Skip to content

Commit

Permalink
Merge pull request #2934 from stmcginnis/cred-prov-env
Browse files Browse the repository at this point in the history 
Enable environment variables for Kubernetes credential providers
  • Loading branch information
@stmcginnis
stmcginnis authored Apr 10, 2023
2 parents b59757b + 2fcb890 commit 570d90b
Show file tree
Hide file tree
Showing 7 changed files with 65 additions and 16 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,11 @@ The following settings are optional and allow you to further configure your clus
"*.dkr.ecr.us-east-2.amazonaws.com",
"*.dkr.ecr.us-west-2.amazonaws.com"
]

[settings.kubernetes.credential-providers.ecr-credential-provider.environment]
# The following are not used with ecr-credential-provider, but are provided for illustration
"KEY" = "abc123xyz"
"GOMAXPROCS" = "2"
```

**Note:** `ecr-credential-provider` is currently the only supported provider.
Expand Down
14 changes: 11 additions & 3 deletions packages/kubernetes-1.22/credential-provider-config-yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ providers:
{{/each}}
defaultCacheDuration: "{{default "12h" this.cache-duration}}"
apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
{{#if (eq @key "ecr-credential-provider")}}
{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
env:
{{#if this.environment}}
{{#each this.environment}}
- name: {{@key}}
value: '{{this}}'
{{/each}}
{{/if}}
{{#if (eq @key "ecr-credential-provider")}}
- name: HOME
value: /root
value: '/root'
{{#if @root.settings.aws.profile}}
- name: AWS_PROFILE
value: {{@root.settings.aws.profile}}
value: '{{@root.settings.aws.profile}}'
{{/if}}
{{/if}}
{{/if}}
{{/if}}
Expand Down
14 changes: 11 additions & 3 deletions packages/kubernetes-1.23/credential-provider-config-yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ providers:
{{/each}}
defaultCacheDuration: "{{default "12h" this.cache-duration}}"
apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
{{#if (eq @key "ecr-credential-provider")}}
{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
env:
{{#if this.environment}}
{{#each this.environment}}
- name: {{@key}}
value: '{{this}}'
{{/each}}
{{/if}}
{{#if (eq @key "ecr-credential-provider")}}
- name: HOME
value: /root
value: '/root'
{{#if @root.settings.aws.profile}}
- name: AWS_PROFILE
value: {{@root.settings.aws.profile}}
value: '{{@root.settings.aws.profile}}'
{{/if}}
{{/if}}
{{/if}}
{{/if}}
Expand Down
14 changes: 11 additions & 3 deletions packages/kubernetes-1.24/credential-provider-config-yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ providers:
{{/each}}
defaultCacheDuration: "{{default "12h" this.cache-duration}}"
apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
{{#if (eq @key "ecr-credential-provider")}}
{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
env:
{{#if this.environment}}
{{#each this.environment}}
- name: {{@key}}
value: '{{this}}'
{{/each}}
{{/if}}
{{#if (eq @key "ecr-credential-provider")}}
- name: HOME
value: /root
value: '/root'
{{#if @root.settings.aws.profile}}
- name: AWS_PROFILE
value: {{@root.settings.aws.profile}}
value: '{{@root.settings.aws.profile}}'
{{/if}}
{{/if}}
{{/if}}
{{/if}}
Expand Down
14 changes: 11 additions & 3 deletions packages/kubernetes-1.25/credential-provider-config-yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ providers:
{{/each}}
defaultCacheDuration: "{{default "12h" this.cache-duration}}"
apiVersion: credentialprovider.kubelet.k8s.io/v1beta1
{{#if (eq @key "ecr-credential-provider")}}
{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
env:
{{#if this.environment}}
{{#each this.environment}}
- name: {{@key}}
value: '{{this}}'
{{/each}}
{{/if}}
{{#if (eq @key "ecr-credential-provider")}}
- name: HOME
value: /root
value: '/root'
{{#if @root.settings.aws.profile}}
- name: AWS_PROFILE
value: {{@root.settings.aws.profile}}
value: '{{@root.settings.aws.profile}}'
{{/if}}
{{/if}}
{{/if}}
{{/if}}
Expand Down
14 changes: 11 additions & 3 deletions packages/kubernetes-1.26/credential-provider-config-yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ providers:
{{/each}}
defaultCacheDuration: "{{default "12h" this.cache-duration}}"
apiVersion: credentialprovider.kubelet.k8s.io/v1
{{#if (eq @key "ecr-credential-provider")}}
{{#if (or (eq @key "ecr-credential-provider") this.environment)}}
env:
{{#if this.environment}}
{{#each this.environment}}
- name: {{@key}}
value: '{{this}}'
{{/each}}
{{/if}}
{{#if (eq @key "ecr-credential-provider")}}
- name: HOME
value: /root
value: '/root'
{{#if @root.settings.aws.profile}}
- name: AWS_PROFILE
value: {{@root.settings.aws.profile}}
value: '{{@root.settings.aws.profile}}'
{{/if}}
{{/if}}
{{/if}}
{{/if}}
Expand Down
6 changes: 5 additions & 1 deletion sources/models/src/modeled_types/kubernetes.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ use serde::de::Error as _;
use serde_json::Value;
use snafu::{ensure, ResultExt};
use std::borrow::Borrow;
use std::collections::HashMap;
use std::convert::TryFrom;
use std::fmt;
use std::fmt::{Display, Formatter};
Expand Down Expand Up @@ -1315,12 +1316,15 @@ mod test_cluster_dns_ip {
}
}

type EnvVarMap = HashMap<SingleLineString, SingleLineString>;

/// CredentialProvider contains the settings for a credential provider for use
/// in CredentialProviderConfig.
#[derive(Debug, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
pub struct CredentialProvider {
enabled: bool,
image_patterns: Vec<SingleLineString>,
cache_duration: Option<KubernetesDurationValue>,
environment: Option<EnvVarMap>,
}

0 comments on commit 570d90b

Please sign in to comment.