aws-iam-authenticator recently introduced the possibility to use custom resources to configure roles and user bindings. However, this version of the app is not available in EKS and is not planned to at this moment. So here is an operator to reflect IamIdentityMappings changes in the aws-auth configmap.
- Install poetry
- Install the dependencies in a virtual environment
poetry install
- Add the git pre-commit hook
poetry run pre-commit install
. - Make your IDE use the virtualenv that was created by poetry.
To run all tests, use poetry run pytest
To manually run all linters, use pre-commit run
after staging your changes
NOTE
Every commit will be checked against all linters with pre-commit. If it fails, simply fix the issues, stage new changes, and commit again.
kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py
You can also test the operator locally in a minikube context.
WARNING: Make sure you change your context to minikube before doing these commands. |
---|
- Create a test config-map
kubectl apply -f kubernetes/test/configmap.yaml
- Create the IamIdentityMapping crd
kubectl apply -f kubernetes/iamidentitymappings.yaml
- Inspect the current state of the configmap with
kubectl get cm -n kube-system aws-auth -o yaml
- Start the operator in minikube
kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py
- Create, in a different terminal, an IamIdentityMapping
kubectl apply -f kubernetes/test/test-iam-rolearn.yaml
- Verify the change is applied by the operator in the configmap with
kubectl get cm -n kube-system aws-auth -o yaml
- Deploy the CRD definition
kubectl apply -f kubernetes/iamidentitymapping.yaml
- Deploy the operator
kubectl apply -f kubernetes/auth-operator.yaml
# Choose a specific ref and tag if needed
REF=master
TAG=0.6.4
cat <<EOF > kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- https://github.com/coveooss/aws_auth_eks_crd//kubernetes/?ref=$REF
images:
- name: coveo/aws-auth-operator:0.1
newName: ghcr.io/coveooss/aws_auth_eks_crd
newTag: $TAG
EOF
# Deploy
kustomize build . | kubectl apply -f -