skip to Main Content

I’d like to configure the kubectl tool to use the variables defined in my current shell in order to connect to the cluster, rather than pointing to the profile defined in a ~/.aws/credentials file, for security reasons.

This works with the normal aws command already, as well as terraform which is what I’m using to provision my resources.

I’m sourcing the values into my shell before running commands via the 1Password CLI tool. Is it possible to have the kubectl command use the values already defined in my current shell environment (currently $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY) rather than using the configuration file?

If not, how do you typically avoid hardcoding AWS keys into local configuration files that let you connect to an EKS cluster on AWS?

2

Answers


  1. Yes, you can configure kubectl to use environment variables for AWS credentials instead of relying on the AWS credentials file. This approach enhances security by avoiding the need to store sensitive information in static files. Kubernetes supports the use of exec credential plugins, and the AWS CLI can be used as such a plugin to fetch credentials dynamically.

    Login or Signup to reply.
  2. The kubectl command is not using the aws credentials, but the context configuration in $HOME/.kube/config

    You may configure the k8s context using the aws eks command which is using the env variables. btw — I suggest always providing AWS_REGION too along the credentials

    aws eks update-kubeconfig --region region-code --name my-cluster
    

    Then check the kubectl context, it should be configured

    kubectl config get-contexts
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search