Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support MFA/Short term credentials when connecting to clusters #2721

Open
jasday opened this issue Dec 23, 2024 · 2 comments
Open

Support MFA/Short term credentials when connecting to clusters #2721

jasday opened this issue Dec 23, 2024 · 2 comments
Labels
desktop Issues related to the desktop EKS Related to Amazon Elastic Kubernetes Service enhancement New feature or request

Comments

@jasday
Copy link

jasday commented Dec 23, 2024

Is your feature request related to a problem? Please describe the impact that the lack of the feature requested is creating.

Currently, I use short term credentials generated by awsume to connect to my EKS clusters, with access based on IAM Roles. I haven't been able to get this working nicely though kubeconfig when I have multiple profiles (although if anyone has any suggestions I'm open to ideas)

Describe the solution you'd like

Allow the option for a pre-authentication command in the terminals that pop up when authenticating with AWS. When using awsume, this would put the appropriate aws credentials in environment variables that can be used by aws eks get-token. It would also prompt for an MFA code in the terminal window.

What users will benefit from this feature?

Only users of the desktop app - mainly cloud service users that have a MFA requirement for connecting to clusters, or anyone that needs to provide additional parameters before calling their provider (for example, proxy settings).

Are you able to implement this feature?

Yes, if someone can give me some pointers to where I should be looking to make a start

Additional context

Somewhat related to #2623, as each would need to be authenticated separately/would need different pre-auth commands based on profile. Perhaps a setting that instead of automatically attempting to connect to clusters, each will show a button that allows users to manually decide when they want to authenticate to a cluster? This would also prevent x MFA attempts when first booting the application if you have lots of clusters.
@jasday jasday added the enhancement New feature or request label Dec 23, 2024
@dosubot dosubot bot added desktop Issues related to the desktop EKS Related to Amazon Elastic Kubernetes Service labels Dec 23, 2024
@joaquimrocha
Copy link
Collaborator

@jasday If the command you need to run can be run as part of the exec in kubeconfig, AND we add that toggle for not connecting by default to all clusters but allowing for them to be connected individually, would it solve this problem?

@jasday
Copy link
Author

jasday commented Jan 29, 2025

Hey @joaquimrocha, yes that could solve the problem - I am using awsume and have been having trouble getting it to work via the exec config (although would rather not do it via this method as I think it could interfere with when i use the cli for access), but happy to wait for this feature to be released to see if i can work with it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
desktop Issues related to the desktop EKS Related to Amazon Elastic Kubernetes Service enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joaquimrocha @jasday