Fix backwards compatibility when backend mode isnt set

2020-08-14 08:56:37 -07:00 · 2020-08-14 08:56:37 -07:00 · 1981c56f67
parent 67e1bf1136
commit 1981c56f67
6 changed files with 16 additions and 9 deletions
--- a/docs/authentication.md
+++ b/docs/authentication.md
@ -113,7 +113,7 @@ data:
        - system:masters
 ```

-It is also possible to configure alternative backend modes for aws-iam-authenticator. The `backendMode` configuration option allows defining multiple backends in a comma separated string. The mappings in these backends will be merged. When the same mapping is found in multiple backends, the first backend in the list will take precedence. If MountedFile is not included in the list of backends, no configmap is required and the [cluster-id](https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id) will default to the cluster's master API DNS name. The cluster-id can be overridden by setting the `clusterID` API field. If you wish to continue using a configmap for authenticator settings other than mappings, MountedFile must be included in the backendMode list.
+It is also possible to configure alternative backend modes for aws-iam-authenticator. The `backendMode` configuration option allows defining multiple backends in a comma separated string. The mappings in these backends will be merged. When the same mapping is found in multiple backends, the first backend in the list will take precedence. If MountedFile is not included in the list of backends, no configmap is required and the [cluster-id](https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id) will default to the cluster's name. The cluster-id can be overridden by setting the `clusterID` API field. If you wish to continue using a configmap for authenticator settings other than mappings, MountedFile must be included in the backendMode list.

 This requires an aws-iam-authenticator image >= 0.5.0 For more information see [usergroup-mappings](https://github.com/kubernetes-sigs/aws-iam-authenticator#4-create-iam-roleuser-to-kubernetes-usergroup-mappings)

--- a/upup/models/bindata.go
+++ b/upup/models/bindata.go
@ -355,8 +355,8 @@ spec:
        {{- if or (not .Authentication.Aws.BackendMode) (contains "MountedFile" .Authentication.Aws.BackendMode) }}
        - --config=/etc/aws-iam-authenticator/config.yaml
        {{- end }}
-        {{- if or .Authentication.Aws.ClusterID (not (contains "MountedFile" .Authentication.Aws.BackendMode))}}
-        - --cluster-id={{ or .Authentication.Aws.ClusterID .MasterPublicName }}
+        {{- if or .Authentication.Aws.ClusterID (and .Authentication.Aws.BackendMode (not (contains "MountedFile" .Authentication.Aws.BackendMode)))}}
+        - --cluster-id={{ or .Authentication.Aws.ClusterID ClusterName }}
        {{- end }}
        - --state-dir=/var/aws-iam-authenticator
        - --kubeconfig-pregenerated=true
--- a/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template
@ -131,8 +131,8 @@ spec:
        {{- if or (not .Authentication.Aws.BackendMode) (contains "MountedFile" .Authentication.Aws.BackendMode) }}
        - --config=/etc/aws-iam-authenticator/config.yaml
        {{- end }}
-        {{- if or .Authentication.Aws.ClusterID (not (contains "MountedFile" .Authentication.Aws.BackendMode))}}
-        - --cluster-id={{ or .Authentication.Aws.ClusterID .MasterPublicName }}
+        {{- if or .Authentication.Aws.ClusterID (and .Authentication.Aws.BackendMode (not (contains "MountedFile" .Authentication.Aws.BackendMode)))}}
+        - --cluster-id={{ or .Authentication.Aws.ClusterID ClusterName }}
        {{- end }}
        - --state-dir=/var/aws-iam-authenticator
        - --kubeconfig-pregenerated=true
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/authentication.aws-k8s-1.12.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/authentication.aws-k8s-1.12.yaml
@ -108,10 +108,11 @@ spec:
      containers:
      - args:
        - server
-        - --cluster-id=api.minimal.example.com
+        - --config=/etc/aws-iam-authenticator/config.yaml
+        - --cluster-id=custom-cluster-ID
        - --state-dir=/var/aws-iam-authenticator
        - --kubeconfig-pregenerated=true
-        - --backend-mode=CRD
+        - --backend-mode=CRD,MountedFile
        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.1-debian-stretch
        livenessProbe:
          httpGet:
@ -128,6 +129,8 @@ spec:
            cpu: 10m
            memory: 20Mi
        volumeMounts:
+        - mountPath: /etc/aws-iam-authenticator/
+          name: config
        - mountPath: /var/aws-iam-authenticator/
          name: state
        - mountPath: /etc/kubernetes/aws-iam-authenticator/
@ -143,6 +146,9 @@ spec:
      - key: CriticalAddonsOnly
        operator: Exists
      volumes:
+      - configMap:
+          name: aws-iam-authenticator
+        name: config
      - hostPath:
          path: /srv/kubernetes/aws-iam-authenticator/
        name: output
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/cluster.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/cluster.yaml
@ -8,7 +8,8 @@ spec:
    - manifest: s3://somebucket/example.yaml
  authentication:
    aws:
-      backendMode: CRD
+      backendMode: CRD,MountedFile
+      clusterID: custom-cluster-ID
  kubernetesApiAccess:
  - 0.0.0.0/0
  channel: stable
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml
@ -97,7 +97,7 @@ spec:
  - id: k8s-1.12
    kubernetesVersion: '>=1.12.0'
    manifest: authentication.aws/k8s-1.12.yaml
-    manifestHash: c4f7cd3bf0b39ca7ab1b27f875da96bf5feacca9
+    manifestHash: dbfc79bb5908416ca06803461ab076b4896d0f7c
    name: authentication.aws
    selector:
      role.kubernetes.io/authentication: "1"