Created
June 19, 2022 00:54
-
-
Save russau/f9aa3015e0f32aa889d79a473fecef6c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"context" | |
b64 "encoding/base64" | |
"fmt" | |
awsconfig "github.com/aws/aws-sdk-go-v2/config" | |
"github.com/aws/aws-sdk-go-v2/service/eks" | |
"github.com/aws/aws-sdk-go-v2/service/sts" | |
smithyhttp "github.com/aws/smithy-go/transport/http" | |
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |
"k8s.io/client-go/kubernetes" | |
"k8s.io/client-go/tools/clientcmd" | |
clientcmdapi "k8s.io/client-go/tools/clientcmd/api" | |
) | |
const ( | |
clusterIDHeader = "x-k8s-aws-id" | |
v1Prefix = "k8s-aws-v1." | |
) | |
func getClusterInfo(clusterName string) clientcmdapi.Cluster { | |
////////////////// EKS stuff | |
cfg, _ := awsconfig.LoadDefaultConfig(context.TODO()) | |
eksClient := eks.NewFromConfig(cfg) | |
clusterInfo, _ := eksClient.DescribeCluster(context.TODO(), &eks.DescribeClusterInput{ | |
Name: &clusterName, | |
}) | |
cert, _ := b64.RawStdEncoding.DecodeString(*clusterInfo.Cluster.CertificateAuthority.Data) | |
return clientcmdapi.Cluster{ | |
Server: *clusterInfo.Cluster.Endpoint, | |
CertificateAuthorityData: cert, | |
} | |
} | |
func getAuthToken(clusterName string) string { | |
///////////////// STS STUFF | |
cfg, _ := awsconfig.LoadDefaultConfig(context.TODO()) | |
stsClient := sts.NewFromConfig(cfg) | |
stsSigner := sts.NewPresignClient(stsClient) | |
presignedURLRequest, _ := stsSigner.PresignGetCallerIdentity(context.TODO(), &sts.GetCallerIdentityInput{}, func(presignOptions *sts.PresignOptions) { | |
presignOptions.ClientOptions = append(presignOptions.ClientOptions, func(stsOptions *sts.Options) { | |
// Add clusterId Header | |
stsOptions.APIOptions = append(stsOptions.APIOptions, smithyhttp.SetHeaderValue(clusterIDHeader, clusterName)) | |
// Add X-Amz-Expires query param | |
stsOptions.APIOptions = append(stsOptions.APIOptions, smithyhttp.SetHeaderValue("X-Amz-Expires", "60")) | |
}) | |
}) | |
return v1Prefix + b64.RawURLEncoding.EncodeToString([]byte(presignedURLRequest.URL)) | |
} | |
func main() { | |
clusterName := "russ-cluster" | |
cluster := getClusterInfo(clusterName) | |
/// configure kubernetes client | |
config := clientcmdapi.Config{ | |
Clusters: map[string]*clientcmdapi.Cluster{ | |
"cluster1": &cluster, | |
}, | |
Contexts: map[string]*clientcmdapi.Context{ | |
"context1": { | |
Cluster: "cluster1", | |
AuthInfo: "context1", | |
}, | |
}, | |
AuthInfos: map[string]*clientcmdapi.AuthInfo{ | |
"context1": {}, | |
}, | |
CurrentContext: "context1", | |
} | |
config.AuthInfos[config.CurrentContext].Token = getAuthToken(clusterName) | |
// create the clientset | |
rawConfig, _ := clientcmd.NewDefaultClientConfig(config, &clientcmd.ConfigOverrides{}).ClientConfig() | |
clientset, _ := kubernetes.NewForConfig(rawConfig) | |
// get the list of pods | |
pods, _ := clientset.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{}) | |
fmt.Printf("There are %d pods in the cluster\n", len(pods.Items)) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment