Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow profiles to be specified #94

Closed
asobrien opened this issue Jun 7, 2018 · 3 comments
Closed

Allow profiles to be specified #94

asobrien opened this issue Jun 7, 2018 · 3 comments

Comments

@asobrien
Copy link
Contributor

asobrien commented Jun 7, 2018

It would be nice if the AWS profile that credentials should be sourced from could be
specified when using heptio-authenticator-aws. Of course, this can already be done
by using the AWS_PROFILE environment variable. However, adding profiles as an
explicit option would be useful when working with clusters across multiple AWS
accounts and allow seamless switching.

For example, if a --profile flag was supported then kubectl would not require the
AWS_PROFILE environment variable to be modified for each cluster/account. The
appropriate profile could be specified directly in the kubeconfig file, e.g.:

apiVersion: v1
clusters:
- cluster:
    server: ${server}
    certificate-authority-data: ${cert}
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
        - "token"
        - "-i"
        - "mycluster"
        - "-p"
        - "dev"
@asobrien asobrien mentioned this issue Jun 7, 2018
Merged
asobrien pushed a commit to asobrien/authenticator that referenced this issue Jun 7, 2018
add support for profile
2748b56 
Fixes kubernetes-sigs#94

Signed-off-by: Anthony O'Brien <[email protected]>
@christopherhein
Copy link
Member

Hey @asobrien there is actually support for this built into the ExecCredentials flow…

Update your config to include:

env:
- name: AWS_PROFILE
   value: dev

more information - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins#configuration

For the PR you submitted maybe we can make that to add documentation to how to configure this instead of adding the flag?

@christopherhein christopherhein mentioned this issue Jun 7, 2018
Closed
@asobrien
Copy link
Contributor Author

asobrien commented Jun 7, 2018

Perfect, that'd work! I'll verify it works as expected and update the README and docs to specify that profiles can be specified via the env block.

@christopherhein
Copy link
Member

Thanks! @asobrien

asobrien pushed a commit to asobrien/authenticator that referenced this issue Jun 8, 2018
Documentation for adding AWS_PROFILE
6586238 
Fixes kubernetes-sigs#94

Signed-off-by: Anthony O'Brien [email protected]
joanayma pushed a commit to joanayma/aws-iam-authenticator that referenced this issue Aug 11, 2021
@brandonjbjelland
Merge pull request kubernetes-sigs#94 from kpankonen/align
41eb60b 
fix comment alignment on workers_group_defaults
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@christopherhein @asobrien