feat: turn aws-iam-authenticator into system service

2025-02-15 15:08:50 +00:00 · 2025-02-15 15:08:50 +00:00 · 137f23b661
commit 137f23b661
parent a1ff0652a2
6 changed files with 57 additions and 4 deletions
--- a/kubezero/aws-iam-authenticator/APKBUILD
+++ b/kubezero/aws-iam-authenticator/APKBUILD
@ -9,7 +9,17 @@ arch="x86_64 aarch64 armv7 x86"
 license="Apache-2.0"
 makedepends="go bash"
 options="!check chmod-clean net"
-source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/$pkgname/archive/refs/tags/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/$pkgname/archive/refs/tags/v$pkgver.tar.gz
+        aws-iam-authenticator.initd
+        aws-iam-authenticator.monit
+        config.yaml
+        "
+
+install="$pkgname-server.pre-install"
+subpackages="$pkgname-server"
+
+pkggroups="awsiam"
+pkgusers="awsiam"

 build() {
  make bin
@ -19,6 +29,19 @@ package() {
 	install -Dm755 "$builddir/_output/bin/aws-iam-authenticator" "$pkgdir"/usr/bin/aws-iam-authenticator
 }

+server() {
+	install -d "$subpkgdir"/var/log/"$pkgname" -g awsiam -m 775
+	install -d "$subpkgdir"/etc/"$pkgname" -g awsiam -m 775
+
+  install "$srcdir"/config.yaml "$subpkgdir"/etc/$pkgname/config.yaml
+  install -Dm755 "$srcdir"/$pkgname.initd "$subpkgdir"/etc/init.d/$pkgname
+
+  install -Dm644 "$srcdir"/$pkgname.monit "$subpkgdir/etc/monit.d/$pkgname.conf"
+}
+
 sha512sums="
 276efbbf44228b7ef6fe45e80c19443b134664d940706f2634e7478c4e8a3d2499bd0cbe70e1b7916af47dbc66ca1b5419f4738ad1f94ef82fe88f3a06f27d65  aws-iam-authenticator-0.6.29.tar.gz
+a374448ffe7ac2079fef4a4d370b8d4b3aa10d371fff976e41a1107c17198d366f0e28f47f7313555503eaa44d358dff385f84a0000709aa6b75991a0c35f77b  aws-iam-authenticator.initd
+81454a32d898214c80fef1dda1630e6f6550180908e0b45980b25700478ee7fa4a8ef797cf0f1597fa98713b84f2ae9bd324d017e636ef965c26876147039745  aws-iam-authenticator.monit
+97fb2b255161837b1789c17dc7543644d24404ee9eeb95ace0d7c1d8ba12647cca78a8d86ff07dcb7a3eb833d9bc632b4f8511df8aedf484d61acc48929ce9be  config.yaml
 "
--- a/kubezero/aws-iam-authenticator/aws-iam-authenticator-server.pre-install
+++ b/kubezero/aws-iam-authenticator/aws-iam-authenticator-server.pre-install
@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S awsiam 2>/dev/null
+adduser -S -D -H -h /dev/null -s /sbin/nologin -G awsiam -g awsiam awsiam 2>/dev/null
+
+exit 0
--- a/kubezero/aws-iam-authenticator/aws-iam-authenticator.initd
+++ b/kubezero/aws-iam-authenticator/aws-iam-authenticator.initd
@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+
+name=aws-iam-authenticator
+command="/usr/bin/aws-iam-authenticator"
+command_background="true"
+command_user="awsiam:awsiam"
+pidfile="${pidfile:-/run/${RC_SVCNAME}.pid}"
+
+start_stop_daemon_args="--stderr /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log \
+                        --stdout /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"
+
+command_args="server -l=json --config=/etc/aws-iam-authenticator/config.yaml"
+
+depend() {
+	need net
+}
--- a/kubezero/aws-iam-authenticator/aws-iam-authenticator.monit
+++ b/kubezero/aws-iam-authenticator/aws-iam-authenticator.monit
@ -0,0 +1,10 @@
+check process aws-iam-authenticator pidfile /run/aws-iam-authenticator.pid
+  start program = "/sbin/rc-service aws-iam-authenticator start"
+  stop program  = "/sbin/rc-service aws-iam-authenticator stop"
+  restart program = "/sbin/rc-service aws-iam-authenticator restart"
+  if failed
+    port 21363
+    protocol http
+    request "/healthz"
+    for 2 cycles
+  then restart
--- a/kubezero/aws-iam-authenticator/config.yaml
+++ b/kubezero/aws-iam-authenticator/config.yaml
@ -0,0 +1 @@
+clusterID: exampleCluster
--- a/kubezero/multus-cni/APKBUILD
+++ b/kubezero/multus-cni/APKBUILD
@ -11,9 +11,6 @@ makedepends="go bash"
 options="!check chmod-clean net"
 source="$pkgname-$pkgver.tar.gz::https://github.com/k8snetworkplumbingwg/$pkgname/archive/refs/tags/v$pkgver.tar.gz"

-export CGO_ENABLED=0
-export GO111MODULE=on
-
 build() {
  DEST_DIR="bin"