eks_cli 0.2.5 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/assets/eks_vpc_cf_template.yaml +174 -0
- data/lib/assets/nodegroup_cf_template.yaml +6 -3
- data/lib/eks_cli/cli.rb +30 -22
- data/lib/eks_cli/cloudformation/vpc.rb +9 -4
- data/lib/eks_cli/config.rb +10 -12
- data/lib/eks_cli/iam/client.rb +0 -20
- data/lib/eks_cli/nodegroup.rb +13 -8
- data/lib/eks_cli/spotinst/client.rb +2 -1
- data/lib/eks_cli/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a6712d3d7d38d8223373b57caa29162bbb65f47
|
4
|
+
data.tar.gz: be68729009405ad954b74db051e40449cd86ee5e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 281186a4e016c5576fdfa53066ce821c90e6518286fc7bf8dccefc2f71bf2002261ea5d49e5b298b43d15295cc382dbe8a72d99f27d5ab3ae63c5049ab96bdb5
|
7
|
+
data.tar.gz: 9e8d791bd97640a14630c95ce4e5ec805430c1bfac5c77bda0a969e72c4abeb02f6bd9b5f64e6452eb839cf6f7d300ce129a790627a673fe1440790e258aedd5
|
data/README.md
CHANGED
@@ -17,7 +17,7 @@ EKS cluster bootstrap with batteries included
|
|
17
17
|
## Usage
|
18
18
|
|
19
19
|
```
|
20
|
-
$ gem install eks_cli
|
20
|
+
$ gem install eks_cli
|
21
21
|
$ eks create --cluster-name My-EKS-Cluster
|
22
22
|
$ eks create-nodegroup --cluster-name My-EKS-Cluster --group-name nodes --ssh-key-name <my-ssh-key> --yes
|
23
23
|
```
|
@@ -0,0 +1,174 @@
|
|
1
|
+
---
|
2
|
+
AWSTemplateFormatVersion: '2010-09-09'
|
3
|
+
Description: 'Amazon EKS Sample VPC'
|
4
|
+
|
5
|
+
Parameters:
|
6
|
+
|
7
|
+
VpcBlock:
|
8
|
+
Type: String
|
9
|
+
Default: 192.168.0.0/16
|
10
|
+
Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.
|
11
|
+
|
12
|
+
Subnet01Block:
|
13
|
+
Type: String
|
14
|
+
Default: 192.168.64.0/18
|
15
|
+
Description: CidrBlock for subnet 01 within the VPC
|
16
|
+
|
17
|
+
Subnet02Block:
|
18
|
+
Type: String
|
19
|
+
Default: 192.168.128.0/18
|
20
|
+
Description: CidrBlock for subnet 02 within the VPC
|
21
|
+
|
22
|
+
Subnet03Block:
|
23
|
+
Type: String
|
24
|
+
Default: 192.168.192.0/18
|
25
|
+
Description: CidrBlock for subnet 03 within the VPC
|
26
|
+
|
27
|
+
Subnet01AZ:
|
28
|
+
Type: AWS::EC2::AvailabilityZone::Name
|
29
|
+
Description: Availability Zone for subnet 01
|
30
|
+
|
31
|
+
Subnet02AZ:
|
32
|
+
Type: AWS::EC2::AvailabilityZone::Name
|
33
|
+
Description: Availability Zone for subnet 02
|
34
|
+
|
35
|
+
Subnet03AZ:
|
36
|
+
Type: AWS::EC2::AvailabilityZone::Name
|
37
|
+
Description: Availability Zone for subnet 03
|
38
|
+
|
39
|
+
Metadata:
|
40
|
+
AWS::CloudFormation::Interface:
|
41
|
+
ParameterGroups:
|
42
|
+
-
|
43
|
+
Label:
|
44
|
+
default: "Worker Network Configuration"
|
45
|
+
Parameters:
|
46
|
+
- VpcBlock
|
47
|
+
- Subnet01Block
|
48
|
+
- Subnet02Block
|
49
|
+
- Subnet03Block
|
50
|
+
- Subnet01AZ
|
51
|
+
- Subnet02AZ
|
52
|
+
- Subnet03AZ
|
53
|
+
|
54
|
+
Resources:
|
55
|
+
VPC:
|
56
|
+
Type: AWS::EC2::VPC
|
57
|
+
Properties:
|
58
|
+
CidrBlock: !Ref VpcBlock
|
59
|
+
EnableDnsSupport: true
|
60
|
+
EnableDnsHostnames: true
|
61
|
+
Tags:
|
62
|
+
- Key: Name
|
63
|
+
Value: !Sub '${AWS::StackName}-VPC'
|
64
|
+
|
65
|
+
InternetGateway:
|
66
|
+
Type: "AWS::EC2::InternetGateway"
|
67
|
+
|
68
|
+
VPCGatewayAttachment:
|
69
|
+
Type: "AWS::EC2::VPCGatewayAttachment"
|
70
|
+
Properties:
|
71
|
+
