-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
EKS: Kubectl Lambda Function Doesn't Support Regional STS Endpoints #30496
Comments
I saw this from the doc:
I think we need to find out what is the SDK version of the kubectl provider you use in the lambda. Are you able to find out that? According to this, the runtime should be python3.10. And the SDK version for python3.10 lambda runtime and boto3 version at this moment in us-east-1 is 1.34.42, which was released in Feb 2024 and I think it should include that already? My questions:
Thanks. |
1/Deploying in us-east-1. My understanding is that all new MAJOR versions should be defaulting to using regional endpoints per the documentation, but I'm not sure how that's interpreted for boto3 since it's still v1.x.x. |
Have discussed with @tim-finnigan about boto/botocore#2577 (comment) Setting it to |
OK we do have this in cluster resource provider aws-cdk/packages/aws-cdk-lib/aws-eks/lib/cluster-resource-provider.ts Lines 69 to 71 in b196b13
But not added here I'll submit a PR for that. |
|
1 similar comment
|
…ction (aws#30580) ### Issue # (if applicable) Per boto/botocore#2577 (comment) setting this to `regional` is still required and recommended for boto3. Closes aws#30496 ### Reason for this change ### Description of changes ### Description of how you validated changes Added a new unit test and verified with debugger. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ### Debugger ```json { "version": "0.2.0", "configurations": [ { "type": "node", "request": "launch", "name": "Jest", "program": "${workspaceFolder}/node_modules/jest/bin/jest.js", "cwd": "${workspaceFolder}/packages/aws-cdk-lib", "args": [ "--verbose", "-i", "--no-cache", "test/kubectl-provider.test.ts", ], "console": "integratedTerminal", "internalConsoleOptions": "neverOpen", "skipFiles": [ "<node_internals>/**" ], "outFiles": [ "${workspaceFolder}/**/*.(m|c|)js", "!**/node_modules/**" ], } ] } ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ction (aws#30580) ### Issue # (if applicable) Per boto/botocore#2577 (comment) setting this to `regional` is still required and recommended for boto3. Closes aws#30496 ### Reason for this change ### Description of changes ### Description of how you validated changes Added a new unit test and verified with debugger. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ### Debugger ```json { "version": "0.2.0", "configurations": [ { "type": "node", "request": "launch", "name": "Jest", "program": "${workspaceFolder}/node_modules/jest/bin/jest.js", "cwd": "${workspaceFolder}/packages/aws-cdk-lib", "args": [ "--verbose", "-i", "--no-cache", "test/kubectl-provider.test.ts", ], "console": "integratedTerminal", "internalConsoleOptions": "neverOpen", "skipFiles": [ "<node_internals>/**" ], "outFiles": [ "${workspaceFolder}/**/*.(m|c|)js", "!**/node_modules/**" ], } ] } ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Describe the bug
When deploying a private EKS cluster using an STS VPC endpoint, the Kubetctl function access to STS fails because it attempts to use the global endpoint. This is either from using a V1 SDK, the endpoint is explicitly set, or the environment variable is set
Expected Behavior
All SDKs and functions not under user control should default to using regional STS endpoints.
Current Behavior
The function uses the global endpoint.
Reproduction Steps
Deploy a private EKS cluster with an STS VPC endpoint.
Possible Solution
Set the environment variable in the Lambda function definition. This is my current workaround:
Additional Information/Context
No response
CDK CLI Version
2.138.0
Framework Version
No response
Node.js Version
v20.9.0
OS
darwin
Language
.NET
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: