How to use kubernetes go-client on amazon eks service?

Question

I've been looking for documentation for a long time and still couldn't find any clear connection procedure. I came up with this code sample :

package aws

import (
    "fmt"
    "net/http"

    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/eks"
    "github.com/joho/godotenv"
)
func Connect() {
    godotenv.Load(".env")
    session := session.Must(session.NewSession())
    svc := eks.New(session)
    clusters, err := svc.ListClusters(&eks.ListClustersInput{})
    if err != nil {
        fmt.Println(err.Error())
    }
    fmt.Println(clusters)
}

i mean, this still returns a 403 forbidden error because of env variable mess, but the code is valid i guess. My question is, having this connection established : how to convert this svc variable into the *kubernetes.Clientset one from the go driver ?

score 3 · Accepted Answer · answered Aug 30 '21 at 05:45

3

Have you had a look at the client-go example on how to authenticate in-cluster?

Code that authenticate to the Kubernetes API typically start like this:

    // creates the in-cluster config
    config, err := rest.InClusterConfig()
    if err != nil {
        panic(err.Error())
    }
    // creates the clientset
    clientset, err := kubernetes.NewForConfig(config)
    if err != nil {
        panic(err.Error())
    }

answered Aug 30 '21 at 05:45

Jonas

121,568
97
310
388

Does the in-cluster part mean that the controller app will have to be hosted inside the cluster I'm trying to connect to ? Can't i connect from an external controller ? – raphael.oester Aug 30 '21 at 05:53
1

You can see an out-of-cluster authentication here: https://github.com/kubernetes/client-go/blob/master/examples/out-of-cluster-client-configuration/main.go#L44-L62 – Jonas Aug 30 '21 at 05:56
Right, saw this right after posting ^^' Thanks for your time mate – raphael.oester Aug 30 '21 at 06:00
Actually i still get the 403 unauthorized error. And that's pretty logical knowing that i didn't enter my access keys anywhere, and that the ~/.kube/config doesn't contain them either. Do you know where i might be able to set them up ? – raphael.oester Aug 30 '21 at 06:25
If you try locally, you must first authenticate so that you can use kubectl against your cluster. The code is using the same credentials. – Jonas Aug 30 '21 at 06:38
1

@rrrrr you need to generate acccess keys first and configure your aws cli and then you need to run the following command to generate ~/.kube/config aws eks --region update-kubeconfig --name you can refer this link for more information https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html – Amjad Hussain Syed Aug 30 '21 at 07:51
Yeah actually it was just because i kept loading an old .env file with wrong credentials ^^' – raphael.oester Sep 02 '21 at 10:08

score 0 · Answer 2 · answered Aug 30 '21 at 07:48

I use the following code to automatically detect where its running from local machine or any kubernetes cluster.

var config *rest.Config
    if _, err := os.Stat("/var/run/secrets/kubernetes.io/serviceaccount/token"); err == nil {
        config, err = rest.InClusterConfig()
        if err != nil {
            log.Fatal(err)
        }
    } else if os.IsNotExist(err) {
        config, err = clientcmd.BuildConfigFromFlags("", *kubeConfig)
        if err != nil {
            log.Fatal("No serviceaccount mounted or -kubeconfig flag passed or .kube/config file \n " ,err)
        }
    }
    // Create an rest client not targeting specific API version
    clientSet, err := kubernetes.NewForConfig(config)
    if err != nil {
        log.Fatal(err)
    }

score 0 · Answer 3 · answered May 26 '23 at 04:11

This post will be useful if you had a workflow to get kubeconfig from aws eks update-kubeconfig cluster_name --kubeconfig=/my/path/file and then pass the kubeconfig to kubectl --kubeconfig=/my/path/file and now want to do the same using aws sdk and go k8s client library.

How to use kubernetes go-client on amazon eks service?

3 Answers3