fix: Failing the default assumeRoleDuration injection (#4419)

charts/karpenter/values.yaml

@@ -169,7 +169,7 @@ settings:
     # -- Role to assume for calling AWS services.
     assumeRoleARN: ""
     # -- Duration of assumed credentials in minutes. Default value is 15 minutes. Not used unless aws.assumeRoleARN set.
-    assumeRoleDuration: ""
+    assumeRoleDuration: 15m
     # -- Cluster name.
     clusterName: ""
     # -- Cluster endpoint. If not set, will be discovered during startup (EKS only)

pkg/apis/settings/settings.go

@@ -24,9 +24,11 @@ import (
 	"github.com/go-playground/validator/v10"
 	"go.uber.org/multierr"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"knative.dev/pkg/apis"
 	"knative.dev/pkg/configmap"
 
+	coresettings "github.com/aws/karpenter-core/pkg/apis/settings"
 	"github.com/aws/karpenter/pkg/apis/v1alpha1"
 )
 
@@ -36,7 +38,7 @@ var ContextKey = settingsKeyType{}
 
 var defaultSettings = &Settings{
 	AssumeRoleARN:              "",
-	AssumeRoleDuration:         time.Duration(15) * time.Minute,
+	AssumeRoleDuration:         &metav1.Duration{Duration: time.Minute * 15},
 	ClusterName:                "",
 	ClusterEndpoint:            "",
 	DefaultInstanceProfile:     "",
@@ -52,8 +54,8 @@ var defaultSettings = &Settings{
 // +k8s:deepcopy-gen=true
 type Settings struct {
 	AssumeRoleARN              string
-	AssumeRoleDuration         time.Duration `validate:"min=15m"`
-	ClusterName                string        `validate:"required"`
+	AssumeRoleDuration         *metav1.Duration `validate:"min=15m"`
+	ClusterName                string           `validate:"required"`
 	ClusterEndpoint            string
 	DefaultInstanceProfile     string
 	EnablePodENI               bool
@@ -75,7 +77,7 @@ func (*Settings) Inject(ctx context.Context, cm *v1.ConfigMap) (context.Context,
 
 	if err := configmap.Parse(cm.Data,
 		configmap.AsString("aws.assumeRoleARN", &s.AssumeRoleARN),
-		configmap.AsDuration("aws.assumeRoleDuration", &s.AssumeRoleDuration),
+		coresettings.AsMetaDuration("aws.assumeRoleDuration", &s.AssumeRoleDuration),
 		configmap.AsString("aws.clusterName", &s.ClusterName),
 		configmap.AsString("aws.clusterEndpoint", &s.ClusterEndpoint),
 		configmap.AsString("aws.defaultInstanceProfile", &s.DefaultInstanceProfile),

pkg/apis/settings/suite_test.go

@@ -47,7 +47,7 @@ var _ = Describe("Validation", func() {
 		Expect(err).ToNot(HaveOccurred())
 		s := settings.FromContext(ctx)
 		Expect(s.AssumeRoleARN).To(Equal(""))
-		Expect(s.AssumeRoleDuration).To(Equal(time.Duration(15) * time.Minute))
+		Expect(s.AssumeRoleDuration.Duration).To(Equal(time.Duration(15) * time.Minute))
 		Expect(s.DefaultInstanceProfile).To(Equal(""))
 		Expect(s.EnablePodENI).To(BeFalse())
 		Expect(s.EnableENILimitedPodDensity).To(BeTrue())
@@ -76,7 +76,7 @@ var _ = Describe("Validation", func() {
 		Expect(err).ToNot(HaveOccurred())
 		s := settings.FromContext(ctx)
 		Expect(s.AssumeRoleARN).To(Equal("arn:aws:iam::111222333444:role/testrole"))
-		Expect(s.AssumeRoleDuration).To(Equal(time.Duration(27) * time.Minute))
+		Expect(s.AssumeRoleDuration.Duration).To(Equal(time.Duration(27) * time.Minute))
 		Expect(s.DefaultInstanceProfile).To(Equal("karpenter"))
 		Expect(s.EnablePodENI).To(BeTrue())
 		Expect(s.EnableENILimitedPodDensity).To(BeFalse())

pkg/operator/operator.go

@@ -239,6 +239,6 @@ func kubeDNSIP(ctx context.Context, kubernetesInterface kubernetes.Interface) (n
 }
 
 func setDurationAndExpiry(ctx context.Context, provider *stscreds.AssumeRoleProvider) {
-	provider.Duration = settings.FromContext(ctx).AssumeRoleDuration
+	provider.Duration = settings.FromContext(ctx).AssumeRoleDuration.Duration
 	provider.ExpiryWindow = time.Duration(10) * time.Second
 }