I'm trying to get the list of services from EKS using Spring boot and Kotlin. I was able to make it work with the following using fabric8:
@Configuration
class AwsConfig {
@Bean
fun kubernetesClient(): KubernetesClient {
return KubernetesClientBuilder()
.withConfig(
ConfigBuilder()
.withMasterUrl("master-url")
.withOauthToken(
"hard-coded-oauth-token"
)
.withTrustCerts()
.build(),
)
.build()
}
}
and then:
@Service
class EksService(val kubernetesClient: KubernetesClient) {
fun getServices() {
val services = kubernetesClient.services().list()
println(services)
}
}
I generated the "hard-coded-oauth-token" via cli command: aws eks get-token --cluster-name <cluster-name>
I'm trying to figure out how I can generate this oauth token progrematically, I couldn't find any documentation on that
I finally figured it out, with the help of this answer: https://stackoverflow.com/a/60204304
The code is in kotlin:
@Configuration
class AwsConfig {
@Bean
fun kubernetesClient(): KubernetesClient {
return KubernetesClientBuilder()
.withConfig(
ConfigBuilder()
.withMasterUrl("https://<clusterId>.<region>.eks.amazonaws.com")
.withTrustCerts()
.withOauthTokenProvider { getToken() }
.build(),
)
.build()
}
fun getToken(): String {
val stsUri = URI("https", "sts.${<region>}.amazonaws.com", "/", null)
val requestToSign = SdkHttpFullRequest
.builder()
.method(SdkHttpMethod.GET)
.uri(stsUri)
.appendHeader("x-k8s-aws-id", "<cluster_name>")
.appendRawQueryParameter("Action", "GetCallerIdentity")
.appendRawQueryParameter("Version", "2011-06-15")
.build()
val presignerParams = Aws4PresignerParams.builder()
.awsCredentials(
AwsSessionCredentials.create(.....),
)
.signingRegion(EU_CENTRAL_1)
.signingName("sts")
.signingClockOverride(Clock.systemUTC())
.expirationTime(Instant.now().plus(60, ChronoUnit.SECONDS))
.build()
val signedRequest = Aws4Signer.create().presign(requestToSign, presignerParams)
val encodedUrl: String = Base64.getUrlEncoder().withoutPadding().encodeToString(
signedRequest.uri.toString().toByteArray(),
)
return ("k8s-aws-v1.$encodedUrl")
}