eks_cli 0.1.0

data/lib/eks_cli/nodegroup.rb

@@ -0,0 +1,118 @@
+require 'active_support/core_ext/hash'
+require 'config'
+require 'cloudformation/stack'
+require 'iam/client'
+require 'k8s/auth'
+require 'log'
+
+module EksCli
+  class NodeGroup
+
+    T = {cluster_name: "ClusterName",
+         control_plane_sg_id: "ClusterControlPlaneSecurityGroup",
+         nodes_sg_id: "ClusterSecurityGroup",
+         min: "NodeAutoScalingGroupMinSize",
+         max: "NodeAutoScalingGroupMaxSize",
+         instance_type: "NodeInstanceType",
+         ami: "NodeImageId",
+         volume_size: "NodeVolumeSize",
+         ssh_key_name: "KeyName",
+         vpc_id: "VpcId",
+         subnets: "Subnets",
+         group_name: "NodeGroupName",
+         bootstrap_args: "BootstrapArguments"}
+
+    CAPABILITIES = ["CAPABILITY_IAM"]
+
+    def initialize(cluster_name, name)
+      @cluster_name = cluster_name
+      @group = Config[cluster_name].for_group(name)
+    end
+
+    def create(wait_for_completion: true)
+      Log.info "creating stack for nodegroup #{@group["group_name"]}"
+      stack = CloudFormation::Stack.create(@cluster_name, cloudformation_config)
+      Log.info "stack created - #{@group["group_name"]} - #{stack.id}"
+      if wait_for_completion
+        await(stack)
+      end
+      stack
+    end
+
+    def tags
+      [{key: "eks-nodegroup", value: @group["group_name"]},
+       {key: "eks-cluster", value: @cluster_name}]
+    end
+
+    def detach_iam_policies
+      IAM::Client.new(@cluster_name).detach_node_policies(cf_stack.node_instance_role_name)
+    end
+
+    def delete
+      detach_iam_policies
+      cf_stack.delete
+    end
+
+    private
+
+    def cf_template_body
+      @cf_template_body ||= File.read(File.join($root_dir, '/assets/nodegroup_cf_template.yaml'))
+    end
+
+    def cf_stack
+      CloudFormation::Stack.find(@cluster_name, stack_name)
+    end
+
+    def await(stack)
+
+      while stack.pending? do
+        Log.info "waiting for stack #{stack.id} - status is #{stack.status}"
+        sleep 10
+      end
+
+      Log.info "stack completed with status #{stack.status}"
+
+      K8s::Auth.new(@cluster_name).update
+      IAM::Client.new(@cluster_name).attach_node_policies(stack.node_instance_role_name)
+    end
+
+    def cloudformation_config
+      {stack_name: stack_name,
+       template_body: cf_template_body,
+       parameters: build_params,
+       capabilities: CAPABILITIES,
+       tags: tags}
+    end
+
+    def stack_name
+      "#{@group["cluster_name"]}-Workers-#{@group["group_name"]}"
+    end
+
+    def build_params
+      @group["bootstrap_args"] = bootstrap_args
+      @group.except("taints").inject([]) do |params, (k, v)|
+        params << build_param(k, v)
+      end
+    end
+
+    def bootstrap_args
+      flags = "--node-labels=kubernetes.io/role=node,eks/node-group=#{@group["group_name"].downcase}"
+      if taints = @group["taints"]
+        flags = "#{flags} --register-with-taints=#{taints}"
+      end
+      "--kubelet-extra-args \"#{flags}\"" 
+    end
+
+    def add_bootstrap_args(group)
+      group["bootstrap_args"] = base
+      group.except("taints")
+    end
+
+    def build_param(k, v)
+      {parameter_key: T[k.to_sym],
+       parameter_value: v.to_s}
+    end
+
+  end
+
+end

data/lib/eks_cli/route53/client.rb

@@ -0,0 +1,67 @@
+require 'aws-sdk-route53'
+require 'log'
+require 'config'
+require 'k8s/client'
+module EksCli
+  module Route53
+    class Client
+
+      def initialize(cluster_name)
+        @cluster_name = cluster_name
+      end
+
+      def update_dns(hostname, k8s_service_name, route53_hosted_zone_id, elb_hosted_zone_id)
+        change_dns_target(hostname, k8s.get_elb(k8s_service_name), route53_hosted_zone_id, elb_hosted_zone_id)
+      end
+
+      private
+
+      def k8s
+        @k8s ||= K8s::Client.new(@cluster_name)
+      end
+
+      def change_dns_target(route53_host, elb_host, route53_hosted_zone_id, elb_hosted_zone_id)
+        Log.info "Setting Route53 record #{route53_host} --> #{elb_host}"
+        resp = client.change_resource_record_sets({
+          change_batch: {
+            changes: [
+              {
+                action: "UPSERT", 
+                resource_record_set: {
+                  name: route53_host, 
+                  type: "A", 
+                  alias_target: {
+                    dns_name: elb_host, 
+                    evaluate_target_health: false, 
+                    hosted_zone_id: elb_hosted_zone_id, 
+                  }, 
+                }, 
+              }, 
+            ], 
+          }, 
+          hosted_zone_id: route53_hosted_zone_id, 
+        })
+        Log.info "Done: #{resp}"
+      end
+
+      def config
+        @config ||= Config[@cluster_name]
+      end
+
+      def elb_hosted_zone_id
+        config["elb_hosted_zone_id"]
+      end
+
+      def route53_hosted_zone_id
+        config["route53_hosted_zone_id"]
+      end
+
+      def client
+        @client ||= Aws::Route53::Client.new(region: config["region"])
+      end
+
+
+    end
+  end
+
+end

