Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argo and aws-iam-authenticator #908

Closed
zaptim opened this issue Jul 16, 2018 · 4 comments
Closed

argo and aws-iam-authenticator #908

zaptim opened this issue Jul 16, 2018 · 4 comments

Comments

@zaptim
Copy link

zaptim commented Jul 16, 2018

Is this a BUG REPORT or FEATURE REQUEST?:
bug report

What happened:
I am using the demo AWS EKS setup created by terraform. It follows the best practices laid out in the AWS tutorial for settings up EKS.
This setup utilizes with aws-iam-authenticator, and argo doesn't seem to play well with it, at least out of the box. Every argo command I run, such as install or submit asks for a username and password.
kubectl works fine directly, but argo doesn't seem to recognize the user config for my current context in the default kubeconfig (~/.kube/config). Here is a snippet for the user.

- name: tfaws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - terraform-eks-demo
      command: aws-iam-authenticator
      env: null

However, if I run aws-iam-authenticator token -i terraform-eks-demo manually, and copy the token from it. I can get all the argo commands to work by passing the copied token in via the argo --token option. This token only works for 15 minutes, though.

In order to avoid the manual step, I've created an argo alias that calls aws-iam-authenticator and grabs the token (using the json query command line tool jq) and then pass it it to argo

alias argot="argo --token $(aws-iam-authenticator token -i terraform-eks-demo | jq -r '.status.token')"

So for anyone having this same issue, the above will get things worked out for now. (it does require installing jq). I know EKS is only recently GA, so it seemed possible that not many folks have run into this yet.

What you expected to happen:
I expected that argo would work as my kubectl commands do and use the setup in ~/.kube/config

How to reproduce it (as minimally and precisely as possible):
Unfortunately it requires a whole AWS EKS setup, but terraform does make it pretty easy.
https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html

then run argo install
It asks for a username and password.

Anything else we need to know?:
Link to aws-iam-authenticator repo, formerly heptio-authenticator-aws
Environment:

  • Argo version:
$ argo version
argo: v2.1.1
  BuildDate: 2018-05-29T20:38:37Z
  GitCommit: ac241c95c13f08e868cd6f5ee32c9ce273e239ff
  GitTreeState: clean
  GitTag: v2.1.1
  GoVersion: go1.9.3
  Compiler: gc
  Platform: darwin/amd64
  • Kubernetes version :
$ kubectl version -o yaml
clientVersion:
  buildDate: 2018-05-21T09:17:39Z
  compiler: gc
  gitCommit: 2bba0127d85d5a46ab4b778548be28623b32d0b0
  gitTreeState: clean
  gitVersion: v1.10.3
  goVersion: go1.9.3
  major: "1"
  minor: "10"
  platform: darwin/amd64
serverVersion:
  buildDate: 2018-05-28T20:13:43Z
  compiler: gc
  gitCommit: 2bba0127d85d5a46ab4b778548be28623b32d0b0
  gitTreeState: clean
  gitVersion: v1.10.3
  goVersion: go1.9.3
  major: "1"
  minor: "10"
  platform: linux/amd64
@jessesuen
Copy link
Member

The go-client needs to be updated (among other things). I consider this a priority and will have cycles to work on this beginning next week.

@bwarminski
Copy link

@jessesuen What is involved with this, are there concerns in supporting a minimal version of Kubernetes, or could one of us pick it up off the shelf and update the client-go dependency & run tests? Would that be helpful?

@jessesuen
Copy link
Member

are there concerns in supporting a minimal version of Kubernetes

We will be exactly compatible with whatever k8s go-client compatibility to the cluster. Luckily, the go-client SDK does a very good job of backwards compatibility from client to server, so moving up versions has never been an issue.

The compatibility matrix needs to be published in some official capacity, such as the README.md, and would essentially map the Argo version (which is implicitly some go-client version) to the k8s cluster.

could one of us pick it up off the shelf and update the client-go dependency & run tests? Would that be helpful?

@bwarminski yep that's really all that it takes. I think going from 1.9 to 1.10 is straight forward. I plan to start on this early next week.

@jessesuen jessesuen mentioned this issue Jul 26, 2018
Closed
@infinitydon
Copy link

Please when will this change be released? I just downloaded the latest version 2.1.1, am still facing the same issue using an AWS EKS cluster

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bwarminski @infinitydon @jessesuen @zaptim