Skip to content

v2.5.0 update `set-cluster` and `eks-update-kubeconfig` commands

Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 16 Aug 21:43
beaeabd

🚀 Enhancements

Update eks-update-kubeconfig for tenant and aws-teams support @Nuru (#873)

what

  • Update eks-update-kubeconfig (and, indirectly, set-cluster) to support Tenants and new aws-teams configuration

why

  • Improved compatibility with current Cloud Posse reference architecture

usage and other support notes

The Geodesic set-cluster and eks-update-kubeconfig commands are helpers that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. While admittedly brittle and somewhat complex, please keep in mind they are completely optional shortcuts that you are in no way forced to use if you do not like them. They are simply shortcuts to manage multiple KUBECONFIG files and build the full command, which you can use directly:

aws --profile <profile in cluster's account> --region <cluster region> eks update-kubeconfig --name=<cluster name>

The full set-cluster command is

set-cluster <cluster short name> <role short name>

The cluster short name is [tenant-]environment-stage which expands to namespace-[tenant-]-environment-stage-eks-cluster. If your cluster name does not follow this pattern, you can set a new pattern with EKS_CLUSTER_NAME_PATTERN but it is admittedly unwieldy.

The role short name is something like "admin" or "terraform" and is expected to be the suffix to an AWS config profile prefix of namespace-[tenant-]-gbl-stage-. So, for example, with NAMESPACE=eg and a Tenant named core:

set-cluster core-use1-dev developer

Would set up the eg-core-use1-dev-eks-cluster to be accessed by the eg-core-gbl-dev-developer profile.

The previous default role name is whatever role name you currently had. Now that we encourage aws-teams to use managers and devops as team names, this is no longer appropriate. The new default role name is admin, but this can be changed via the environment variable EKS_DEFAULT_AWS_ROLE.

Users using "tenant" labels can set a default Tenant value via export TENANT.

Other configuration is possible via environment variables; see the source at

  • rootfs/usr/local/bin/eks-update-kubeconfig
  • rootfs/etc/profile.d/set-cluster.sh

roadmap and other support notes

The Geodesic set-cluster and eks-update-kubeconfig are helper functions that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. They do so by making a lot of assumptions about the name of the cluster, the structure of the name of the cluster, the name of available AWS "profiles", and the desired profile to use. This update is an interim update to better support recent changes in the Cloud Posse reference architecture.

These commands will never be fully general purpose. If you are not following Cloud Posse conventions, or even if you are but are using blue/green deployments, these commands may not work for you. Cloud Posse is NOT committed to making them more broadly usable. You can use them as starting points for your own shortcuts.