth_operator-0.1.3 Latest
Aug 9, 2023
+ 4 releases

Packages

No packages published

Languages

  • Python 90.7%
  • Smarty 7.1%
  • Dockerfile 2.2%