EKS
You can use Granted as a kubectl
credential plugin to authenticate to EKS clusters. kubectl
uses a “kubeconfig” file, which is located at ~/.kube/config
by default. To use Granted with EKS, we’ll modify this kubeconfig file.
First, add an entry for your cluster to the kubeconfig file by running
aws eks update-kubeconfig --name <CLUSTER_NAME>
Where <CLUSTER_NAME>
is the name of the EKS cluster you’re trying to connect to. This command will add an entry to your kubeconfig file similar to the below:
users: - name: arn:aws:eks:ap-southeast-2:123456789012:cluster/<CLUSTER_NAME> user: exec: apiVersion: client.authentication.k8s.io/v1beta1 args: - --region - <CLUSTER_REGION> - eks - get-token - --cluster-name - <CLUSTER_NAME> command: aws env: null provideClusterInfo: false
Now, modify the exec
field of this entry to be the following:
- name: arn:aws:eks:ap-southeast-2:123456789012:cluster/<CLUSTER_NAME> user: exec: apiVersion: client.authentication.k8s.io/v1beta1 args: [ "<PROFILE_NAME>", "--exec", "aws --region <CLUSTER_REGION> eks get-token --cluster-name <CLUSTER_NAME>", ] command: assume env: - name: GRANTED_QUIET value: "true" - name: FORCE_NO_ALIAS value: "true" interactiveMode: IfAvailable provideClusterInfo: false
Where <PROFILE_NAME>
is the name of the AWS profile to use, <CLUSTER_REGION>
is the region the EKS cluster is deployed to, and <CLUSTER_NAME>
is the name of the EKS cluster.
Now, run a kubectl
command against the cluster to verify the connection:
kubectl get nodes
The command should print the list of nodes for your cluster.