How to get all daemonset info from EKS cluster using kubernetes-python client?

76 views Asked by At

Using the Kubernetes-python client, I need all daemon-set info (like ip & port, etc) for a particular namespace from the EKS cluster.

The problem with below code is, it hangs for many minutes, don't print any error or info.

from __future__ import print_function
import os
import sys

import boto3
import base64
import tempfile
import subprocess
from pprint import pprint
from kubernetes import client, config
from kubernetes.client.rest import ApiException

os.environ['AWS_DEFAULT_REGION'] = "us-east-2"
boto3.setup_default_session(region_name="us-east-2")

boto3_session = boto3.Session(profile_name='abc_xyz_eks_prod_dev')
aws_credentials = boto3_session.get_credentials()

# setting creds as environment variables
os.environ['AWS_ACCESS_KEY_ID'] = aws_credentials.access_key
os.environ['AWS_SECRET_ACCESS_KEY'] = aws_credentials.secret_key
os.environ['AWS_SESSION_TOKEN'] = aws_credentials.token

cluster_name = 'abc-xyz-uat01-eks'


def get_eks_token(cluster_name_in: str) -> str:
    get_token_cmd = f"aws eks get-token --cluster-name='{cluster_name_in}'"
    token_raw_output = subprocess.getstatusoutput(get_token_cmd)
    # print(token_raw_output)
    token_kind = eval(token_raw_output[1])
    eks_token_out = token_kind['status']['token']
    return eks_token_out


def write_cafile_local(data: str):
    file_full_path = os.getcwd() + os.sep + 'ca.cert'
    with open(file_full_path, 'wb') as tf:
        cadata_b64 = data
        cadata = base64.b64decode(cadata_b64)
        tf.write(cadata)
    return file_full_path


cluster_token = get_eks_token(cluster_name)

# eks boto3 client
eks_client = boto3.client('eks')
cluster_details = eks_client.describe_cluster(name=cluster_name)['cluster']
cluster_ca_file = write_cafile_local(cluster_details['certificateAuthority']['data'])
print('ca_file full path -', cluster_ca_file)

# make configuration
kube_client_config = client.configuration.Configuration()
kube_client_config.host = cluster_details['endpoint'] + ":443"
kube_client_config.verify_ssl = True
kube_client_config.ssl_ca_cert = cluster_ca_file
kube_client_config.assert_hostname = True
kube_client_config.api_key_prefix['authorization'] = 'Bearer'
kube_client_config.api_key['authorization'] = cluster_token

config.load_kube_config()

k8_api_client = client.ApiClient(kube_client_config)

k8_app_client = client.AppsV1Api(api_client=k8_api_client)

try:
    api_response = k8_app_client.list_namespaced_daemon_set(namespace="logging", pretty=True, watch=False)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling AppsV1Api->list_namespaced_daemon_set: %s\n" % e)
1

There are 1 answers

0
Saifeddine Rajhi On

I think your Lambda execution role is missing required permissions..

It should be something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eks:ListClusters",
        "eks:DescribeCluster"
      ],
      "Resource": "*"
    }
  ]
}