Set AWS specific credential provider when running there

NOTE: we are not installing the ecr-credential-provider binary itself here we are, we need to do it out-of-band from the test suite itself before it runs. Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2025-08-08 03:33:56 +00:00 · 2023-06-27 07:45:36 -04:00 · 2023-06-27 07:45:36 -04:00 · 0ef1f2f2d8
commit 0ef1f2f2d8
parent 9d50c0a025
2 changed files with 26 additions and 5 deletions
--- a/test/e2e_node/remote/node_e2e.go
+++ b/test/e2e_node/remote/node_e2e.go
@ -93,9 +93,9 @@ func prependMemcgNotificationFlag(args string) string {
 	return "--kubelet-flags=--kernel-memcg-notification=true " + args
 }

-// prependGCPCredentialProviderFlag prepends the flags for enabling
+// prependCredentialProviderFlag prepends the flags for enabling
 // a credential provider plugin.
-func prependGCPCredentialProviderFlag(args, workspace string) string {
+func prependCredentialProviderFlag(args, workspace string) string {
 	credentialProviderConfig := filepath.Join(workspace, "credential-provider.yaml")
 	featureGateFlag := "--kubelet-flags=--feature-gates=DisableKubeletCloudCredentialProviders=true"
 	configFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-config=%s", credentialProviderConfig)
@ -115,9 +115,12 @@ func osSpecificActions(args, host, workspace string) (string, error) {
 		return args, setKubeletSELinuxLabels(host, workspace)
 	case strings.Contains(output, "gci"), strings.Contains(output, "cos"):
 		args = prependMemcgNotificationFlag(args)
-		return prependGCPCredentialProviderFlag(args, workspace), nil
+		return prependCredentialProviderFlag(args, workspace), nil
 	case strings.Contains(output, "ubuntu"):
-		args = prependGCPCredentialProviderFlag(args, workspace)
+		args = prependCredentialProviderFlag(args, workspace)
+		return prependMemcgNotificationFlag(args), nil
+	case strings.Contains(output, "amzn"):
+		args = prependCredentialProviderFlag(args, workspace)
 		return prependMemcgNotificationFlag(args), nil
 	}
 	return args, nil
--- a/test/e2e_node/remote/utils.go
+++ b/test/e2e_node/remote/utils.go
@ -48,7 +48,7 @@ const cniConfig = `{
 }
 `

-const credentialProviderConfig = `kind: CredentialProviderConfig
+const credentialGCPProviderConfig = `kind: CredentialProviderConfig
 apiVersion: kubelet.config.k8s.io/v1
 providers:
  - name: gcp-credential-provider
@ -60,6 +60,19 @@ providers:
    - "*.pkg.dev"
    defaultCacheDuration: 1m`

+const credentialAWSProviderConfig = `kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1
+providers:
+- name: ecr-credential-provider
+  apiVersion: credentialprovider.kubelet.k8s.io/v1
+  matchImages:
+  - "*.dkr.ecr.*.amazonaws.com"
+  - "*.dkr.ecr.*.amazonaws.com.cn"
+  - "*.dkr.ecr-fips.*.amazonaws.com"
+  - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
+  - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
+  defaultCacheDuration: 12h`
+
 func getCNIURL() string {
 	cniArch := "amd64"
 	if builder.IsTargetArchArm64() {
@ -102,6 +115,11 @@ func setupCNI(host, workspace string) error {
 func configureCredentialProvider(host, workspace string) error {
 	klog.V(2).Infof("Configuring kubelet credential provider on %q", host)

+	credentialProviderConfig := credentialGCPProviderConfig
+	if GetSSHUser() == "ec2-user" {
+		credentialProviderConfig = credentialAWSProviderConfig
+	}
+
 	cmd := getSSHCommand(" ; ",
 		fmt.Sprintf("echo %s > %s", quote(credentialProviderConfig), filepath.Join(workspace, "credential-provider.yaml")),
 	)