How to create/update Kubeconfig file for the AWS EKS Cluster

Kubernetes (K8) is the crème de la crème of the container orchestration world. As businesses seek to gain more control over their infrastructure and automate processes, Kubernetes offers the flexibility to deploy applications anywhere and scale infrastructure up and down to meet business demands. 

61% of organizations adopted Kubernetes in 2022. With the remarkable growth K8 has seen over the years, AWS quickly jumped on the K8 bandwagon and introduced its managed Kubernetes service: Amazon Elastic Kubernetes Service (EKS). AWS EKS simplifies Kubernetes usage by managing underlying infrastructure, including the control plane, scaling, and availability.

A crucial part of managing and securing AWS EKS clusters revolves around using Kubectl, Kubernetes’ command-line tool, and Kubeconfig files to store authentication information. This article takes you through Kubeconfig files’ advantages, potential challenges, and the steps of creating and updating a Kubeconfig file for an AWS EKS cluster.

Benefits of Kubeconfig for AWS EKS clusters

1. Scalability & automation

You can seamlessly integrate Kubernetes operations into scripts and CI/CD pipelines through Kubeconfig and automate the cluster scaling process. This ensures your cluster can handle changing workloads without manual intervention, boosting your DevOps automation efforts and helping you enforce security best practices. 

2. Secure credential storage

Kubeconfig is a secure vault for storing crucial credentials and configurations. Hence, users don’t need to manually input sensitive information each time they interact with the cluster. It also supports IAM features such as AWS IAM Roles and Role-Based Access Control (RBAC), allowing developers to assign only appropriate permissions based on user roles and responsibilities.

Challenges of managing Kubeconfig for AWS EKS clusters

The Kubeconfig file (and Kubectl generally) aims to enhance AWS security – not create more potential vulnerabilities. However, it all comes down to how you manage it. Mishandling sensitive credentials and certificates stored within Kubeconfig files can become an open invitation for attackers to exploit organizational data. If multiple developers work in a single configuration file, mistakes are bound to happen, and these can cause authentication failures or unexpected behavior when interacting with the cluster. 

Enough challenges for the day, right? Not just yet – Credentials and certificates stored in Kubeconfig are only valid for a limited period, so you must manually update them to avoid service disruptions or security breaches in your Kubernetes containers.  It’s also worth keeping in mind that the complexity of a Kubeconfig file can exponentially grow with your application requirements, making it increasingly challenging to understand configuration and authentication details and troubleshoot problems. 

But before you can focus on managing and securing Kubeconfig files for your AWS EKS clusters, you must know how to create and update them properly. 

How to create/update a Kubeconfig file for an AWS EKS Cluster 

Step 1: Prerequisites

• An AWS account with the necessary permissions to access your EKS Cluster.
• Install and configure AWS Command Line Interface (CLI).
• Install the Kubectl command-line tool on your local machine.

Step 2: Authenticate with AWS CLI

Open your terminal and use the AWS CLI to authenticate with your AWS account:

aws configure

Enter your AWS Access Key ID, Secret Access Key, default region, and output format as prompted. This step is crucial for AWS CLI to interact with your EKS Cluster.

Step 3: Install Kubectl

You can use the below command to install Kubectl in UNIX environments.

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/Kubectl"
chmod +x Kubectl
sudo mv Kubectl /usr/local/bin/

• Install Kubectl on Linux
• Install Kubectl on macOS
• Install Kubectl on Windows

Step 4: Update Kubeconfig

To create or update your Kubeconfig file for AWS EKS, use the aws eks update-Kubeconfig command.

aws eks update-Kubeconfig --name <cluster-name> --region <region>

This command retrieves the necessary credentials and cluster configuration and updates your Kubeconfig file with the new cluster context.

Step 5: Verify configuration

Verify whether your Kubeconfig is correctly configured using the below command:

Kubectl config get-contexts

This command should display the context for your AWS EKS Cluster.

Step 6: Switch context

If you have multiple Kubernetes clusters configured in your Kubeconfig file and want to switch to the EKS cluster context, use the below command:

Kubectl config use-context <eks-cluster-context>

Step 7: Test access

Verify that you can access your EKS Cluster by running a simple command like this:

Kubectl get nodes

This command should return a list of nodes in your AWS EKS Cluster, confirming that your Kubeconfig is working correctly.

Step 8: Additional configuration (optional)

Depending on your specific requirements, you can customize your Kubeconfig file, add new users, or modify existing contexts. Refer to the official AWS documentation for advanced configurations.

Securing K8 in any environment 

Kubernetes opened many doors for developers, but can they even get in? Leveraging multiple providers in Kubernetes clusters is an art few have mastered yet. If you find yourself in a vendor lock-in situation, this dependency can limit flexibility and ability to deliver to changing requirements. But you should be able to manage K8 securely regardless of your environment – and reap all the benefits cloud providers offer. 

Control Plane’s workload portability enables you to combine the services of AWS, GCP, and Azure and unify application deployment and management under one platform. Regardless of where you choose to run your workloads (on-prem included), you can benefit from an intelligent DNS routing system that keeps latency incredibly low and ensures 99.999% latency, so your app’s performance is hardly ever affected. You can also scale up and down automatically, paying only for the cloud computing costs you use, which can slash the costs of your cloud bill by over 70%. Sign up for free or explore more.