data/lib/eks_cli/vpc/client.rb

@@ -0,0 +1,112 @@
+require 'aws-sdk-ec2'
+require 'config'
+require 'log'
+
+module EksCli
+  module VPC
+    class Client
+      def initialize(cluster_name)
+        @cluster_name = cluster_name
+      end
+
+      def set_inter_vpc_networking(old_vpc_id, old_vpc_sg_id)
+        @old_vpc = vpc_by_id(old_vpc_id)
+        Log.info "setting vpc networking between #{new_vpc.id} and #{old_vpc.id}"
+        peering_connection_id = create_vpc_peering_connection
+        update_route_tables(peering_connection_id)
+        allow_networking(old_vpc_sg_id, peering_connection_id)
+      end
+
+      def create_vpc_peering_connection
+        Log.info "creating VPC peering request between #{new_vpc.id} and #{old_vpc.id}"
+        pcr = client.create_vpc_peering_connection({
+          dry_run: false,
+          peer_vpc_id: old_vpc.id,
+          vpc_id: new_vpc.id,
+        })
+        Log.info "created peering request #{pcr}"
+        peering_connection_id = pcr.vpc_peering_connection.vpc_peering_connection_id
+        Log.info "accepting peering request"
+        res = client.accept_vpc_peering_connection({
+          dry_run: false,
+          vpc_peering_connection_id: peering_connection_id,
+        })
+        Log.info "request accepted: #{res}"
+        return peering_connection_id
+      end
+
+      def update_route_tables(peering_connection_id)
+        Log.info "updating route tables"
+        point_from(old_vpc, new_vpc, peering_connection_id)
+        point_from(new_vpc, old_vpc, peering_connection_id)
+        Log.info "done updating route tables"
+      end
+
+      def allow_networking(old_vpc_sg_id, peering_connection_id)
+        Log.info "allowing incoming traffic to sg #{old_vpc_sg_id} from #{config["nodes_sg_id"]} on vpc #{new_vpc.id}"
+        old_sg  = Aws::EC2::SecurityGroup.new(old_vpc_sg_id, client: client)
+        res = old_sg.authorize_ingress(
+          ip_permissions: [
+            {
+              from_port: "-1",
+              ip_protocol: "-1",
+              to_port: "-1",
+              user_id_group_pairs: [
+                {
+                  description: "Accept all traffic from new EKS cluster VPC",
+                  group_id: config["nodes_sg_id"],
+                  vpc_id: new_vpc.id,
+                  vpc_peering_connection_id: peering_connection_id,
+                },
+              ],
+            },
+          ]
+        )
+        Log.info "done setting networking (#{res})"
+      end
+
+      def point_from(from_vpc, to_vpc, peering_connection_id)
+        Log.info "pointing from #{from_vpc.id} to #{to_vpc.id} via #{peering_connection_id}"
+        from_vpc.route_tables.each do |rt|
+          res = client.create_route({
+            destination_cidr_block: to_vpc.cidr_block, 
+            gateway_id: peering_connection_id, 
+            route_table_id: rt.id, 
+          })
+          Log.info "set route #{res}"
+        end
+
+      end
+
+      def new_vpc
+        @new_vpc ||= vpc_by_id(new_vpc_id)
+      end
+
+      def old_vpc
+        @old_vpc
+      end
+
+      def vpc_by_id(id)
+        Aws::EC2::Vpc.new(id, client: client)
+      end
+
+      def config
+        @config ||= Config[@cluster_name]
+      end
+
+      def client
+        @client ||= Aws::EC2::Client.new(region: config["region"])
+      end
+
+      def new_vpc_id
+        @new_vpc_id ||= config["vpc_id"]
+      end
+
+      def old_vpc_id
+        @old_vpc_id
+      end
+
+    end
+  end
+
+end

data/lib/eks_cli.rb

@@ -0,0 +1,5 @@
+$root_dir = File.expand_path(File.dirname(path = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__))
+helpers_dir = "#{$root_dir}/eks_cli"
+$LOAD_PATH.unshift(helpers_dir) unless $LOAD_PATH.include?(helpers_dir)
+
+require 'cli'

metadata

@@ -0,0 +1,183 @@
+--- !ruby/object:Gem::Specification
+name: eks_cli
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Erez Rabih
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-11-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-iam
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-eks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ec2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-cloudformation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-route53
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: kubeclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A utility to manage and create EKS (Kubernetes) cluster on Amazon Web
+  Services
+email: erez.rabih@gmail.com
+executables:
+- eks
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- README.md
+- bin/eks
+- eks_cli.gemspec
+- lib/assets/default_storage_class.yaml
+- lib/assets/nodegroup_cf_template.yaml
+- lib/assets/nvidia_device_plugin.yaml
+- lib/eks_cli.rb
+- lib/eks_cli/cli.rb
+- lib/eks_cli/cloudformation/client.rb
+- lib/eks_cli/cloudformation/stack.rb
+- lib/eks_cli/cloudformation/vpc.rb
+- lib/eks_cli/config.rb
+- lib/eks_cli/ec2/security_group.rb
+- lib/eks_cli/eks/client.rb
+- lib/eks_cli/eks/cluster.rb
+- lib/eks_cli/iam/client.rb
+- lib/eks_cli/k8s/auth.rb
+- lib/eks_cli/k8s/client.rb
+- lib/eks_cli/k8s/configmap_builder.rb
+- lib/eks_cli/log.rb
+- lib/eks_cli/nodegroup.rb
+- lib/eks_cli/route53/client.rb
+- lib/eks_cli/vpc/client.rb
+homepage: https://github.com/nanit/eks_cli
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Make EKS great again!
+test_files: []