Boto3: Feature request: EKS get-token in boto3

Created on 27 Feb 2020 · 5Comments · Source: boto/boto3

Hi!

Would it be possible to get the EKS get-token functionality from the AWS CLI as a function in boto3? This would make it easier for Python scripts to interact with EKS clusters.

Here's what it could look like:

eks_client = boto3.client('eks')
token_response = eks_client.get_token(name=cluster_name)
token = token_response['token']

Here's some context on how it could be used:

import tempfile
import boto3
import kubernetes  # From: https://github.com/kubernetes-client/python

cluster_name = 'mycluster'

# Details from EKS
eks_client = boto3.client('eks')
eks_details = eks_client.describe_cluster(name=cluster_name)['cluster']

# Saving the CA cert to a temp file (working around the Kubernetes client limitations)
fp = tempfile.NamedTemporaryFile(delete=False)
ca_filename = fp.name
cert_bs = base64.urlsafe_b64decode(eks_details['certificateAuthority']['data'].encode('utf-8'))
fp.write(cert_bs)
fp.close()

# Token for the EKS cluster
token = eks_client.get_token(name=cluster_name)['token']

# Kubernetes client config
conf = kubernetes.client.Configuration()
conf.host = eks_details['endpoint']
conf.api_key['authorization'] = token
conf.api_key_prefix['authorization'] = 'Bearer'
conf.ssl_ca_cert = ca_filename
k8s_client = kubernetes.client.ApiClient(conf)

# Doing something with the client
v1 = kubernetes.client.CoreV1Api(k8s_client)
v1.list_namespaced_pod('default')

Let me know if you need more details.

Source

jkpl

Most helpful comment

I just wrapped the CLI logic into a function and released a package.
Hope it helps everyone
https://pypi.org/project/eks-token/

azhar22k on 1 Oct 2020

🎉3 😄1

All 5 comments

@jkpl - Thank you for your post. There is no corresponding api for this method and this command was written as customizations for the cli specifically. If you would like to see this added as a command to the service itself you can request that directly from the service team:
https://forums.aws.amazon.com/forum.jspa?forumID=303

But as a workaround you can use the get-token code in case of the command. Here is the code :
https://github.com/aws/aws-cli/blob/274ee71cb3180e557a54f9445cca2b6a7a998d24/awscli/customizations/eks/get_token.py#L94

swetashre on 27 Feb 2020

@swetashre OK, I might forward the request to the service team in that case. Thank you for the quick response!

jkpl on 28 Feb 2020

I am closing this issue as we can't do anything on SDK side to fix this. It will be feature request for service team. Please reopen if you have any questions.

swetashre on 28 Feb 2020

@swetashre Could you post an example of how a user could use the code from https://github.com/aws/aws-cli/blob/274ee71cb3180e557a54f9445cca2b6a7a998d24/awscli/customizations/eks/get_token.py#L94 to fulfill the original request?