InternetGatewayId: !Ref InternetGateway
|
72
|
+
VpcId: !Ref VPC
|
73
|
+
|
74
|
+
RouteTable:
|
75
|
+
Type: AWS::EC2::RouteTable
|
76
|
+
Properties:
|
77
|
+
VpcId: !Ref VPC
|
78
|
+
Tags:
|
79
|
+
- Key: Name
|
80
|
+
Value: Public Subnets
|
81
|
+
- Key: Network
|
82
|
+
Value: Public
|
83
|
+
|
84
|
+
Route:
|
85
|
+
DependsOn: VPCGatewayAttachment
|
86
|
+
Type: AWS::EC2::Route
|
87
|
+
Properties:
|
88
|
+
RouteTableId: !Ref RouteTable
|
89
|
+
DestinationCidrBlock: 0.0.0.0/0
|
90
|
+
GatewayId: !Ref InternetGateway
|
91
|
+
|
92
|
+
Subnet01:
|
93
|
+
Type: AWS::EC2::Subnet
|
94
|
+
Metadata:
|
95
|
+
Comment: Subnet 01
|
96
|
+
Properties:
|
97
|
+
AvailabilityZone:
|
98
|
+
Ref: Subnet01AZ
|
99
|
+
CidrBlock:
|
100
|
+
Ref: Subnet01Block
|
101
|
+
VpcId:
|
102
|
+
Ref: VPC
|
103
|
+
Tags:
|
104
|
+
- Key: Name
|
105
|
+
Value: !Sub "${AWS::StackName}-Subnet01"
|
106
|
+
|
107
|
+
Subnet02:
|
108
|
+
Type: AWS::EC2::Subnet
|
109
|
+
Metadata:
|
110
|
+
Comment: Subnet 02
|
111
|
+
Properties:
|
112
|
+
AvailabilityZone:
|
113
|
+
Ref: Subnet02AZ
|
114
|
+
CidrBlock:
|
115
|
+
Ref: Subnet02Block
|
116
|
+
VpcId:
|
117
|
+
Ref: VPC
|
118
|
+
Tags:
|
119
|
+
- Key: Name
|
120
|
+
Value: !Sub "${AWS::StackName}-Subnet02"
|
121
|
+
|
122
|
+
Subnet03:
|
123
|
+
Type: AWS::EC2::Subnet
|
124
|
+
Metadata:
|
125
|
+
Comment: Subnet 03
|
126
|
+
Properties:
|
127
|
+
AvailabilityZone:
|
128
|
+
Ref: Subnet03AZ
|
129
|
+
CidrBlock:
|
130
|
+
Ref: Subnet03Block
|
131
|
+
VpcId:
|
132
|
+
Ref: VPC
|
133
|
+
Tags:
|
134
|
+
- Key: Name
|
135
|
+
Value: !Sub "${AWS::StackName}-Subnet03"
|
136
|
+
|
137
|
+
Subnet01RouteTableAssociation:
|
138
|
+
Type: AWS::EC2::SubnetRouteTableAssociation
|
139
|
+
Properties:
|
140
|
+
SubnetId: !Ref Subnet01
|
141
|
+
RouteTableId: !Ref RouteTable
|
142
|
+
|
143
|
+
Subnet02RouteTableAssociation:
|
144
|
+
Type: AWS::EC2::SubnetRouteTableAssociation
|
145
|
+
Properties:
|
146
|
+
SubnetId: !Ref Subnet02
|
147
|
+
RouteTableId: !Ref RouteTable
|
148
|
+
|
149
|
+
Subnet03RouteTableAssociation:
|
150
|
+
Type: AWS::EC2::SubnetRouteTableAssociation
|
151
|
+
Properties:
|
152
|
+
SubnetId: !Ref Subnet03
|
153
|
+
RouteTableId: !Ref RouteTable
|
154
|
+
|
155
|
+
ControlPlaneSecurityGroup:
|
156
|
+
Type: AWS::EC2::SecurityGroup
|
157
|
+
Properties:
|
158
|
+
GroupDescription: Cluster communication with worker nodes
|
159
|
+
VpcId: !Ref VPC
|
160
|
+
|
161
|
+
Outputs:
|
162
|
+
|
163
|
+
SubnetIds:
|
164
|
+
Description: All subnets in the VPC
|
165
|
+
Value: !Join [ ",", [ !Ref Subnet01, !Ref Subnet02, !Ref Subnet03 ] ]
|
166
|
+
|
167
|
+
SecurityGroups:
|
168
|
+
Description: Security group for the cluster control plane communication with worker nodes
|
169
|
+
Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
|
170
|
+
|
171
|
+
VpcId:
|
172
|
+
Description: The VPC Id
|
173
|
+
Value: !Ref VPC
|
174
|
+
|
@@ -118,6 +118,10 @@ Parameters:
|
|
118
118
|
Description: Security group ID for in-cluster communication between node groups
|
119
119
|
Type: AWS::EC2::SecurityGroup::Id
|
120
120
|
|
121
|
+
NodeGroupIAMPolicies:
|
122
|
+
Description: Additional IAM policies to attach to nodegroup IAM Role
|
123
|
+
Type: CommaDelimitedList
|
124
|
+
|
121
125
|
Metadata:
|
122
126
|
