variants: add aws-iam-authenticator to metal variants #3357

yeazelm · 2023-08-22T15:35:06Z

Issue number:

Closes # 2823

Description of changes:
AWS IAM Authentication can be set in metal variants right now but the binary is not included in the image causing it to fail. This adds the binary to the variants so that one can use AWS IAM Authentication instead of TLS.

Testing done:
Built a metal-k8s-1.23 image and confirmed the binary prints out usage:

/usr/bin/aws-iam-authenticator
A tool to authenticate to Kubernetes using AWS IAM credentials

Usage:
  aws-iam-authenticator [command]

Available Commands:
  add         add IAM entity to an existing aws-auth configmap
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  init        Pre-generate certificate, private key, and kubeconfig files for the server.
  server      Run a webhook validation server suitable that validates tokens using AWS IAM
  token       Authenticate using AWS IAM and get token for Kubernetes
  verify      Verify a token for debugging purpose
  version     Version will output the current build information

Flags:
  -i, --cluster-id ID                 Specify the cluster ID, a unique-per-cluster identifier for your aws-iam-authenticator installation.
  -c, --config filename               Load configuration from filename
      --feature-gates mapStringBool   A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
                                      AllAlpha=true|false (ALPHA - default=false)
                                      AllBeta=true|false (BETA - default=false)
  1 variants: add aws-iam-authenticator to metal variants
                                      ConfiguredInitDirectories=true|false (ALPHA - default=false)
                                      IAMIdentityMappingCRD=true|false (ALPHA - default=false)
  -h, --help                          help for aws-iam-authenticator
  -l, --log-format string             Specify log format to use when logging to stderr [text or json] (default "text")

Use "aws-iam-authenticator [command] --help" for more information about a command.

I don't have a cluster for metal where I could test that it works as intended but it should function the same as the aws variants today.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

AWS IAM Authentication can be set in metal variants right now but the binary is not included in the image causing it to fail. This adds the binary to the variants so that one can use AWS IAM Authentication instead of TLS. Signed-off-by: Matthew Yeazel <yeazelm@amazon.com>

etungsten

note to self: add this for metal-k8s-1.28 in #3329

arnaldo2792 approved these changes Aug 22, 2023

View reviewed changes

stmcginnis approved these changes Aug 22, 2023

View reviewed changes

etungsten approved these changes Aug 22, 2023

View reviewed changes

etungsten merged commit c3db0de into bottlerocket-os:develop Aug 22, 2023
42 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

variants: add aws-iam-authenticator to metal variants #3357

variants: add aws-iam-authenticator to metal variants #3357

yeazelm commented Aug 22, 2023

etungsten left a comment

variants: add aws-iam-authenticator to metal variants #3357

variants: add aws-iam-authenticator to metal variants #3357

Conversation

yeazelm commented Aug 22, 2023

etungsten left a comment

Choose a reason for hiding this comment