Adds supports for AWS EKS (#35)

anneschuth · superbrothers · commit ee886904533b · 2018-08-16T15:45:40.000+09:00
* Supports AWS EKS

* Adds myself to contributors

* Fixes doubles quotes

* Explicitly mention aws_eks_cluster_name in error message

* Use multi-stage builds
diff --git a/AUTHORS b/AUTHORS
@@ -5,3 +5,4 @@ Kazuki Suda
 Etourneau Gwenn
 Tanner Bruce
 Takuhiro Yoshida
+Anne Schuth
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,8 @@
+FROM golang:1.10
+
+RUN set -x && \
+    go get -u -v github.com/kubernetes-sigs/aws-iam-authenticator/cmd/aws-iam-authenticator
+
 FROM ubuntu:16.04
 
 MAINTAINER Kazuki Suda <ksuda@zlab.co.jp>
@@ -14,5 +19,7 @@ RUN set -x && \
     kubectl version --client && \
     rm -rf /var/lib/apt/lists/*
 
+COPY --from=0 /go/bin/aws-iam-authenticator /usr/local/bin/
+
 RUN mkdir -p /opt/resource
 COPY assets/* /opt/resource/
diff --git a/README.md b/README.md
@@ -4,6 +4,8 @@
 
 A Concourse resource for controlling the Kubernetes cluster.
 
+*This resource supports AWS EKS.*
+
 ## Versions
 
 The version of this resource corresponds to the version of kubectl. We recommend using different version depending on the kubernetes version of the cluster.
@@ -43,6 +45,8 @@ The version of this resource corresponds to the version of kubectl. We recommend
         -----END CERTIFICATE-----
     ```
 - `insecure_skip_tls_verify`: *Optional.* If true, the API server's certificate will not be checked for validity. This will make your HTTPS connections insecure. Defaults to `false`.
+- `use_aws_iam_authenticator`: *Optional.* If true, the aws_iam_authenticator, required for connecting with EKS, is used. Requires `aws_eks_cluster_name`. Defaults to `false`.
+- `aws_eks_cluster_name`: *Optional.* the AWS EKS cluster name, required when `use_aws_iam_authenticator` is true.
 
 ## Behavior
 
diff --git a/assets/common.sh b/assets/common.sh
@@ -79,6 +79,26 @@ setup_kubectl() {
     exe kubectl config set-context "$CONTEXT_NAME" --user="$AUTH_NAME" --cluster="$CLUSTER_NAME"
 
     exe kubectl config use-context "$CONTEXT_NAME"
+
+    # Optional. Use the AWS EKS authenticator
+    local use_aws_iam_authenticator
+    use_aws_iam_authenticator="$(jq -r '.source.use_aws_iam_authenticator // ""' < "$payload")"
+    local aws_eks_cluster_name
+    aws_eks_cluster_name="$(jq -r '.source.aws_eks_cluster_name // ""' < "$payload")"
+    if [[ "$use_aws_iam_authenticator" == "true" ]]; then
+      if [ -z "$aws_eks_cluster_name" ]; then
+        echoerr 'You must specify aws_eks_cluster_name when using aws_iam_authenticator.'
+        exit 1
+      fi
+      echo "    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      args:
+      - token
+      - -i
+      - ${aws_eks_cluster_name}
+      command: aws-iam-authenticator
+      env: null" >> "$KUBECONFIG"
+    fi
   fi
 
   # Optional. The namespace scope. Defaults to default if doesn't specify in kubeconfig.