AWS::CloudFormation::Interface:
|
123
127
|
ParameterGroups:
|
@@ -139,6 +143,7 @@ Metadata:
|
|
139
143
|
- NodeVolumeSize
|
140
144
|
- KeyName
|
141
145
|
- BootstrapArguments
|
146
|
+
- NodeGroupIAMPolicies
|
142
147
|
-
|
143
148
|
Label:
|
144
149
|
default: "Worker Network Configuration"
|
@@ -169,9 +174,7 @@ Resources:
|
|
169
174
|
- sts:AssumeRole
|
170
175
|
Path: "/"
|
171
176
|
ManagedPolicyArns:
|
172
|
-
|
173
|
-
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
|
174
|
-
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
|
177
|
+
Ref: NodeGroupIAMPolicies
|
175
178
|
|
176
179
|
NodeSecurityGroup:
|
177
180
|
Type: AWS::EC2::SecurityGroup
|
data/lib/eks_cli/cli.rb
CHANGED
@@ -36,8 +36,11 @@ module EksCli
|
|
36
36
|
class_option :cluster_name, required: true, aliases: :c
|
37
37
|
|
38
38
|
desc "create", "creates a new EKS cluster"
|
39
|
-
option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
|
40
39
|
option :region, type: :string, default: "us-west-2", desc: "AWS region for EKS cluster"
|
40
|
+
option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
|
41
|
+
option :subnet1_az, type: :string, desc: "availability zone for subnet 01"
|
42
|
+
option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
|
43
|
+
option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
|
41
44
|
option :open_ports, type: :array, default: [], desc: "open ports on cluster nodes (eg 22 for SSH access)"
|
42
45
|
option :enable_gpu, type: :boolean, default: false, desc: "installs nvidia device plugin daemon set"
|
43
46
|
option :create_default_storage_class, type: :boolean, default: true, desc: "creates a default gp2 storage class"
|
@@ -73,10 +76,17 @@ module EksCli
|
|
73
76
|
|
74
77
|
desc "create-cluster-vpc", "creates a vpc according to aws cloudformation template"
|
75
78
|
option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
|
79
|
+
option :subnet1_az, type: :string, desc: "availability zone for subnet 01"
|
80
|
+
option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
|
81
|
+
option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
|
76
82
|
def create_cluster_vpc
|
77
|
-
|
83
|
+
opts = options.slice("cidr", "subnet1_az", "subnet2_az", "subnet3_az")
|
84
|
+
opts["subnet1_az"] ||= Config::AZS[config["region"]][0]
|
85
|
+
opts["subnet2_az"] ||= Config::AZS[config["region"]][1]
|
86
|
+
opts["subnet3_az"] ||= Config::AZS[config["region"]][2]
|
87
|
+
config.write(opts, :config)
|
78
88
|
cfg = CloudFormation::VPC.new(cluster_name).create
|
79
|
-
|
89
|
+
config.write(cfg)
|
80
90
|
end
|
81
91
|
|
82
92
|
desc "create-eks-cluster", "create EKS cluster on AWS"
|
@@ -104,21 +114,23 @@ module EksCli
|
|
104
114
|
|
105
115
|
desc "create-nodegroup", "creates all nodegroups on environment"
|
106
116
|
option :all, type: :boolean, default: false, desc: "create all nodegroups. must be used in conjunction with --yes"
|
107
|
-
option :group_name, type: :string, desc: "create a specific nodegroup. can't be used with --all"
|
117
|
+
option :group_name, type: :string, default: "Workers", desc: "create a specific nodegroup. can't be used with --all"
|
108
118
|
option :ami, desc: "AMI for the nodegroup"
|
109
|
-
option :instance_type, desc: "EC2 instance type (m5.xlarge etc...)"
|
110
|
-
option :
|
111
|
-
option :ssh_key_name, desc: "
|
119
|
+
option :instance_type, default: "m5.xlarge", desc: "EC2 instance type (m5.xlarge etc...)"
|
120
|
+
option :subnets, type: :array, default: ["1", "2", "3"], desc: "subnets to run on. for example --subnets=1 3 will run the nodegroup on subnet1 and subnet 3"
|
121
|
+
option :ssh_key_name, desc: "name of the default SSH key for the nodes"
|
112
122
|
option :taints, desc: "Kubernetes taints to put on the nodes for example \"dedicated=critical:NoSchedule\""
|
113
|
-
option :
|
114
|
-
option :
|
115
|
-
option :
|
123
|
+
option :volume_size, type: :numeric, default: 100, desc: "disk size for node group in GB"
|
124
|
+
option :min, type: :numeric, default: 1, desc: "minimum number of nodes on the nodegroup"
|
125
|
+
option :max, type: :numeric, default: 1, desc: "maximum number of nodes on the nodegroup"
|
126
|
+
option :yes, type: :boolean, default: false, desc: "perform nodegroup creation"
|
116
127
|
def create_nodegroup
|
117
|
-
|
118
|
-
|
128
|
+
opts = options.dup
|
129
|
+
opts[:subnets] = opts[:subnets].map(&:to_i)
|
130
|
+
Config[cluster_name].update_nodegroup(opts) unless opts[:all]
|
131
|
+
if opts[:yes]
|
119
132
|
cf_stacks = nodegroups.map {|ng| ng.create(wait_for_completion: false)}
|
120
133
|
CloudFormation::Stack.await(cf_stacks)
|
121
|
-
cf_stacks.each {|s| IAM::Client.new(cluster_name).attach_node_policies(s.node_instance_role_name)}
|
122
134
|
K8s::Auth.new(cluster_name).update
|
123
135
|
end
|
124
136
|
end
|
@@ -144,13 +156,6 @@ module EksCli
|
|
144
156
|
K8s::Auth.new(cluster_name).update
|
145
157
|
end
|
146
158
|
|
147
|
-
desc "detach-iam-policies", "detaches added policies to nodegroup IAM Role"
|
148
|
-
option :all, type: :boolean, default: false, desc: "detach from all nodegroups. can't be used with --name"
|
149
|
-
option :name, type: :string, desc: "detach from a specific nodegroup. can't be used with --all"
|
150
|
-
def detach_iam_policies
|
151
|
-
nodegroups.each(&:detach_iam_policies)
|
152
|
-
end
|
153
|
-
|
154
159
|
desc "set-iam-policies", "sets IAM policies to be attached to created nodegroups"
|
155
160
|
option :policies, type: :array, required: true, desc: "IAM policies ARNs"
|
156
161
|
def set_iam_policies
|
@@ -191,8 +196,9 @@ module EksCli
|
|
191
196
|
desc "export-nodegroup", "exports nodegroup auto scaling group to spotinst"
|
192
197
|
option :all, type: :boolean, default: false, desc: "create all nodegroups. must be used in conjunction with --yes"
|
193
198
|
option :group_name, type: :string, desc: "create a specific nodegroup. can't be used with --all"
|
199
|
+
option :exact_instance_type, type: :boolean, default: false, desc: "enforce spotinst to use existing instance type only"
|
194
200
|
def export_nodegroup
|
195
|
-
nodegroups.each {|ng| ng.export_to_spotinst }
|
201
|
+
nodegroups.each {|ng| ng.export_to_spotinst(options[:exact_instance_type]) }
|
196
202
|
end
|
197
203
|
|
198
204
|
desc "add-iam-user IAM_ARN", "adds an IAM user as an authorized member on the EKS cluster"
|
@@ -213,10 +219,12 @@ module EksCli
|
|
213
219
|
no_commands do
|
214
220
|
def cluster_name; options[:cluster_name]; end
|
215
221
|
|
222
|
+
def config; Config[cluster_name]; end
