feat(aws): Install AWS CLI v2, upgrade aws-iam-authenticator, remove s3cmd #6156
Conversation
jervi
changed the title
|
LGTM. @jasonmcintosh you good with this? |
|
Yes though I'd prefer to NOT have it in 1.34 as it'd break kubeconfig with out a good migration path currently documented. The versions currently included SHOULD work with v1beta (aws cli and aws-iam-authenticator) allowing a migration path to v1beta1. Note I believe v1beta1 is also deprecated at this point in time and slated for removal. aws-iam-authenticator in 0.6 removed v1alpha entirely but in older versions supported both exec APIs and aws cli 1.22 SHOULD work with both APIs as well. I'd get 1.34 out first with a docs PR saying "Caution! You need to upgrade your kubeconfig files" then in 1.35 upgrade these to remove the v1alpha1 support. Kube exec API calls pass an env variables exec's can use to determine which API spec to support. Docs PR for reference (which could use some language tweaks) calling out that this will break users: |
| @@ -26,6 +28,18 @@ install_kubectl() { | |||
| fi | |||
| } | |||
|
|
|||
| install_awscli2() { | |||
| curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip" -o "awscliv2.zip" | |||
There was a problem hiding this comment.
Note arch here is wrong - needs to support arch argument to work on ARM instances.
There was a problem hiding this comment.
The postinstall script doesn’t support arm, I just continued down that path
There was a problem hiding this comment.
Hrm, that's... potentially problematic. I need to look at this more then...
There was a problem hiding this comment.
I can fix it if you want. But I don't think anyone has ever installed the package on an ARM instance. We are probably one of the last companies to actually use these packages, and now we're also migrating to k8s. Looking at the script it is also pretty lacking, without support for anything but AWS. But just let me know if you want me to add support for ARM before we merge this.
There was a problem hiding this comment.
wince I'd love ARM support, but you're probably right on lack of usage. That said I've missed stuff like this before and it's bitten me :(
| ./aws/install | ||
| rm -rf ./awscliv2.zip ./aws | ||
|
|
||
| curl "https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${AWS_AIM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${AWS_AIM_AUTHENTICATOR_VERSION}_linux_amd64" -O aws-iam-authenticator |
|
Note looks like v1beta1 is still supported/not deprecated if I've got the right spot https://kubernetes.io/docs/reference/config-api/client-authentication.v1beta1/ though there's a plain v1. I'd have to check on state of v1 support on the cli tools. |
I'm not entirely sure why it fails for me, but running Clouddriver nightly builds (with AWS CLI v1), it fails when using The error I'm getting is: Not sure where it gets That being said, I'm not arguing for this to be in v1.34. I'm fine with it going in 1.35. |
|
Hrmm, I'm thinking I may have missed this - 1.22 is older - Harness (aka armory) has a different build that's running 1.29. Let me do some testing, but it's possible for 1.34 we should bump to 1.29 then note that "alpha1" is deprecated, then 1.35 release with this. |
|
Pointing out here:
|
# Conflicts: # Dockerfile.java11.slim # Dockerfile.java11.ubuntu # Dockerfile.slim # Dockerfile.ubuntu
|
I just tried to use the latest 1.35.2 docker image. I use the Indeed if you go looking in the container: bash: /usr/local/bin/aws: No such file or directory
bash-5.1$ ls -al /usr/local/bin/aws
lrwxrwxrwx 1 root root 37 Aug 20 17:48 /usr/local/bin/aws -> /usr/local/aws-cli/v2/current/bin/aws
bash-5.1$ ls -al /usr/local/aws-cli/v2/current/bin
total 0
drwxr-xr-x 2 root root 38 Aug 20 17:48 .
drwxr-xr-x 4 root root 44 Aug 20 17:48 ..
lrwxrwxrwx 1 root root 11 Aug 20 17:48 aws -> ../dist/aws
lrwxrwxrwx 1 root root 21 Aug 20 17:48 aws_completer -> ../dist/aws_completer
bash-5.1$ ls -al ../dist/aws
ls: ../dist/aws: No such file or directory@jervi I'm wondering if you might have any insight here? |
You're right. Seems like an Alpine Linux problem. An easy workaround is to use |
|
Seems like there are pre-built binaries available for Alpine now: https://pkgs.org/download/aws-cli |
Mind taking a crack at that @jervi ? |
AWS CLI v1 is becoming harder to use with newer Kubernetes versions. If you use
aws eks get-tokenfor EKS authentication instead ofaws-iam-authenticator, you are stuck withapiVersion: client.authentication.k8s.io/v1alpha1, becausev1beta1isn't supported by AWS CLI v1. Upgrading to v2 fixes this.I also removed the
s3cmdtool. I couldn't find a single place outside of the Dockerfiles that referenced this.