MAJOR: kubernetes-ingress: AWS Marketplace support (#107)

dkorunic · dkorunic · commit 755be9be3537 · 2022-11-21T14:57:36.000+01:00
Adding AWS Marketplace integration code from Dario Tranchitella

Signed-off-by: Dinko Korunic &lt;dkorunic@haproxy.com&gt;
diff --git a/kubernetes-ingress/templates/controller-deployment.yaml b/kubernetes-ingress/templates/controller-deployment.yaml
@@ -146,6 +146,15 @@ spec:
             {{- toYaml . | trim | nindent 12 }}
           {{- end }}
           env:
+          {{- if .Values.aws.licenseConfigSecretName }}
+          - name: AWS_WEB_IDENTITY_REFRESH_TOKEN_FILE
+            value: "/var/run/secrets/product-license/license_token"
+          - name: AWS_ROLE_ARN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.aws.licenseConfigSecretName }}
+                  key: iam_role
+          {{- end }}
           - name: POD_NAME
             valueFrom:
               fieldRef:
@@ -171,8 +180,13 @@ spec:
 {{ toYaml .Values.controller.lifecycle | indent 12 }}
             {{- end }}
           {{- end }}
-          {{- if .Values.controller.extraVolumeMounts }}
+          {{- if or .Values.controller.extraVolumeMounts .Values.aws.licenseConfigSecretName }}
           volumeMounts:
+            {{- if .Values.aws.licenseConfigSecretName }}
+            - name: aws-product-license
+              readOnly: true
+              mountPath: /var/run/secrets/product-license
+            {{- end }}
             {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
 {{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
             {{- else }}
@@ -186,8 +200,14 @@ spec:
 {{ toYaml .Values.controller.extraContainers | indent 8 }}
           {{- end }}
         {{- end }}
-      {{- if .Values.controller.extraVolumes }}
+      {{- if or .Values.controller.extraVolumes .Values.aws.licenseConfigSecretName }}
       volumes:
+        {{- if .Values.aws.licenseConfigSecretName }}
+        - name: aws-product-license
+          secret:
+            secretName: {{ .Values.aws.licenseConfigSecretName }}
+            optional: true
+        {{- end }}
         {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
 {{ tpl .Values.controller.extraVolumes . | indent 8 }}
         {{- else }}
diff --git a/kubernetes-ingress/values.yaml b/kubernetes-ingress/values.yaml
@@ -40,6 +40,12 @@ serviceAccount:
   create: true
   name:
 
+## AWS Market Place integration
+## Allows installation of the HAPEE Ingress Controller on AWS EKS and EKS-Anywhere.
+## ref: https://docs.aws.amazon.com/marketplace/latest/userguide/container-anywhere-license-manager-integration.html
+aws:
+  ## Name of the Secret deployed in the desired namespace containing the AWS license files
+  licenseConfigSecretName: ""
 
 ## Controller default values
 controller:
