Support for AWS cloud-config (#1465)

* Support for AWS cloud-config

* Update docs

* Fix version incompatibilities

* Do not use shorthand `default`

* Add new cloud config variable, roleArn

roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

@@ -116,11 +116,9 @@ spec:
 {% endif %}
     - --v={{ kube_log_level }}
     - --allow-privileged=true
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
     - --cloud-provider={{ cloud_provider }}
     - --cloud-config={{ kube_config_dir }}/cloud_config
-{% elif cloud_provider is defined and cloud_provider == "aws" %}
-    - --cloud-provider={{ cloud_provider }}
 {% endif %}
 {% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=')  %}
     - --anonymous-auth={{ kube_api_anonymous_auth }}

roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2

@@ -43,13 +43,11 @@ spec:
 {% if rbac_enabled %}
     - --use-service-account-credentials=true
 {% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
     - --cloud-provider={{cloud_provider}}
     - --cloud-config={{ kube_config_dir }}/cloud_config
-{% elif cloud_provider is defined and cloud_provider in ["aws", "external"] %}
-    - --cloud-provider={{cloud_provider}}
-{% elif cloud_provider is defined and cloud_provider == "oci" %}
-    - --cloud_provider=external
+{% elif cloud_provider is defined and cloud_provider in ["external", "oci"] %}
+    - --cloud-provider=external
 {% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
     - --configure-cloud-routes=true
@@ -92,7 +90,7 @@ spec:
     - mountPath: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
       name: kubeconfig
       readOnly: true
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere" ] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
     - mountPath: "{{ kube_config_dir }}/cloud_config"
       name: cloudconfig
       readOnly: true
@@ -117,7 +115,7 @@ spec:
   - name: kubeconfig
     hostPath:
       path: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
   - hostPath:
       path: "{{ kube_config_dir }}/cloud_config"
     name: cloudconfig

roles/kubernetes/node/tasks/main.yml

@@ -189,7 +189,7 @@
     mode: 0640
   when:
     - cloud_provider is defined
-    - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
+    - cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws' ]
   notify: restart kubelet
   tags:
     - cloud-provider

roles/kubernetes/node/templates/aws-cloud-config.j2

@@ -0,0 +1,17 @@
+[Global]
+{% if kube_version | version_compare('v1.6', '>=') %}
+zone={{ aws_zone|default("") }}
+vpc={{ aws_vpc|default("") }}
+subnetId={{ aws_subnet_id|default("") }}
+routeTableId={{ aws_route_table_id|default("") }}
+{% if kube_version | version_compare('v1.10', '>=') %}
+roleArn={{ aws_role_arn|default("") }}
+{% endif %}
+kubernetesClusterTag={{ aws_kubernetes_cluster_tag|default("") }}
+kubernetesClusterId={{ aws_kubernetes_cluster_id|default("") }}
+disableSecurityGroupIngress={{ "true" if aws_disable_security_group_ingress|default(False) else "false" }}
+disableStrictZoneCheck={{ "true" if aws_disable_strict_zone_check|default(False) else "false" }}
+{% if kube_version | version_compare('v1.7', '>=') %}
+elbSecurityGroup={{ aws_elb_security_group|default("") }}
+{% endif %}
+{% endif %}

roles/kubernetes/node/templates/kubelet.kubeadm.env.j2

@@ -102,11 +102,9 @@ KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kuben
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow-privileged=true"
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
-{% elif cloud_provider is defined and cloud_provider in ["aws", "external"] %}
-KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }}"
-{% elif cloud_provider is defined and cloud_provider == "oci" %}
+{% elif cloud_provider is defined and cloud_provider in ["oci", "external"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider=external"
 {% else %}
 KUBELET_CLOUDPROVIDER=""

roles/kubernetes/node/templates/kubelet.standard.env.j2

@@ -134,13 +134,11 @@ KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}
 
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow-privileged=true"
-{% if cloud_provider is defined and cloud_provider in ["openstack", "vsphere"] %}
+{% if cloud_provider is defined and cloud_provider in ["openstack", "vsphere", "aws"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
 {% elif cloud_provider is defined and cloud_provider in ["azure"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config --azure-container-registry-config={{ kube_config_dir }}/cloud_config"
-{% elif cloud_provider is defined and cloud_provider in ["aws", "external"] %}
-KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }}"
-{% elif cloud_provider is defined and cloud_provider == "oci" %}
+{% elif cloud_provider is defined and cloud_provider in ["oci", "external"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider=external"
 {% else %}
 KUBELET_CLOUDPROVIDER=""