future: support eks image

[iyacontrol]

What type of PR is this?

add support for eks.

/kind feature

[iyacontrol]

eks 为aws 托管k8s，采取了特殊的webhook认证方式。kubeconfig 文件如下：

apiVersion: v1
clusters:

• cluster:
  certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1ESXhOVEE1TkRreE9Wb1hEVEk1TURJeE1qQTVORGt4T1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSnFqCkVaamdxa0EwTGYxR1pUaHZ1OHNDS0pxZnZDQ1dES2I5UHJ1ZVdtTkswSWpBZ1J1VDRkZDZ2WFNPYzMraExRVjkKRmY2eisrenFIN055dWJXeWQ4eGZqSTVGaDgvQnY5dUpPbzNXOHJ3YWRVRldtOGliMnVRTE5TNHVHdkF5VHJuSAozWGFjUFVzdGwydHd5RUtmK3V2YkpjMjBqaGZzakhablZMaEh6aUl2bVA4bUk5SE1IUi9HUUpiUUVOdVZSUWpiCkZIYTlYZE1XSEcwS2tCcFJ0VFZub0wyZTJUR3lweHlJZW1qUFMxUWVPSngvNndqL2gvVHFhMWhYTDFjWWlnNXEKNXVRUlR6MXpVNzk2YklZMEo2K0dWT3FsQk1lcnFQbFhRY2JIQ3dJb1FnRGRRSmNsdGduU2VqRnpDSjNaT2tHMApHU3h5cXhhc3I2YTJJNmF3WGwwQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFV2IxamQvN2pNeEY4T1pORVdLcCszbFgzeWUKQi82c3VGK2UzdTdiNU05WUlER3NnOFRPMlJTK0Iwa0ZCcDBXTVpKOVNxVEYySG5SWUZoTDQzQ1RLZXI4c2xPLwpqd29NdnorR0s5NE9sd1ZtUlZ5TFZXUXZaTXcxeURyK3g1NGFnQ01LQnlGbXNEeHFPd1cra1FMTjNtTFdmN2pkCkJxQUltTlUyQnZFOTHBySmtOazB3cVNQanEwVWdXaExnWTA4aU1LRDlpQmVFdVdPTzJ3d3gKTXpxaFdiLzd6aVY0blNLZGdRSUl0SVorSDFMU2F6QmdnRjJjdFBaV2EwWTR2VGFUNUxkZ0F6dzRLODNEL2s5dQpVSG11ekdzYnRDRFVDZmpMeW9GWDRhZHY5a0ZpaEFEU29LUnJqWVQ3bk9VVGUvMU5MMERHd2xvakhoMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  server: https://7EE8F10CFFCC6BD8FB9A480B.yl4.ap-southeast-1.eks.amazonaws.com
  name: arn:aws:eks:ap-southeast-1:xxx:cluster/SGT-eks-apse1-prod
  contexts:
• context:
  cluster: arn:aws:eks:ap-southeast-1:xxx:cluster/SGT-eks-apse1-prod
  user: arn:aws:eks:ap-southeast-1:xxx:cluster/SGT-eks-apse1-prod
  name: arn:aws:eks:ap-southeast-1:xxx:cluster/SGT-eks-apse1-prod
  current-context: arn:aws:eks:ap-southeast-1:xxx:cluster/SGT-eks-apse1-prod
  kind: Config
  preferences: {}
  users:
• name: arn:aws:eks:ap-southeast-1:xxxx:cluster/SGT-eks-apse1-prod
  user:
  exec:
  apiVersion: client.authentication.k8s.io/v1alpha1
  args:
  - token
  - -i
  - SGT-eks-apse1-prod
  command: aws-iam-authenticator

所以镜像中，必须安装aws-iam-authenticator，并且希望随着主版本提供eks专门镜像。

[wilhelmguo]

@iyacontrol 这个安装包大概有多大？可以考虑直接安装到基础镜像，没必要单独打镜像

[iyacontrol]

@wilhelmguo 26M 左右 。是否合适？

[wilhelmguo]

@iyacontrol 可以，但是可以考虑做一个基础镜像，没必要每次构建都安装一次

[iyacontrol]

@wilhelmguo ok，可行。所谓的基础镜像，是把centos:7替换成 centos:7 + aws-iam-authenticator 吗？

[iyacontrol]

@wilhelmguo 此外，这次兼容了eks，可以尽快发版，官宣一下吗？然后我可以写一个文章，来介绍wayne + eks认证这块。

[iyacontrol]

@wilhelmguo 在hack/build下增加了base 文件夹，该文件夹下添加了新的base image dockerfile 。我想以后共性的东西可以添加在base当中。新的base image 命名为360cloud/centos:7，建议放到你们的仓库下面。

[wilhelmguo]

@iyacontrol 下周会发布新版本， 到时候你可以在官网写博客分享下