Using the Kubernetes-python client, I need all daemon-set info (like ip & port, etc) for a particular namespace from the EKS cluster.
The problem with below code is, it hangs for many minutes, don't print any error or info.
from __future__ import print_function
import os
import sys
import boto3
import base64
import tempfile
import subprocess
from pprint import pprint
from kubernetes import client, config
from kubernetes.client.rest import ApiException
os.environ['AWS_DEFAULT_REGION'] = "us-east-2"
boto3.setup_default_session(region_name="us-east-2")
boto3_session = boto3.Session(profile_name='abc_xyz_eks_prod_dev')
aws_credentials = boto3_session.get_credentials()
# setting creds as environment variables
os.environ['AWS_ACCESS_KEY_ID'] = aws_credentials.access_key
os.environ['AWS_SECRET_ACCESS_KEY'] = aws_credentials.secret_key
os.environ['AWS_SESSION_TOKEN'] = aws_credentials.token
cluster_name = 'abc-xyz-uat01-eks'
def get_eks_token(cluster_name_in: str) -> str:
get_token_cmd = f"aws eks get-token --cluster-name='{cluster_name_in}'"
token_raw_output = subprocess.getstatusoutput(get_token_cmd)
# print(token_raw_output)
token_kind = eval(token_raw_output[1])
eks_token_out = token_kind['status']['token']
return eks_token_out
def write_cafile_local(data: str):
file_full_path = os.getcwd() + os.sep + 'ca.cert'
with open(file_full_path, 'wb') as tf:
cadata_b64 = data
cadata = base64.b64decode(cadata_b64)
tf.write(cadata)
return file_full_path
cluster_token = get_eks_token(cluster_name)
# eks boto3 client
eks_client = boto3.client('eks')
cluster_details = eks_client.describe_cluster(name=cluster_name)['cluster']
cluster_ca_file = write_cafile_local(cluster_details['certificateAuthority']['data'])
print('ca_file full path -', cluster_ca_file)
# make configuration
kube_client_config = client.configuration.Configuration()
kube_client_config.host = cluster_details['endpoint'] + ":443"
kube_client_config.verify_ssl = True
kube_client_config.ssl_ca_cert = cluster_ca_file
kube_client_config.assert_hostname = True
kube_client_config.api_key_prefix['authorization'] = 'Bearer'
kube_client_config.api_key['authorization'] = cluster_token
config.load_kube_config()
k8_api_client = client.ApiClient(kube_client_config)
k8_app_client = client.AppsV1Api(api_client=k8_api_client)
try:
api_response = k8_app_client.list_namespaced_daemon_set(namespace="logging", pretty=True, watch=False)
pprint(api_response)
except ApiException as e:
print("Exception when calling AppsV1Api->list_namespaced_daemon_set: %s\n" % e)
I think your
Lambda execution role
is missing required permissions..It should be something like this: