https://github.com/benagricola/php-eks-auth

A PHP Library helper for AWS EKS Authentication with your chosen PHP Kubernetes client
https://github.com/benagricola/php-eks-auth

amazon amazon-eks authentication eks kubernetes php

Last synced: about 1 month ago
JSON representation

A PHP Library helper for AWS EKS Authentication with your chosen PHP Kubernetes client

• Host: GitHub
• URL: https://github.com/benagricola/php-eks-auth
• Owner: benagricola
• License: mit
• Created: 2021-04-30T20:50:30.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2023-04-19T21:18:42.000Z (about 3 years ago)
• Last Synced: 2025-05-23T08:33:16.819Z (about 1 year ago)
• Topics: amazon, amazon-eks, authentication, eks, kubernetes, php
• Language: PHP
• Homepage:
• Size: 59.6 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# PHP EKS Auth

This library uses the AWS V3 SDK to create an authenticated `GuzzleHttp\Client` instance that can be passed to your compatible PHP Kubernetes client (only tested with `maclof/kubernetes-client`). 

All you need to authenticate with an EKS cluster is valid AWS credentials in your environment. 

This library will pull the EKS endpoint details from AWS based on `$clusterName` and `$region`, using the default credential provider from `aws-sdk-php`.

The `GuzzleHttp\Client` instance will be preconfigured with a `DynamicCertificate` Middleware that writes the CA certificate of the cluster to a temporary file so it can be passed to the underlying HTTP Handler (usually Curl). 

The temporary certificate file is created and deleted on every request so does not need to be cleaned up, and means connections are fully verified.

## Usage

Require it:

```bash

composer require benagricola/eks-auth

```

Then use it in your project:

```php

use EKSAuth\Client\Factory as ClientFactory;

# Example using maclof/kubernetes-client

use Maclof\Kubernetes\Client;

// Create a new ClientFactory.

// EKS Cluster details are cached for the

// lifetime of this Factory instance.

$cf = new ClientFactory();

// Get our client. A new Token will be generated every

// time getClient() is called.

// We pass our own function that instantiates a new 

// Maclof\Kubernetes\Client instance with the

// pre-configured \GuzzleHttp\Client.

$k8s = $cf->getClient($clusterName, $region, function($httpClient) {

    return new Client([], $httpClient);

});

$namespaces = $k8s->namespaces()->find();

...

```

Note: This library only catches and re-throws an error when the requested cluster does not exist. You should wrap the `ClientFactory->getClient()` call in a `try{} catch(Exception $e){}` block to avoid throwing all sorts of errors from the underlying libraries.

## Contributing

Submit a pull request. I'm not a PHP dev so the codebase has no tests.