Lens IDE for EKS cluster

bonthusaireddy · July 30, 2022, 3:04pm

I have a kubernetes cluster on AWS the EKS one.
I have SSO for my AWS account
Every time I have to export the creds on my terminal and then I can run the kubectl commands only on the same terminal.
How can I connect that cluster to Lens IDE

Alistair_KodeKloud · August 1, 2022, 5:29pm

Hi @bonthusaireddy

I guess this is going to depend where you are running Lens from. I personally haven’t tried Lens, however there needs to be a route from wherever you have Lens installed to the API server’s endpoint.

If you are running it on your own workstation/laptop or whatever, then by default the EKS control plane is not going to be publicly visible so you won’t be able to get a connection. You would either

Need a VPN or direct connect between you and the AWS VPC where EKS is deployed (not practical cost-wise except for a business).
Deploy a workstation (Windows or Linux with desktop) inside your VPC such that it can see the EKS control plane and connect to that with RDP or VNC.

bonthusaireddy · August 1, 2022, 5:57pm

Hi @Alistair_KodeKloud

Thanks for the reply
That’s completely true my workspace is in the VPC and I am able to access the EKS cluster with my AWS SSO credentials.
But my problem is when I paste my AWS SSO credentials on the terminal I am only able to access the EKS cluster only on that particular terminal.
Since LENS does not use that terminal for connecting to AWS here is the problem.

Here I don’t have AWS iam credentials , the AWS SSO credentials which are temporary say like for 1 hour, I paste the AWS SSO credentials whenever I want to connect to AWS.

I am able to connect to EKS cluster on LENS with changing the ~/.aws/credentials file

But the problem here is everytime you need to modify this file.

I was looking for a better way to directly paste the credentials on LENS

I have asked this question here because here because LENS course is available on kokekloud

Thanks
Saireddy

Alistair_KodeKloud · August 1, 2022, 7:21pm

Yeah, there’s a lens course, but it is generic and doesn’t cover specifically onboarding an EKS cluster and certainly not with federation involved in SSO

There appear to be some articles that suggest you can craft a kubeconfig to invoke external programs like aws cli, eksctl or OIDC providers to aid in authentication - then you can mount the cluster from the kubeconfig

github.com/lensapp/lens

Support MFA prompt for aws-iam-authenticator

opened 10:01AM - 02 Apr 20 UTC

mitom

enhancement

**What would you like to be added**: Support for prompting for MFA codes for AWS auth **Why is this needed**: When the role needed to use a cluster enforces MFA, Lens does not prompt for it, it times out on connecting. The workaround for this, is to assume the role in the CLI and export access/secret keys, then Lens can use this role and connect to the cluster without problem. However, this method limits the cluster switching functionality to 1 account. **Environment you are Lens application on:** - Kubernetes distribution: EKS - Desktop OS: OSX

I think you’ll need to put the pieces together from the various bits and pieces on Google - and if you find a good working solution, maybe make a new post here on how you configured it.

It’s also going to depend on the federation you’re using (Active Directory, 3rd party OAuth like Okta, or native AWS SSO)