-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
argo and aws-iam-authenticator #908
Comments
The go-client needs to be updated (among other things). I consider this a priority and will have cycles to work on this beginning next week. |
@jessesuen What is involved with this, are there concerns in supporting a minimal version of Kubernetes, or could one of us pick it up off the shelf and update the client-go dependency & run tests? Would that be helpful? |
We will be exactly compatible with whatever k8s go-client compatibility to the cluster. Luckily, the go-client SDK does a very good job of backwards compatibility from client to server, so moving up versions has never been an issue. The compatibility matrix needs to be published in some official capacity, such as the README.md, and would essentially map the Argo version (which is implicitly some go-client version) to the k8s cluster.
@bwarminski yep that's really all that it takes. I think going from 1.9 to 1.10 is straight forward. I plan to start on this early next week. |
Please when will this change be released? I just downloaded the latest version 2.1.1, am still facing the same issue using an AWS EKS cluster |
Is this a BUG REPORT or FEATURE REQUEST?:
bug report
What happened:
I am using the demo AWS EKS setup created by terraform. It follows the best practices laid out in the AWS tutorial for settings up EKS.
This setup utilizes with aws-iam-authenticator, and argo doesn't seem to play well with it, at least out of the box. Every argo command I run, such as
install
orsubmit
asks for a username and password.kubectl works fine directly, but argo doesn't seem to recognize the user config for my current context in the default kubeconfig (~/.kube/config). Here is a snippet for the user.
However, if I run
aws-iam-authenticator token -i terraform-eks-demo
manually, and copy the token from it. I can get all the argo commands to work by passing the copied token in via the argo --token option. This token only works for 15 minutes, though.In order to avoid the manual step, I've created an argo alias that calls aws-iam-authenticator and grabs the token (using the json query command line tool jq) and then pass it it to argo
alias argot="argo --token $(aws-iam-authenticator token -i terraform-eks-demo | jq -r '.status.token')"
So for anyone having this same issue, the above will get things worked out for now. (it does require installing
jq
). I know EKS is only recently GA, so it seemed possible that not many folks have run into this yet.What you expected to happen:
I expected that argo would work as my kubectl commands do and use the setup in ~/.kube/config
How to reproduce it (as minimally and precisely as possible):
Unfortunately it requires a whole AWS EKS setup, but terraform does make it pretty easy.
https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html
then run
argo install
It asks for a username and password.
Anything else we need to know?:
Link to aws-iam-authenticator repo, formerly heptio-authenticator-aws
Environment:
The text was updated successfully, but these errors were encountered: