Skip to content

Commit

Permalink
Discover EKS: allow custom labels for Kube Server (#49420)
Browse files Browse the repository at this point in the history
This PR allows the UI to send extra labels for setting up the EKS
cluster.
  • Loading branch information
marcoandredinis authored Dec 11, 2024
1 parent 2121bd8 commit 0e1f1bc
Show file tree
Hide file tree
Showing 7 changed files with 290 additions and 219 deletions.
454 changes: 238 additions & 216 deletions api/gen/proto/go/teleport/integration/v1/awsoidc_service.pb.go

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions api/proto/teleport/integration/v1/awsoidc_service.proto
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,8 @@ message EnrollEKSClustersRequest {
// AgentVersion is version of agent Helm chart to install on the EKS cluster.
// Required.
string agent_version = 5;
// ExtraLabels added to the enrolled clusters.
map<string, string> extra_labels = 6;
}

// EnrollEKSClusterResult contains result for a single cluster enrollment.
Expand Down
1 change: 1 addition & 0 deletions lib/auth/integration/integrationv1/awsoidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -537,6 +537,7 @@ func (s *AWSOIDCService) EnrollEKSClusters(ctx context.Context, req *integration
AgentVersion: req.AgentVersion,
TeleportClusterName: clusterName.GetClusterName(),
IntegrationName: req.Integration,
ExtraLabels: req.ExtraLabels,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
17 changes: 14 additions & 3 deletions lib/integrations/awsoidc/eks_enroll_clusters.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"encoding/base64"
"fmt"
"log/slog"
"maps"
"net/url"
"slices"
"strings"
Expand Down Expand Up @@ -253,6 +254,9 @@ type EnrollEKSClustersRequest struct {

// AgentVersion specifies version of the Helm chart that will be installed during enrollment.
AgentVersion string

// ExtraLabels added to the enrolled clusters.
ExtraLabels map[string]string
}

// CheckAndSetDefaults checks if the required fields are present.
Expand Down Expand Up @@ -687,13 +691,20 @@ func installKubeAgent(ctx context.Context, cfg installKubeAgentParams) error {
common.ApplyEKSNameSuffix(kubeCluster)
vals["kubeClusterName"] = kubeCluster.GetName()

labels := kubeCluster.GetStaticLabels()
labels[types.InternalResourceIDLabel] = cfg.resourceID
vals["labels"] = labels
vals["labels"] = kubeAgentLabels(kubeCluster, cfg.resourceID, cfg.req.ExtraLabels)

if _, err := installCmd.RunWithContext(ctx, agentChart, vals); err != nil {
return trace.Wrap(err, "could not install Helm chart.")
}

return nil
}

func kubeAgentLabels(kubeCluster types.KubeCluster, resourceID string, extraLabels map[string]string) map[string]string {
labels := make(map[string]string)
maps.Copy(labels, extraLabels)
maps.Copy(labels, kubeCluster.GetStaticLabels())
labels[types.InternalResourceIDLabel] = resourceID

return labels
}
27 changes: 27 additions & 0 deletions lib/integrations/awsoidc/eks_enroll_clusters_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
eksTypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/aws/smithy-go/middleware"
"github.com/google/uuid"
"github.com/gravitational/trace"
"github.com/jonboulle/clockwork"
"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -621,3 +622,29 @@ func (m *mockEnrollEKSClusterClient) PresignGetCallerIdentityURL(ctx context.Con
}

var _ EnrollEKSCLusterClient = &mockEnrollEKSClusterClient{}

func TestKubeAgentLabels(t *testing.T) {
kubeClusterLabels := map[string]string{
"priority": "yes",
"region": "us-east-1",
}
resourceID := uuid.NewString()
extraLabels := map[string]string{
"priority": "no",
"custom": "yes",
}

got := kubeAgentLabels(
&types.KubernetesClusterV3{Metadata: types.Metadata{Labels: kubeClusterLabels}},
resourceID,
extraLabels,
)

expectedLabels := map[string]string{
"priority": "yes",
"region": "us-east-1",
"custom": "yes",
"teleport.internal/resource-id": resourceID,
}
require.Equal(t, expectedLabels, got)
}
6 changes: 6 additions & 0 deletions lib/web/integrations_awsoidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -534,12 +534,18 @@ func (h *Handler) awsOIDCEnrollEKSClusters(w http.ResponseWriter, r *http.Reques
return nil, trace.Wrap(err)
}

extraLabels := make(map[string]string, len(req.ExtraLabels))
for _, label := range req.ExtraLabels {
extraLabels[label.Name] = label.Value
}

response, err := clt.IntegrationAWSOIDCClient().EnrollEKSClusters(ctx, &integrationv1.EnrollEKSClustersRequest{
Integration: integrationName,
Region: req.Region,
EksClusterNames: req.ClusterNames,
EnableAppDiscovery: req.EnableAppDiscovery,
AgentVersion: agentVersion,
ExtraLabels: extraLabels,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
2 changes: 2 additions & 0 deletions lib/web/ui/integration.go
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,8 @@ type AWSOIDCEnrollEKSClustersRequest struct {
ClusterNames []string `json:"clusterNames"`
// EnableAppDiscovery specifies if Teleport Kubernetes App discovery should be enabled inside enrolled clusters.
EnableAppDiscovery bool `json:"enableAppDiscovery"`
// ExtraLabels added to the enrolled clusters.
ExtraLabels []ui.Label `json:"extraLabels"`
}

// EKSClusterEnrollmentResult contains result/error for a single cluster enrollment.
Expand Down

0 comments on commit 0e1f1bc

Please sign in to comment.