K
Q

AWS EKS enable basic auth

2/5/2019

Is it possible to enable k8s basic auth in AWS EKS?

I need it to make Jenkins Kubernetes plugin work when Jenkins is deployed outside k8s.

-- kagarlickij
aws-eks
kubernetes

Similar Questions

Kube / create deployment with config map
How to programmatically create Cloud SQL instance with Private IP
How to get two ingress ports accessible for single service using NGINX kubernetes controller
Repeat watcher.go:208] watch chan error: etcdserver: mvcc: required revision has been compacted

2 Answers

9/17/2019

You can use service account tokens (as Bearer Tokens).

Service account bearer tokens are perfectly valid to use outside the cluster and can be used to create identities for long standing jobs that wish to talk to the Kubernetes API. To manually create a service account, simply use the kubectl create serviceaccount (NAME) command. This creates a service account in the current namespace and an associated secret.

kubectl create serviceaccount jenkins

serviceaccount "jenkins" created

Check an associated secret:

kubectl get serviceaccounts jenkins -o yaml


apiVersion: v1
kind: ServiceAccount
metadata:
  # ...
secrets:
- name: jenkins-token-1yvwg

The created secret holds the public CA of the API server and a signed JSON Web Token (JWT).

kubectl get secret jenkins-token-1yvwg -o yaml


apiVersion: v1
data:
  ca.crt: (APISERVER'S CA BASE64 ENCODED)
  namespace: ZGVmYXVsdA==
  token: (BEARER TOKEN BASE64 ENCODED)
kind: Secret
metadata:
  # ...
type: kubernetes.io/service-account-token

The signed JWT can be used as a bearer token to authenticate as the given service account.

-- Tarek N. Elsamni
Source: StackOverflow
2/5/2019

You can use service account tokens.
Read more about it here: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens

-- rom
Source: StackOverflow