Allow setting Kiam version <3.0 (#1599)

davidmccormick · davidmccormick · commit 4c88b760ff1a · 2019-05-22T20:31:41.000+01:00
Update Kiam template and defaults.

Change default sessontimeout to 30m by default so that Kiam does some caching.

Update tests with 30m session caching
diff --git a/builtin/files/cluster.yaml.tmpl b/builtin/files/cluster.yaml.tmpl
@@ -1467,14 +1467,14 @@ experimental:
   # This is intended to be used in combination with .controller.iam.role.name. See #297 for more information.
   kiamSupport:
     enabled: false
-    image:
-      repo: quay.io/uswitch/kiam
-      tag: v2.8
-      rktPullDocker: false
-    sessionDuration: 15m
-    serverAddresses:
-      serverAddress: localhost:443
-      agentAddress: kiam-server:443
+    # image:
+    #  repo: quay.io/uswitch/kiam
+    #  tag: v3.2
+    #  rktPullDocker: false
+    # sessionDuration: 30m
+    # serverAddresses:
+    #  serverAddress: localhost:443
+    #  agentAddress: kiam-server:443
     # Optional resource change for kiam servers/agents can be done via using the resources block below and changing the values.
     # Values below are the default if not set.
     # serverResources:
diff --git a/builtin/files/userdata/cloud-config-controller b/builtin/files/userdata/cloud-config-controller
@@ -5549,9 +5549,11 @@ write_files:
               - name: kiam
                 image: {{.Experimental.KIAMSupport.Image.RepoWithTag}}
                 command:
-                  - /kiam
+                  - {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag}}/kiam{{else}}/server{{end}}
                 args:
+                  {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag -}}
                   - server
+                  {{ end -}}
                   - --json-log
                   - --bind=0.0.0.0:443
                   - --cert=/etc/kiam/tls/server.pem
@@ -5570,27 +5572,37 @@ write_files:
                 livenessProbe:
                   exec:
                     command:
+                    {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag -}}
                     - /kiam
                     - health
+                    - --gateway-timeout-creation=1s
+                    {{ else -}}
+                    - /health
+                    - --server-address-refresh=2s
+                    {{ end -}}
                     - --cert=/etc/kiam/tls/server.pem
                     - --key=/etc/kiam/tls/server-key.pem
                     - --ca=/etc/kiam/tls/ca.pem
                     - --server-address={{.Experimental.KIAMSupport.ServerAddresses.ServerAddress}}
-                    - --gateway-timeout-creation=1s
                     - --timeout=5s
                   initialDelaySeconds: 10
                   periodSeconds: 10
                   timeoutSeconds: 10
                 readinessProbe:
                   exec:
                     command:
+                    {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag -}}
                     - /kiam
                     - health
+                    - --gateway-timeout-creation=1s
+                    {{ else -}}
+                    - /health
+                    - --server-address-refresh=2s
+                    {{ end -}}
                     - --cert=/etc/kiam/tls/server.pem
                     - --key=/etc/kiam/tls/server-key.pem
                     - --ca=/etc/kiam/tls/ca.pem
                     - --server-address={{.Experimental.KIAMSupport.ServerAddresses.ServerAddress}}
-                    - --gateway-timeout-creation=1s
                     - --timeout=5s
                   initialDelaySeconds: 3
                   periodSeconds: 10
@@ -5733,9 +5745,13 @@ write_files:
                     add: ["NET_ADMIN"]
