From b4df2c1a5dff593d465d1d137e684be3d32c04d9 Mon Sep 17 00:00:00 2001 From: James Gleixner Date: Tue, 8 Aug 2023 09:45:13 -0700 Subject: [PATCH] Changed 'assumeRole' to 'assumeRoleARN' --- charts/karpenter/values.yaml | 4 ++-- pkg/apis/settings/settings.go | 6 +++--- pkg/apis/settings/suite_test.go | 13 +++++++------ pkg/operator/operator.go | 4 ++-- website/content/en/preview/concepts/settings.md | 2 +- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/charts/karpenter/values.yaml b/charts/karpenter/values.yaml index 64c068d521ca..5ae2f7f6fef0 100644 --- a/charts/karpenter/values.yaml +++ b/charts/karpenter/values.yaml @@ -167,8 +167,8 @@ settings: # -- AWS-specific configuration values aws: # -- Role to assume for calling AWS services. - assumeRole: "" - # -- Duration of assumed credentials in minutes. Default value is 15 minutes. Not used unless aws.assumeRole set. + assumeRoleARN: "" + # -- Duration of assumed credentials in minutes. Default value is 15 minutes. Not used unless aws.assumeRoleARN set. assumeRoleDuration: "" # -- Cluster name. clusterName: "" diff --git a/pkg/apis/settings/settings.go b/pkg/apis/settings/settings.go index 9ffd0c232f76..9809c802858a 100644 --- a/pkg/apis/settings/settings.go +++ b/pkg/apis/settings/settings.go @@ -35,7 +35,7 @@ type settingsKeyType struct{} var ContextKey = settingsKeyType{} var defaultSettings = &Settings{ - AssumeRole: "", + AssumeRoleARN: "", ClusterName: "", ClusterEndpoint: "", AssumeRoleDuration: time.Duration(15) * time.Minute, @@ -51,7 +51,7 @@ var defaultSettings = &Settings{ // +k8s:deepcopy-gen=true type Settings struct { - AssumeRole string + AssumeRoleARN string ClusterName string `validate:"required"` ClusterEndpoint string AssumeRoleDuration time.Duration `validate:"min=15m"` @@ -74,7 +74,7 @@ func (*Settings) Inject(ctx context.Context, cm *v1.ConfigMap) (context.Context, s := defaultSettings.DeepCopy() if err := configmap.Parse(cm.Data, - configmap.AsString("aws.assumeRole", &s.AssumeRole), + configmap.AsString("aws.assumeRoleARN", &s.AssumeRoleARN), configmap.AsString("aws.clusterName", &s.ClusterName), configmap.AsString("aws.clusterEndpoint", &s.ClusterEndpoint), configmap.AsDuration("aws.assumeRoleDuration", &s.AssumeRoleDuration), diff --git a/pkg/apis/settings/suite_test.go b/pkg/apis/settings/suite_test.go index ecd7b5dcf2c5..21a613e8edb9 100644 --- a/pkg/apis/settings/suite_test.go +++ b/pkg/apis/settings/suite_test.go @@ -17,6 +17,7 @@ package settings_test import ( "context" "testing" + "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -45,8 +46,8 @@ var _ = Describe("Validation", func() { ctx, err := (&settings.Settings{}).Inject(ctx, cm) Expect(err).ToNot(HaveOccurred()) s := settings.FromContext(ctx) - Expect(s.AssumeRole).To(Equal("")) - Expect(s.AssumeRoleDuration).To(Equal(15)) + Expect(s.AssumeRoleARN).To(Equal("")) + Expect(s.AssumeRoleDuration).To(Equal(time.Duration(15) * time.Minute)) Expect(s.DefaultInstanceProfile).To(Equal("")) Expect(s.EnablePodENI).To(BeFalse()) Expect(s.EnableENILimitedPodDensity).To(BeTrue()) @@ -58,8 +59,8 @@ var _ = Describe("Validation", func() { It("should succeed to set custom values", func() { cm := &v1.ConfigMap{ Data: map[string]string{ - "aws.assumeRole": "arn:aws:iam::111222333444:role/testrole", - "aws.assumeRoleDuration": "27", + "aws.assumeRoleARN": "arn:aws:iam::111222333444:role/testrole", + "aws.assumeRoleDuration": "27m", "aws.clusterEndpoint": "https://00000000000000000000000.gr7.us-west-2.eks.amazonaws.com", "aws.clusterName": "my-cluster", "aws.defaultInstanceProfile": "karpenter", @@ -74,8 +75,8 @@ var _ = Describe("Validation", func() { ctx, err := (&settings.Settings{}).Inject(ctx, cm) Expect(err).ToNot(HaveOccurred()) s := settings.FromContext(ctx) - Expect(s.AssumeRole).To(Equal("arn:aws:iam::111222333444:role/testrole")) - Expect(s.AssumeRoleDuration).To(Equal(27)) + Expect(s.AssumeRoleARN).To(Equal("arn:aws:iam::111222333444:role/testrole")) + Expect(s.AssumeRoleDuration).To(Equal(time.Duration(27) * time.Minute)) Expect(s.DefaultInstanceProfile).To(Equal("karpenter")) Expect(s.EnablePodENI).To(BeTrue()) Expect(s.EnableENILimitedPodDensity).To(BeFalse()) diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 8a0c96a5dec3..d1cd477cc21c 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -78,8 +78,8 @@ func NewOperator(ctx context.Context, operator *operator.Operator) (context.Cont STSRegionalEndpoint: endpoints.RegionalSTSEndpoint, } - if assumeRole := settings.FromContext(ctx).AssumeRole; assumeRole != "" { - config.Credentials = stscreds.NewCredentials(session.Must(session.NewSession()), assumeRole, + if assumeRoleARN := settings.FromContext(ctx).AssumeRoleARN; assumeRoleARN != "" { + config.Credentials = stscreds.NewCredentials(session.Must(session.NewSession()), assumeRoleARN, func(provider *stscreds.AssumeRoleProvider) { setDurationAndExpiry(provider, ctx) }) } diff --git a/website/content/en/preview/concepts/settings.md b/website/content/en/preview/concepts/settings.md index 0631a0050fb3..3631bd952ecb 100644 --- a/website/content/en/preview/concepts/settings.md +++ b/website/content/en/preview/concepts/settings.md @@ -46,7 +46,7 @@ data: # will be batched separately. batchIdleDuration: 1s # Role to assume for calling AWS services. - aws.assumerole: arn:aws:iam::111222333444:role/examplerole + aws.assumeRoleARN: arn:aws:iam::111222333444:role/examplerole # Duration of assumed credentials in minutes. Default value is 15 minutes. Not used unless aws.assumeRole set. aws.assumeRoleDuration: 15 # [REQUIRED] The kubernetes cluster name for resource discovery