Dynamically Set Profile for Kubeconfig

[viksesh]

Hi,

We have a use case where we are programmatically (java) doing a switch iam role from a pod on EKS Cluster A to a cross-account role on account where EKS Cluster B sits. We then perform actions in the EKS cluster (create, read namespaces for ex).
In order to access Cluster B from A, we need to set the kubeconfig with a profile, for ex we dynamically generate the kubeconfig like so:
String kubeconfig = "apiVersion: v1\n" + "clusters:\n" + "- cluster:\n" + " server: " + endpoint + "\n" + " certificate-authority-data: " + caData + "\n" + " name: " + k8sClusterIdArn + "\n" + "contexts:\n" + "- context:\n" + " cluster: " + k8sClusterIdArn + "\n" + " user: " + k8sClusterIdArn + "\n" + " name: " + k8sClusterIdArn + "\n" + "current-context: " + k8sClusterIdArn + "\n" + "kind: Config\n" + "preferences: {}\n" + "users:\n" + "- name: " + k8sClusterIdArn + "\n" + " user:\n" + " exec:\n" + " apiVersion: client.authentication.k8s.io/v1beta1\n" + " command: aws\n" + " args:\n" + " - \"eks\"\n" + " - \"get-token\"\n" + " - \"--region\"\n" + " - \"" + awsRegion + "\"\n" + " - \"--cluster-name\"\n" + " - \"" + k8sClusterId + "\"\n" + " env:\n" + " - name: AWS_PROFILE\n" + " value: " + "profile-" + awsAccountId + "-" + awsRegion + "\n";

We want to know if there is a way to also dynamically set the profile as specified in the kubeconfig above. Currently we have to generate the config file and mount on the pod. Is there instead a way to generate the profile via the AWS Java SDK and build the client with it, instead of maintaining it in a config file?

Or is there any alternatives to dynamically building the kubeconfig and profile that would easily let us authenticate to a cross-account cluster?

[chinltong]

I have the same exact issue, been trying to get it to work for weeks now!