                 image: {{.Experimental.KIAMSupport.Image.RepoWithTag}}
                 command:
-                  - /kiam
+                  - {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag}}/kiam{{else}}/agent{{end}}
                 args:
+                  {{if checkVersion ">= 3.0" .Experimental.KIAMSupport.Image.Tag -}}
                   - agent
+                  - --whitelist-route-regexp=.*
+                  - --gateway-timeout-creation=1s
+                  {{ end -}}
                   - --iptables
            {{- if .Kubernetes.Networking.AmazonVPC.Enabled }}
                   - --host-interface=!eni0
@@ -5750,10 +5766,8 @@ write_files:
                   - --key=/etc/kiam/tls/agent-key.pem
                   - --ca=/etc/kiam/tls/ca.pem
                   - --server-address={{.Experimental.KIAMSupport.ServerAddresses.AgentAddress}}
-                  - --whitelist-route-regexp=.*
                   - --prometheus-listen-addr=0.0.0.0:9620
                   - --prometheus-sync-interval=5s
-                  - --gateway-timeout-creation=1s
                 env:
                   - name: HOST_IP
                     valueFrom:
diff --git a/pkg/api/cluster.go b/pkg/api/cluster.go
@@ -76,7 +76,7 @@ func NewDefaultCluster() *Cluster {
 		KIAMSupport: KIAMSupport{
 			Enabled:         false,
 			Image:           Image{Repo: "quay.io/uswitch/kiam", Tag: "v3.2", RktPullDocker: false},
-			SessionDuration: "15m",
+			SessionDuration: "30m",
 			ServerAddresses: KIAMServerAddresses{ServerAddress: "localhost:443", AgentAddress: "kiam-server:443"},
 		},
 		Kube2IamSupport: Kube2IamSupport{
diff --git a/test/integration/maincluster_test.go b/test/integration/maincluster_test.go
@@ -118,7 +118,7 @@ func TestMainClusterConfig(t *testing.T) {
 			KIAMSupport: api.KIAMSupport{
 				Enabled:         false,
 				Image:           api.Image{Repo: "quay.io/uswitch/kiam", Tag: "v3.2", RktPullDocker: false},
-				SessionDuration: "15m",
+				SessionDuration: "30m",
 				ServerAddresses: api.KIAMServerAddresses{ServerAddress: "localhost:443", AgentAddress: "kiam-server:443"},
 			},
 			Kube2IamSupport: api.Kube2IamSupport{
@@ -1383,7 +1383,7 @@ worker:
 						KIAMSupport: api.KIAMSupport{
 							Enabled:         false,
 							Image:           api.Image{Repo: "quay.io/uswitch/kiam", Tag: "v3.2", RktPullDocker: false},
-							SessionDuration: "15m",
+							SessionDuration: "30m",
 							ServerAddresses: api.KIAMServerAddresses{ServerAddress: "localhost:443", AgentAddress: "kiam-server:443"},
 						},
 						Kube2IamSupport: api.Kube2IamSupport{
@@ -1556,8 +1556,8 @@ experimental:
       tag: v2.6
     sessionDuration: 30m	
     serverAddresses:
-      serverAddress: localhost
-      agentAddress: kiam-server
+      serverAddress: localhost:443
+      agentAddress: kiam-server:443
 worker:
   nodePools:
   - name: pool1
@@ -1568,7 +1568,7 @@ worker:
 						Enabled:         true,
 						Image:           api.Image{Repo: "quay.io/uswitch/kiam", Tag: "v2.6", RktPullDocker: false},
 						SessionDuration: "30m",
-						ServerAddresses: api.KIAMServerAddresses{ServerAddress: "localhost", AgentAddress: "kiam-server"},
+						ServerAddresses: api.KIAMServerAddresses{ServerAddress: "localhost:443", AgentAddress: "kiam-server:443"},
 					}
 
 					actual := c.Experimental
@@ -1599,7 +1599,7 @@ worker:
 						KIAMSupport: api.KIAMSupport{
 							Enabled:         true,
 							Image:           api.Image{Repo: "quay.io/uswitch/kiam", Tag: "v3.2", RktPullDocker: false},
-							SessionDuration: "15m",
+							SessionDuration: "30m",
 							ServerAddresses: api.KIAMServerAddresses{ServerAddress: "localhost:443", AgentAddress: "kiam-server:443"},
 						},
 					}
