On AWS with EKS¶
AWS has a plethora of interesting options to authenticate with it, here we will specify the simplest (albeit maybe not the most secure or ‘best practice’).
Create an AWS IAM User for use by
kubectl
to authenticate to AWS. This user will need a access key and access secret, but no console access.Create an access key for this user. JupyterHub will need these while running to make requests to the kubernetes API, set as environment variables.
Grant the user access to the
eks:DescribeCluster
permission, either directly or via a group you create specifically for this purpose.Grant the user access to the Kubernetes API by editing the
aws-auth
configmap as described in this document.Generate an appropriate entry in your
KUBECONFIG
file:export AWS_ACCESS_KEY_ID=<access-key-id> export AWS_SECRET_ACCESS_KEY=<access-key-secret> aws eks update-kubeconfig --name=<cluster-name> --region=<aws-region>
When you deploy your JupyterHub, you need to set the environment variables
AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
on the JupyterHub process itself
so it can talk to the Kubernetes API properly.