dynamically generate AuthMapRole aginst os distro

kubetest2/internal/deployers/eksapi/deployer.go

@@ -26,6 +26,8 @@ const DeployerName = "eksapi"
 
 const ResourcePrefix = "kubetest2-" + DeployerName
 
+var SupportedOsDistro = []string{"al2", "al2023"}
+
 var DeployerMetricNamespace = path.Join("kubetest2", DeployerName)
 
 var (
@@ -69,6 +71,7 @@ type deployerOptions struct {
 	KubernetesVersion           string        `flag:"kubernetes-version" desc:"cluster Kubernetes version"`
 	NodeReadyTimeout            time.Duration `flag:"node-ready-timeout" desc:"Time to wait for all nodes to become ready"`
 	Nodes                       int           `flag:"nodes" desc:"number of nodes to launch in cluster"`
+	OsDistro                    string        `flag:"os-distro" desc:"Specifies the OS distribution for the AMI. Allowed values: ['al2', 'al2023'] (case-insensitive)"`
 	Region                      string        `flag:"region" desc:"AWS region for EKS cluster"`
 	UnmanagedNodes              bool          `flag:"unmanaged-nodes" desc:"Use an AutoScalingGroup instead of an EKS-managed nodegroup."`
 	UpClusterHeaders            []string      `flag:"up-cluster-header" desc:"Additional header to add to eks:CreateCluster requests. Specified in the same format as curl's -H flag."`
@@ -174,7 +177,7 @@ func (d *deployer) Up() error {
 		return err
 	}
 	if d.UnmanagedNodes {
-		if err := createAWSAuthConfigMap(k8sClient, d.infra.nodeRole); err != nil {
+		if err := createAWSAuthConfigMap(k8sClient, d.infra.nodeRole, d.OsDistro); err != nil {
 			return err
 		}
 	}
@@ -224,6 +227,13 @@ func (d *deployer) verifyUpFlags() error {
 	if d.UnmanagedNodes && d.AMI == "" {
 		return fmt.Errorf("--ami must be specified for --unmanaged-nodes")
 	}
+	//TODO: add support for Manage node group once it supports AL2023
+	if d.UnmanagedNodes && d.OsDistro == "" {
+		return fmt.Errorf("--os-distro must be specified for --unmanaged-nodes")
+	}
+	if d.UnmanagedNodes && !util.IsStringInSlice(d.OsDistro, SupportedOsDistro) {
+		return fmt.Errorf("--os-distro must be one of the following values: ['al2', 'al2023'] (case-insensitive)")
+	}
 	if d.UnmanagedNodes && d.UserDataFormat == "" {
 		d.UserDataFormat = "bootstrap.sh"
 		klog.V(2).Infof("Using default user data format: %s", d.UserDataFormat)

kubetest2/internal/deployers/eksapi/k8s.go

@@ -3,6 +3,7 @@ package eksapi
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/pkg/errors"
@@ -93,15 +94,25 @@ func isNodeReady(node *corev1.Node) bool {
 	return false
 }
 
-const awsAuthMapRolesPrefix = `
-- username: system:node:{{EC2PrivateDNSName}}
+func getAwsAuthMapRolesPrefix(osDistro string) string {
+	var nodeNameFlavor string
+	if strings.EqualFold(osDistro, "al2023") {
+		nodeNameFlavor = "SessionName"
+	} else {
+		nodeNameFlavor = "EC2PrivateDNSName"
+	}
+	return fmt.Sprintf(`
+- username: system:node:{{%s}}
   groups:
     - system:bootstrappers
     - system:nodes
-  rolearn: `
+  rolearn: `, nodeNameFlavor)
+
+}
 
-func createAWSAuthConfigMap(client *kubernetes.Clientset, nodeRoleARN string) error {
-	mapRoles := awsAuthMapRolesPrefix + nodeRoleARN
+func createAWSAuthConfigMap(client *kubernetes.Clientset, nodeRoleARN string, osDistro string) error {
+	mapRoles := getAwsAuthMapRolesPrefix(osDistro) + nodeRoleARN
+	klog.Infof("formattedMapRole %s", mapRoles)
 	_, err := client.CoreV1().ConfigMaps("kube-system").Create(context.TODO(), &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "aws-auth",

kubetest2/internal/util/common.go

@@ -0,0 +1,14 @@
+package util
+
+import (
+	"strings"
+)
+
+func IsStringInSlice(a string, list []string) bool {
+    for _, b := range list {
+        if strings.EqualFold(a, b) {
+            return true
+        }
+    }
+    return false
+}