amazon-eks-connector

module

v0.0.0-...-1cb3484 Latest Latest Go to latest Published: Mar 26, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aws/amazon-eks-connector

Links

Open Source Insights

README ¶

EKS Connector

EKS Connector is a client-side agent that connects any Kubernetes cluster to AWS.

How it works

EKS Connector runs in Kubernetes as a Pod that consists of below containers:

./doc/eks-connector-diagram.png

init container

The init container is responsible for initiating the state of EKS Connector.

proxy container

The proxy container is responsible for proxying Kubernetes API Server traffic and applying appropriate user-impersonation flow.

agent container

The agent container runs the AWS System Manager Agent. It maintains a persistent, secure connection between the Kubernetes cluster and AWS.

AWS SSM agent is published at ECR Public

Development

Install from repo

Run the following command against the cluster after retrieving your activation code and id. See the guide here.

$ helm -n eks-connector install eks-connector \
    oci://public.ecr.aws/eks-connector/eks-connector-chart \
    --set eks.activationCode="<your-activation-code>" \
    --set eks.activationId="<your-activation-id>" \
    --set eks.agentRegion="<your-region>"

Updating dependencies

GOPROXY=direct go get -t <module>
go mod vendor
development with new dependency
go mod tidy
commit vendor folder changes in a dedicated CR for easier review
commit code changes in follow-up CR

Release

Amazon EKS Connector build is released at ECR Public.

Test

To deploy it we need to create an SSM hybrid activation first. For testing, put a high number of activation instance so that we don't need to create activation often when SSM agent restarts.

# Fill in the activation ID and activation code.
export EKS_ACTIVATION_ID=""
export EKS_ACTIVATION_CODE=""
export EKS_AWS_REGION=""
# Replace with your custom built images if needed
export EKS_CONNECTOR_IMAGE="public.ecr.aws/eks-connector/eks-connector:0.0.3"
export SSM_AGENT_IMAGE="public.ecr.aws/amazon-ssm-agent/amazon-ssm-agent:3.1.1927.0"

# Apply the manifest
sed "s~%AWS_REGION%~$EKS_AWS_REGION~g; s~%EKS_CONNECTOR_IMAGE%~$EKS_CONNECTOR_IMAGE~g; s~%SSM_AGENT_IMAGE%~$SSM_AGENT_IMAGE~g; s~%EKS_ACTIVATION_ID%~$EKS_ACTIVATION_ID~g; s~%EKS_ACTIVATION_CODE%~$(echo -n $EKS_ACTIVATION_CODE | base64)~g" \
    ./manifests/eks-connector.yaml | kubectl apply -f -
# After a few seconds the connector pod should be healthy in kubernetes.

# Now get the managed instance at SSM.
aws ssm describe-instance-information --filters Key=ActivationIds,Values=$EKS_ACTIVATION_ID
# If you are lucky you should see exactly one managed instance.
# Alternatively, grep the logs at init container, which should print out the instance id.

# Now execute non interactive command
# NOTE: fill in TARGET with your own managed instance id like `mi-069f7e4b6ce64c0ce`
aws ssm start-session \
    --target TARGET \
    --document-name AWS-StartNonInteractiveCommand \
    --parameters '{"command": ["curl --unix-socket /var/eks/shared/connector.sock -H \"x-aws-eks-identity-arn: arn:aws:iam::123456789012:user/test-user\" http://localhost/api/v1/pods"]}'

Cleanup

Just delete with the manifest

sed "s~%AWS_REGION%~$EKS_AWS_REGION~g; s~%EKS_CONNECTOR_IMAGE%~$EKS_CONNECTOR_IMAGE~g; s~%SSM_AGENT_IMAGE%~$SSM_AGENT_IMAGE~g; s~%EKS_ACTIVATION_ID%~$EKS_ACTIVATION_ID~g; s~%EKS_ACTIVATION_CODE%~$(echo -n $EKS_ACTIVATION_CODE | base64)~g" \
    ./manifests/eks-connector.yaml  | kubectl delete -f -

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

Directories ¶

Path	Synopsis
cmd
pkg
agent Package agent is provides types and functions to perform registration with SSM	Package agent is provides types and functions to perform registration with SSM
config Package config contains structs to hold eks connector configurations	Package config contains structs to hold eks connector configurations
fsnotify
initializer Package initializer contains init container related functionalities.	Package initializer contains init container related functionalities.
k8s Package k8s provides abstracted access to kubernetes APIs.	Package k8s provides abstracted access to kubernetes APIs.
proxy
server
serviceaccount Package serviceaccount provides access to service account associated with eks-connector pod	Package serviceaccount provides access to service account associated with eks-connector pod
ssm Package ssm provides abstracted interaction to AWS SSM service	Package ssm provides abstracted interaction to AWS SSM service
state Package state provides types and functions for eks connector state management	Package state provides types and functions for eks connector state management

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL