CloudBees action: Configure EKS credentials

2 minute read

Use this action to configure Amazon Elastic Kubernetes Service (EKS) credentials for use in CloudBees workflows. This action updates your \~/.kube/config with credentials for connecting to an EKS cluster.

Prerequisites

Make sure to add the following to your YAML file:

- name: Check out repo uses: actions/checkout@v1 - name: Configure AWS credentials uses: https://github.com/cloudbees-io/configure-aws-credentials@v1 with: role-to-assume: arn:aws:iam::123456789012:role/my-cloudbees-actions-role aws-region: your-aws-region

For more information, refer to CloudBees action: Configure AWS credentials.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

name

String

Yes

The EKS cluster name.

role-to-assume

String

No

The EKS role to assume.

user-alias

String

No

The user alias.

alias

String

No

The EKS alias.

Usage examples

Current credentials role

Authenticate to Amazon Elastic Kubernetes Service with the current credentials role.

In your YAML file, add:

- name: Login to Amazon EKS uses: https://github.com/cloudbees-io/configure-eks-credentials@v1 with: name: my-eks-cluster-name - name: Do some things with the cluster uses: docker://alpine/k8s:latest run: | kubectl apply -k ...

Assume a different role

To get correct credentials for Amazon Elastic Kubernetes Service, you may at times need to assume a role different from your current role.

The current Amazon Web Services credentials must be able to assume the role.

In your YAML file, add:

- name: Log in to Amazon EKS uses: https://github.com/cloudbees-io/configure-eks-credentials@v1 with: name: my-eks-cluster-name role-to-assume: my-eks-admin-role - name: Do some things with the cluster uses: docker://alpine/k8s:latest run: | helm install ...
To assume a different role, use the role-session-name and role-external-id options from CloudBees action: Configure AWS credentials.

Connect to multiple clusters

Merge the credentials into \~/.kube/config so you can chain multiple times; for example, if you need to have multiple EKS clusters authenticated, or switch between different authentications for the same cluster.

The workflow always sets the current context, so the last one takes precedence.

In your YAML file, add:

- name: Log in to Amazon EKS as admin uses: https://github.com/cloudbees-io/configure-eks-credentials@v1 with: name: my-eks-cluster-name role-to-assume: my-eks-admin-role user-alias: admin alias: cluster-with-admin - name: Log in to Amazon EKS as regular user uses: https://github.com/cloudbees-io/configure-eks-credentials@v1 with: name: my-eks-cluster-name user-alias: standard alias: cluster-without-admin - name: Do some things with the cluster uses: docker://alpine/k8s:latest run: | helm --kubecontext cluster-with-admin install ... kubectl --context cluster-without-admin get pods ... kubectl --context cluster-with-admin patch ...

Connect to a cluster in a different region

To authenticate to AWS, you must specify the region to connect to. By default, the cluster to connect to must be in the same region. However, if you specify the region, you can still connect to a cluster in a different region without updating the AWS-configured region.

Combine connection to a cluster in a different region with the above merging of credentials into \~/.kube/config to simplify applying operations across multiple regions.

The following is an example of connecting to a cluster in a different region:

- name: Configure AWS credentials uses: https://github.com/cloudbees-io/configure-aws-credentials@v1 with: role-to-assume: arn:aws:iam::123456789012:role/my-cloudbees-actions-role aws-region: eu-west-2 - name: Log in to Amazon EKS cluster in a different region uses: https://github.com/cloudbees-io/configure-eks-credentials@v1 with: name: my-eks-cluster-name region: us-east-2