diff --git a/deploy/example.yaml b/deploy/example.yaml index b3ba62cff..b16902aec 100644 --- a/deploy/example.yaml +++ b/deploy/example.yaml @@ -227,7 +227,7 @@ spec: # - output (output kubeconfig to plug into your apiserver configuration, mounted from the host) containers: - name: aws-iam-authenticator - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.3 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.6.14 args: - server # uncomment if using EKS-Style ConfigMap diff --git a/hack/check-vendor.sh b/hack/check-vendor.sh deleted file mode 100755 index 376b19eb5..000000000 --- a/hack/check-vendor.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -export GO111MODULE=on -rm -rf vendor -go mod vendor -VENDOR_DIFF_LINES=$(git diff --numstat) - -if [[ -n "$VENDOR_DIFF_LINES" ]]; then - echo "Vendored code did not match was expected" - git diff - exit 1 -fi diff --git a/hack/e2e/deploy.yaml b/hack/e2e/deploy.yaml index 523aff132..2133216da 100644 --- a/hack/e2e/deploy.yaml +++ b/hack/e2e/deploy.yaml @@ -194,12 +194,9 @@ spec: type: RollingUpdate template: metadata: - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" labels: k8s-app: aws-iam-authenticator spec: - # use service account with access to serviceAccountName: aws-iam-authenticator @@ -209,6 +206,10 @@ spec: # run on each master node nodeSelector: node-role.kubernetes.io/master: "" + + # mark pod as critical to the cluster + priorityClassName: system-cluster-critical + tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master diff --git a/hack/e2e/kops.sh b/hack/e2e/kops.sh index 2aa2beb34..a57063c9c 100755 --- a/hack/e2e/kops.sh +++ b/hack/e2e/kops.sh @@ -28,10 +28,11 @@ function kops_create_cluster() { K8S_VERSION=${8} CLUSTER_FILE=${9} KUBECONFIG=${10} - KUBECONFIG_ADMIN=${11} - TEST_DIR=${12} - KOPS_STATE_FILE=${13} - KOPS_PATCH_FILE=${14} + USER_ROLE=${11} + KUBECONFIG_ADMIN=${12} + TEST_DIR=${13} + KOPS_STATE_FILE=${14} + KOPS_PATCH_FILE=${15} if [[ ! -e ${SSH_KEY_PATH} ]]; then loudecho "Generating SSH key $SSH_KEY_PATH" @@ -71,8 +72,14 @@ function kops_create_cluster() { ${KOPS_BIN} update cluster --state "${KOPS_STATE_FILE}" "${CLUSTER_NAME}" \ --ssh-public-key="${SSH_KEY_PATH}".pub --yes + # TODO - remove. For debugging PR only + sudo apt-get install yq -y + loudecho Kubeconfig users + cat $KUBECONFIG | yq '.users' + + ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG_ADMIN}" "${CLUSTER_NAME}" --admin - ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG}" "${CLUSTER_NAME}" + ${KOPS_BIN} export kubeconfig --state "${KOPS_STATE_FILE}" --kubeconfig "${KUBECONFIG}" "${CLUSTER_NAME}" --user "${USER_ROLE}" loudecho "Waiting on cluster ${CLUSTER_NAME}..." # we can't just use kops validate, because it requires the authenticator to be ready, but it's not set up yet... diff --git a/hack/e2e/run.sh b/hack/e2e/run.sh index 6ce61d66b..767e7ca9d 100755 --- a/hack/e2e/run.sh +++ b/hack/e2e/run.sh @@ -98,7 +98,7 @@ loudecho "Installing ginkgo to ${BIN_DIR}" GINKGO_BIN=${BIN_DIR}/ginkgo if [[ ! -e ${GINKGO_BIN} ]]; then pushd /tmp - GOPATH=${TEST_DIR} GOBIN=${BIN_DIR} GO111MODULE=on go install github.com/onsi/ginkgo/ginkgo@v1.12.0 + GOPATH=${TEST_DIR} GOBIN=${BIN_DIR} GO111MODULE=on go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 popd fi @@ -171,6 +171,7 @@ kops_create_cluster \ "$K8S_VERSION" \ "$CLUSTER_FILE" \ "$KUBECONFIG" \ + "$USER_ROLE" \ "$KUBECONFIG_ADMIN" \ "$TEST_DIR" \ "$KOPS_STATE_FILE" \ diff --git a/hack/test-integration.sh b/hack/test-integration.sh index 1bc319bf1..20148a6aa 100755 --- a/hack/test-integration.sh +++ b/hack/test-integration.sh @@ -89,10 +89,14 @@ if [[ -d ${TEST_ARTIFACTS}/k8s.io/kubernetes ]]; then rm -rf ${TEST_ARTIFACTS}/k8s.io/kubernetes fi +GOPROXY=direct go install golang.org/x/tools/cmd/goimports + mkdir -p ${TEST_ARTIFACTS}/k8s.io/kubernetes git clone --branch ${KUBERNETES_TAG} --depth 1 https://github.com/kubernetes/kubernetes.git ${TEST_ARTIFACTS}/k8s.io/kubernetes --depth 1 pushd ${TEST_ARTIFACTS}/k8s.io/kubernetes +./hack/install-protoc.sh +export PATH="/home/prow/go/src/github.com/kubernetes-sigs/aws-iam-authenticator/test-artifacts/k8s.io/kubernetes/third_party/protoc:${PATH}" ./hack/update-codegen.sh ./hack/install-etcd.sh export PATH="${TEST_ARTIFACTS}/k8s.io/kubernetes/third_party/etcd:${PATH}"