Add healthcheck to aws-iam-authenticator

[rdrgmnzs]

This builds on PR #8423 by @rifelpet

A 5.0.1 version of aws-iam-authenticator has not been released as of the creation of this PR, however I had the need to create internal version with the health check and decided to create the PR as a reminder to merger it in the future.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rdrgmnzs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rdrgmnzs]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rifelpet]

An alpha was just released with the CRD fixes: https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.1-alpha.1 i'll try to do some testing soon

[rdrgmnzs]

@rifelpet sg, I've actually been running a internal build from master for about 3 weeks now with no issues.

[rifelpet]

@rdrgmnzs 0.5.1 was just released, care to rebase this so we can get it merged?

https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.1

[hakman]

Maybe add this line back?

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: login-issues@jira.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[rifelpet]

Confirmed this path is valid.

$ curl -k -v https://localhost:21362/healthz
...
> GET /healthz HTTP/1.1
> Host: localhost:21362
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 09 Jul 2020 20:05:03 GMT
< Content-Length: 2
< Content-Type: text/plain; charset=utf-8
<
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
ok

and matches this commit from 2017 that was only recently added to authenticator: kubernetes-sigs/aws-iam-authenticator@47f0d8e#diff-09856fe9becddf0199651f451409356aR250-R252

/lgtm

[rifelpet]

@rdrgmnzs now that I think about this more, I think we might have a similar issue as #9500 where the /healthz endpoint was only introduced in 0.5.0 but users may have overridden the image with a <0.5.0 version. When they upgrade to this version of kops, the livenessProbe will be added but will fail.

How do you think we should handle that?