This plugin provides authentication token to access AWS EKS without AWS CLI. The major use case is to launch dynamic agent pod in any EKS cluster by Jenkins Kubernetes Plugin
This plugin integrates with AWS Credentials Plugin to get AWS secrets.
It supports both AWSAccessKeyId/AWSSecretKey pair and IAM Roles.
If this plugin has no AWS credential configured, it retrieves AWS secrets from environment variables, system properties or AWS profile.
The EKS certificate authority from AWS console is encoded in base64.
Decode it to get a PEM format string before use in the Kubernetes plugin.
This plugin supports Kubernetes Credentials Provider. A valid YAML
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "a-test-eks"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "eks"
annotations:
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description": "eks1 token"
type: Opaque
data:
awsCredentialsId: YXdzLTE=
clusterName: ZWtzMQ==
region: dXMtd2VzdC0y
The token algorithm is from aws cli code and inspired by Programmatically Accessing an Amazon EKS Kubernetes Cluster.
Refer to our contribution guidelines
Licensed under MIT, see LICENSE