Everton
Reputation: 13825
How to create kubernetes client with go sdk for AWS EKS with automatic token refresh
I am using the function newClientset below to create a clientset to send requests to api-server of an AWS EKS cluster.
Arguments clusterCAData and clusterEndpoint are retrieved dynamically by the caller from EKS API DescribeCluster. That dynamic information is not available from kubeconfig. Also, this is an out-of-cluster application that needs to communicate with api-server.
The function works correctly, but it is unable to automatically renew/refresh the token. How to modify it to support automatic token renewal?
If you want to build/run a simple test application using this code, find one here: https://github.com/udhos/eks/blob/main/cmd/eksclient-example/main.go
import (
"encoding/base64"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"sigs.k8s.io/aws-iam-authenticator/pkg/token"
)
// newClientset creates kubernetes client.
// FIXME WRITEME TODO XXX Refresh/renew token automatically.
func newClientset(clusterName, clusterCAData, clusterEndpoint string) (*kubernetes.Clientset, error) {
gen, err := token.NewGenerator(true, false)
if err != nil {
return nil, err
}
opts := &token.GetTokenOptions{
ClusterID: clusterName,
}
tok, err := gen.GetWithOptions(opts)
if err != nil {
return nil, err
}
ca, err := base64.StdEncoding.DecodeString(clusterCAData)
if err != nil {
return nil, err
}
clientset, err := kubernetes.NewForConfig(
&rest.Config{
Host: clusterEndpoint,
// FIXME WRITEME TODO XXX
//
// Refresh/renew token automatically.
BearerToken: tok.Token,
TLSClientConfig: rest.TLSClientConfig{
CAData: ca,
},
},
)
if err != nil {
return nil, err
}
return clientset, nil
}
Upvotes: 2
Views: 198