Creating an auth ConfigMap using python sdk

3/20/2019

I'm trying to set a ConfigMap on my cluster using the python SDK. I'm planning on provisioning clusters on AWS EKS automatically, so want to be able to set the ConfigMaps using code.

I'm struggling to understand what format the data object should be in. I've been following the AWS EKS documentation and manually applied an auth configmap, and the output from kubectl looks like this:

data:
  mapRoles: |
    - rolearn: arn:aws:iam::XXXXXXXXXX:role/dev-eks-workers-NodeInstanceRole
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes

I'm trying to set the structure in the following way (with an extra role for my local AWS user role):

body = client.V1ConfigMap()
body.api_version = 'v1'
body.kind = 'ConfigMap'
body.metadata = {
    'name': 'aws-auth',
    'namespace': 'kube-system'
}

body.data = {
  'mapRoles': [
    {
      'rolearn': 'arn:aws:iam::XXXXXXXXXX:role/dev-eks-workers-NodeInstanceRole',
      'username': 'system:node:{{EC2PrivateDNSName}}',
      'groups': [
        'system:bootstrappers',
        'system:nodes'       
      ]
    },
    {
      'rolearn': 'arn:aws:iam::XXXXXXXXXX:role/Admin',
      'username': 'admin',
      'groups': [
        'system:masters' 
      ]
    }
  ]
}

That code is rejected by the API. I guess its because the docs here specify that data is to be a dict(str, str)

I tried a multi-line string, and while it does appear to set the configmap, it formatting is completely bust and it doesn't actually work with the roles defined.

apiVersion: v1
data:
  mapRoles: "\n- rolearn: arn:aws:iam::XXXXXXXXXXXX:role/dev-apollo-eks-workers-NodeInstanceRole\n
    \ username: system:node:{EC2PrivateDNSName}\n  groups:\n    - system:bootstrappers\n
    \   - system:nodes\n\n- rolearn: arn:aws:iam::XXXXXXXXXXXX:role/Admin\n  username:
    admin\n  groups:\n   - system:masters\n    "
kind: ConfigMap

Can anyone give me an example of how I'm supposed to do this in python

-- Martin McInnes
amazon-web-services
aws-eks
kubernetes
python

1 Answer

3/21/2019

After trying multiple ways, using this format works.

rolesString = ['- rolearn: ',
              f'{nodeRoleName}\n',
               '  username: system:node:{{EC2PrivateDNSName}}\n',
               '  groups:\n',
               '    - system:bootstrappers\n',
               '    - system:nodes\n',
              f'- rolearn: arn:aws:iam::{accountId}:role/Admin\n',
               '  username: admin\n',
               '  groups:\n',
               '    - system:masters\n'
               ]

body.data = {
   'mapRoles': ''.join(rolesString)
}
-- Martin McInnes
Source: StackOverflow