Amazon EKS:通过 python 脚本生成/更新 kubeconfig [英] Amazon EKS: generate/update kubeconfig via python script

问题描述

在使用 Amazon 的 K8s 产品(EKS 服务)时，您有时需要将 Kubernetes API 和配置连接到 AWS 内建立的基础设施.尤其是我们需要一个 kubeconfig 具有正确的凭据和 URL 来连接到 EKS 提供的 k8s 控制平面.

When using Amazon's K8s offering, the EKS service, at some point you need to connect the Kubernetes API and configuration to the infrastructure established within AWS. Especially we need a kubeconfig with proper credentials and URLs to connect to the k8s control plane provided by EKS.

亚马逊命令行工具 aws 为该任务提供了一个例程

The Amazon commandline tool aws provides a routine for this task

aws eks update-kubeconfig --kubeconfig /path/to/kubecfg.yaml --name <EKS-cluster-name>

问题:通过 Python/boto3 做同样的事情

查看 Boto API 文档时，我似乎无法找到上述 aws 例程的等效项.可能我看错地方了.

Question: do the same through Python/boto3

When looking at the Boto API documentation, I seem to be unable to spot the equivalent for the above mentioned aws routine. Maybe I am looking at the wrong place.

• boto 中是否有现成的函数来实现这一点?
• 否则，您将如何直接在 Python 中处理此问题(除了在子进程中调用 aws)?

• is there a ready-made function in boto to achieve this?
• otherwise how would you approach this directly within python (other than calling out to aws in a subprocess)?

推荐答案

没有方法函数可以做到这一点，但你可以像这样自己构建配置文件:

There isn't a method function to do this, but you can build the configuration file yourself like this:

# Set up the client
s = boto3.Session(region_name=region)
eks = s.client("eks")

# get cluster details
cluster = eks.describe_cluster(name=cluster_name)
cluster_cert = cluster["cluster"]["certificateAuthority"]["data"]
cluster_ep = cluster["cluster"]["endpoint"]

# build the cluster config hash
cluster_config = {
        "apiVersion": "v1",
        "kind": "Config",
        "clusters": [
            {
                "cluster": {
                    "server": str(cluster_ep),
                    "certificate-authority-data": str(cluster_cert)
                },
                "name": "kubernetes"
            }
        ],
        "contexts": [
            {
                "context": {
                    "cluster": "kubernetes",
                    "user": "aws"
                },
                "name": "aws"
            }
        ],
        "current-context": "aws",
        "preferences": {},
        "users": [
            {
                "name": "aws",
                "user": {
                    "exec": {
                        "apiVersion": "client.authentication.k8s.io/v1alpha1",
                        "command": "heptio-authenticator-aws",
                        "args": [
                            "token", "-i", cluster_name
                        ]
                    }
                }
            }
        ]
    }

# Write in YAML.
config_text=yaml.dump(cluster_config, default_flow_style=False)
open(config_file, "w").write(config_text)

这篇关于Amazon EKS:通过 python 脚本生成/更新 kubeconfig的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！