问题描述

使用Amazon的K8s产品 EKS 服务时，有时需要将Kubernetes API和配置连接到AWS内建立的基础架构.特别是，我们需要具有适当凭据和URL的 kubeconfig 才能连接到EKS提供的k8s控制平面.

When using Amazon's K8s offering, the EKS service, at some point you need to connect the Kubernetes API and configuration to the infrastructure established within AWS. Especially we need a kubeconfig with proper credentials and URLs to connect to the k8s control plane provided by EKS.

Amazon命令行工具aws提供了此任务的例程

The Amazon commandline tool aws provides a routine for this task

aws eks update-kubeconfig --kubeconfig /path/to/kubecfg.yaml --name <EKS-cluster-name>

问题:通过Python/boto3做同样的事情

查看 Boto API文档

Question: do the same through Python/boto3

When looking at the Boto API documentation, I seem to be unable to spot the equivalent for the above mentioned aws routine. Maybe I am looking at the wrong place.

• boto 中是否有现成的函数可以实现这一目标?
• 否则，您将如何在python中直接处理此问题(除了在子进程中调用aws以外)?

• is there a ready-made function in boto to achieve this?
• otherwise how would you approach this directly within python (other than calling out to aws in a subprocess)?

推荐答案

没有方法函数可以执行此操作，但是您可以自己构建配置文件，如下所示:

There isn't a method function to do this, but you can build the configuration file yourself like this:

# Set up the client
s = boto3.Session(region_name=region)
eks = s.client("eks")

# get cluster details
cluster = eks.describe_cluster(name=cluster_name)
cluster_cert = cluster["cluster"]["certificateAuthority"]["data"]
cluster_ep = cluster["cluster"]["endpoint"]

# build the cluster config hash
cluster_config = {
        "apiVersion": "v1",
        "kind": "Config",
        "clusters": [
            {
                "cluster": {
                    "server": str(cluster_ep),
                    "certificate-authority-data": str(cluster_cert)
                },
                "name": "kubernetes"
            }
        ],
        "contexts": [
            {
                "context": {
                    "cluster": "kubernetes",
                    "user": "aws"
                },
                "name": "aws"
            }
        ],
        "current-context": "aws",
        "preferences": {},
        "users": [
            {
                "name": "aws",
                "user": {
                    "exec": {
                        "apiVersion": "client.authentication.k8s.io/v1alpha1",
                        "command": "heptio-authenticator-aws",
                        "args": [
                            "token", "-i", cluster_name
                        ]
                    }
                }
            }
        ]
    }

# Write in YAML.
config_text=yaml.dump(cluster_config, default_flow_style=False)
open(config_file, "w").write(config_text)