I have found essentially no documentation about how to use the Jenkins Kubernetes Plugin with Amazon EKS. The documentation mentions aws-iam-authenticator and a java setting to change a cache timeout, but doesn't explain how to configure anything.
If I put the API URL for my EKS cluster in the "Kubernetes URL" field and click the "Test Connection" button I get an error about the certification path:
Error testing connection https://XXX.gr7.us-west-2.eks.amazonaws.com: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
If I then check the "Disable https certificate check" checkbox I get an error about the "system:anonymous" user not having the right permissions:
Error testing connection https://XXX.gr7.us-west-2.eks.amazonaws.com: Failure executing: GET at: https://XXX.gr7.us-west-2.eks.amazonaws.com/api/v1/namespaces/default/pods. Message: pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "default". Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=null, kind=pods, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "default", metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).
The EC2 instance the jenkins master is running on has an IAM role with full eks:* permissions. If I set up a Credential with the IAM Role it doesn't show up in the Credentials dropdown. A Credential with an AWS access and secret key also doesn't show up in the Credentials dropdown.