in pkg/handler/handler.go [136:231]
func (m *Modifier) addEnvToContainer(container *corev1.Container, tokenFilePath, roleName string, regionalSTS bool) bool {
var (
reservedKeysDefined bool
regionKeyDefined bool
regionalStsKeyDefined bool
)
reservedKeys := map[string]string{
"AWS_ROLE_ARN": "",
"AWS_WEB_IDENTITY_TOKEN_FILE": "",
}
awsRegionKeys := map[string]string{
"AWS_REGION": "",
"AWS_DEFAULT_REGION": "",
}
stsKey := "AWS_STS_REGIONAL_ENDPOINTS"
for _, env := range container.Env {
if _, ok := reservedKeys[env.Name]; ok {
reservedKeysDefined = true
}
if _, ok := awsRegionKeys[env.Name]; ok {
// Don't set both region keys if any region key is already set
regionKeyDefined = true
}
if env.Name == stsKey {
regionalStsKeyDefined = true
}
}
if reservedKeysDefined && regionKeyDefined && regionalStsKeyDefined {
klog.V(4).Infof("Container %s has necessary env variables already present",
container.Name)
return false
}
changed := false
env := container.Env
if !regionalStsKeyDefined && regionalSTS {
env = append(env,
corev1.EnvVar{
Name: stsKey,
Value: "regional",
},
)
changed = true
}
if !regionKeyDefined && m.Region != "" {
env = append(env,
corev1.EnvVar{
Name: "AWS_DEFAULT_REGION",
Value: m.Region,
},
corev1.EnvVar{
Name: "AWS_REGION",
Value: m.Region,
},
)
changed = true
}
if !reservedKeysDefined {
env = append(env, corev1.EnvVar{
Name: "AWS_ROLE_ARN",
Value: roleName,
})
env = append(env, corev1.EnvVar{
Name: "AWS_WEB_IDENTITY_TOKEN_FILE",
Value: tokenFilePath,
})
changed = true
}
container.Env = env
volExists := false
for _, vol := range container.VolumeMounts {
if vol.Name == m.volName {
volExists = true
}
}
if !volExists {
container.VolumeMounts = append(
container.VolumeMounts,
corev1.VolumeMount{
Name: m.volName,
ReadOnly: true,
MountPath: m.MountPath,
},
)
changed = true
}
return changed
}