/
add-on-irsa.go
150 lines (128 loc) · 5.07 KB
/
add-on-irsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package eksconfig
import (
"errors"
"fmt"
"path"
"path/filepath"
"strings"
"time"
"github.com/aws/aws-k8s-tester/pkg/timeutil"
)
// AddOnIRSA defines parameters for EKS cluster
// add-on "IAM Roles for Service Accounts (IRSA)".
type AddOnIRSA struct {
// Enable is 'true' to create this add-on.
Enable bool `json:"enable"`
// Created is true when the resource has been created.
// Used for delete operations.
Created bool `json:"created" read-only:"true"`
TimeFrameCreate timeutil.TimeFrame `json:"time-frame-create" read-only:"true"`
TimeFrameDelete timeutil.TimeFrame `json:"time-frame-delete" read-only:"true"`
// S3Dir is the S3 directory to store all test results.
// It is under the bucket "eksconfig.Config.S3BucketName".
S3Dir string `json:"s3-dir"`
// Namespace is the namespace to create objects in.
Namespace string `json:"namespace"`
// RepositoryAccountID is the account ID for tester ECR image.
// e.g. "aws/aws-k8s-tester" for "[ACCOUNT_ID].dkr.ecr.[REGION].amazonaws.com/aws/aws-k8s-tester"
RepositoryAccountID string `json:"repository-account-id,omitempty"`
// RepositoryRegion is the ECR repository region to pull from.
RepositoryRegion string `json:"repository-region,omitempty"`
// RepositoryName is the repositoryName for tester ECR image.
// e.g. "aws/aws-k8s-tester" for "[ACCOUNT_ID].dkr.ecr.[REGION].amazonaws.com/aws/aws-k8s-tester"
RepositoryName string `json:"repository-name,omitempty"`
// RepositoryImageTag is the image tag for tester ECR image.
// e.g. "latest" for image URI "[ACCOUNT_ID].dkr.ecr.[REGION].amazonaws.com/aws/aws-k8s-tester:latest"
RepositoryImageTag string `json:"repository-image-tag,omitempty"`
// RoleName is the role name for IRSA.
RoleName string `json:"role-name"`
// RoleARN is the role ARN for IRSA.
RoleARN string `json:"role-arn"`
RoleCFNStackID string `json:"role-cfn-stack-id" read-only:"true"`
RoleCFNStackYAMLPath string `json:"role-cfn-stack-yaml-path" read-only:"true"`
RoleCFNStackYAMLS3Key string `json:"role-cfn-stack-yaml-s3-key" read-only:"true"`
// S3Key is the S3 key to write for IRSA tests.
S3Key string `json:"s3-key"`
// DeploymentReplicas is the number of Deployment replicas.
DeploymentReplicas int32 `json:"deployment-replicas"`
// DeploymentResultPath is the output of "Deployment" run.
DeploymentResultPath string `json:"deployment-result-path"`
// DeploymentTook is the duration that took for Deployment resource.
DeploymentTook time.Duration `json:"deployment-took,omitempty" read-only:"true"`
// DeploymentTookString is the duration that took for Deployment resource.
DeploymentTookString string `json:"deployment-took-string,omitempty" read-only:"true"`
}
// EnvironmentVariablePrefixAddOnIRSA is the environment variable prefix used for "eksconfig".
const EnvironmentVariablePrefixAddOnIRSA = AWS_K8S_TESTER_EKS_PREFIX + "ADD_ON_IRSA_"
// IsEnabledAddOnIRSA returns true if "AddOnIRSA" is enabled.
// Otherwise, nil the field for "omitempty".
func (cfg *Config) IsEnabledAddOnIRSA() bool {
if cfg.AddOnIRSA == nil {
return false
}
if cfg.AddOnIRSA.Enable {
return true
}
cfg.AddOnIRSA = nil
return false
}
func getDefaultAddOnIRSA() *AddOnIRSA {
return &AddOnIRSA{
Enable: false,
DeploymentReplicas: 1,
}
}
func (cfg *Config) GetAddOnIRSARepositoryRegion() string {
if !cfg.IsEnabledAddOnIRSA() {
return cfg.Region
}
return cfg.AddOnIRSA.RepositoryRegion
}
func (cfg *Config) validateAddOnIRSA() error {
if !cfg.IsEnabledAddOnIRSA() {
return nil
}
if !cfg.IsEnabledAddOnNodeGroups() && !cfg.IsEnabledAddOnManagedNodeGroups() {
return errors.New("AddOnIRSA.Enable true but no node group is enabled")
}
if cfg.Parameters.VersionValue < 1.14 {
return fmt.Errorf("Version %q not supported for AddOnIRSA", cfg.Parameters.Version)
}
if cfg.AddOnIRSA.S3Dir == "" {
cfg.AddOnIRSA.S3Dir = path.Join(cfg.Name, "add-on-irsa")
}
if cfg.AddOnIRSA.Namespace == "" {
cfg.AddOnIRSA.Namespace = cfg.Name + "-irsa"
}
if cfg.AddOnIRSA.RepositoryAccountID == "" {
return errors.New("AddOnIRSA.RepositoryAccountID empty")
}
if cfg.AddOnIRSA.RepositoryRegion == "" {
cfg.AddOnIRSA.RepositoryRegion = cfg.Region
}
if cfg.AddOnIRSA.RepositoryName == "" {
return errors.New("AddOnIRSA.RepositoryName empty")
}
if cfg.AddOnIRSA.RepositoryImageTag == "" {
return errors.New("AddOnIRSA.RepositoryImageTag empty")
}
if cfg.AddOnIRSA.RoleName == "" {
cfg.AddOnIRSA.RoleName = cfg.Name + "-add-on-irsa-role"
}
if cfg.AddOnIRSA.RoleCFNStackYAMLPath == "" {
cfg.AddOnIRSA.RoleCFNStackYAMLPath = strings.ReplaceAll(cfg.ConfigPath, ".yaml", "") + ".add-on-irsa.role.cfn.yaml"
}
if cfg.AddOnIRSA.RoleCFNStackYAMLS3Key == "" {
cfg.AddOnIRSA.RoleCFNStackYAMLS3Key = path.Join(
cfg.AddOnIRSA.S3Dir,
filepath.Base(cfg.AddOnIRSA.RoleCFNStackYAMLPath),
)
}
if cfg.AddOnIRSA.S3Key == "" {
cfg.AddOnIRSA.S3Key = path.Join(cfg.AddOnIRSA.S3Dir, "irsa-s3-key")
}
if cfg.AddOnIRSA.DeploymentResultPath == "" {
cfg.AddOnIRSA.DeploymentResultPath = filepath.Join(filepath.Dir(cfg.ConfigPath), cfg.Name+"-deployment-irsa-result.log")
}
return nil
}