Interacting with EKS using Python SDK with SSO protection

How can I interact with eks using python sdk when my clusters/account are protected with SSO? When using bash aws cli, I connect with aws sso login --profile mssp2-prod and everything works fine… but when I try to run my python script, I get InsecureRequestWarning: Unverified HTTPS request is being made to host '<http://XXXXXXXXgr7.us-east-1.eks.amazonaws.com|XXXXXXXXgr7.us-east-1.eks.amazonaws.com>'. Adding certificate verification is strongly advised. See: <https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings> and HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}

I know the first one is just a warning… so I’m more concerned about the second one, which is indeed the error… Here’s what I am trying: https://bpa.st/N6GQ

The certificate data isn’t your authentication token. You need to get an actual token signed by STS.

That’s no different for cli creds or sso.

That certificate data is what allows it to verify the ssl connection.

ok, was able to get it working with this:

v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
    print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))```

You might have a good bearer token in your current kube config, but in the code I maintain that runs in lambda, we don’t have a kubeconfig.

what would be your suggestion if running on lambda in that case?

hum… so you call get_bearer_token passing the region and cluster name… I see…

will give a try, thank you. Am still wondering if python will be the best option for what I have in mind… or if purely bash would be a better fit

since I’ll be doing a lot of things with the pods, like running commands inside a pod and getting the output, etc…

Does python sdk support all that? such as, for example… imagining I have a pod running mariadb. So I’dneed to list all the dbs inside the mariadb running in that pod, etc…

all that is very easy with bash… does the python sdk allow all that?

I haven’t messed with that part in the py sdk.

I see… will do some research on their docs first… to see if they support all that or if bash is really the best option for this tool

It apparently does: https://stackoverflow.com/questions/73210551/execute-commands-within-kubernetes-pod-in-python

There’s a bunch of extra overhead because you have to manage stdin/out/err, etc, but that’s rather expected for executing commands.

in that case, python might be a good call… I know exactly how to do it all in bash… but since I’m also learning python currently, I thought this would be a nice project to get some hands on with python as well