|
223
|
+
|
216
224
|
def all_nodegroups; Config[cluster_name]["groups"].keys ;end
|
217
225
|
|
218
226
|
def nodegroups
|
219
|
-
ng = options[:
|
227
|
+
ng = options[:all] ? all_nodegroups : [options[:group_name]]
|
220
228
|
ng.map {|n| NodeGroup.new(cluster_name, n)}
|
221
229
|
end
|
222
230
|
end
|
@@ -7,8 +7,6 @@ module EksCli
|
|
7
7
|
module CloudFormation
|
8
8
|
class VPC
|
9
9
|
|
10
|
-
CF_TEMPLATE_URL = "https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-08-30/amazon-eks-vpc-sample.yaml"
|
11
|
-
|
12
10
|
def initialize(cluster_name)
|
13
11
|
@cluster_name = cluster_name
|
14
12
|
end
|
@@ -32,11 +30,15 @@ module EksCli
|
|
32
30
|
|
33
31
|
def cf_config
|
34
32
|
{stack_name: stack_name,
|
35
|
-
|
33
|
+
template_body: cf_template_body,
|
36
34
|
parameters: build_params,
|
37
35
|
tags: tags}
|
38
36
|
end
|
39
37
|
|
38
|
+
def cf_template_body
|
39
|
+
@cf_template_body ||= File.read(File.join($root_dir, '/assets/eks_vpc_cf_template.yaml'))
|
40
|
+
end
|
41
|
+
|
40
42
|
def stack_name
|
41
43
|
"#{@cluster_name}-EKS-VPC"
|
42
44
|
end
|
@@ -51,7 +53,10 @@ module EksCli
|
|
51
53
|
{"VpcBlock" => cidr,
|
52
54
|
"Subnet01Block" => subnets[0],
|
53
55
|
"Subnet02Block" => subnets[1],
|
54
|
-
"Subnet03Block" => subnets[2]
|
56
|
+
"Subnet03Block" => subnets[2],
|
57
|
+
"Subnet01AZ" => config["subnet1_az"],
|
58
|
+
"Subnet02AZ" => config["subnet2_az"],
|
59
|
+
"Subnet03AZ" => config["subnet3_az"]}.map do |(k,v)|
|
55
60
|
{parameter_key: k, parameter_value: v}
|
56
61
|
end
|
57
62
|
|
data/lib/eks_cli/config.rb
CHANGED
@@ -4,7 +4,14 @@ require 'active_support/core_ext/hash'
|
|
4
4
|
require 'fileutils'
|
5
5
|
module EksCli
|
6
6
|
class Config
|
7
|
+
|
8
|
+
AZS = {"us-east-1" => ["us-east-1a", "us-east-1b", "us-east-1c"],
|
9
|
+
"us-west-2" => ["us-west-2a", "us-west-2b", "us-west-2c"],
|
10
|
+
"us-east-2" => ["us-east-2a", "us-east-2b", "us-east-2c"],
|
11
|
+
"us-west-1" => ["us-west-1b", "us-west-1b", "us-west-1c"]}
|
12
|
+
|
7
13
|
class << self
|
14
|
+
|
8
15
|
def [](cluster_name)
|
9
16
|
new(cluster_name)
|
10
17
|
end
|
@@ -28,10 +35,9 @@ module EksCli
|
|
28
35
|
|
29
36
|
def for_group(group_name)
|
30
37
|
all = read_from_disk
|
31
|
-
group =
|
32
|
-
.merge(all["groups"][group_name])
|
38
|
+
group = all["groups"][group_name]
|
33
39
|
.merge(all.slice("cluster_name", "control_plane_sg_id", "nodes_sg_id", "vpc_id"))
|
34
|
-
group["subnets"] =
|
40
|
+
group["subnets"] = group["subnets"].map {|s| all["subnets"][s-1]}.join(",")
|
35
41
|
group
|
36
42
|
end
|
37
43
|
|
@@ -56,7 +62,7 @@ module EksCli
|
|
56
62
|
end
|
57
63
|
|
58
64
|
def update_nodegroup(options)
|
59
|
-
options = options.slice("ami", "group_name", "instance_type", "
|
65
|
+
options = options.slice("ami", "group_name", "instance_type", "subnets", "ssh_key_name", "volume_size", "taints", "min", "max")
|
60
66
|
raise "bad nodegroup name #{options["group_name"]}" if options["group_name"] == nil || options["group_name"].empty?
|
61
67
|
write({groups: { options["group_name"] => options }}, :groups)
|
62
68
|
end
|
@@ -109,13 +115,5 @@ module EksCli
|
|
109
115
|
yield dir
|
110
116
|
end
|
111
117
|
|
112
|
-
def group_defaults
|
113
|
-
{"group_name" => "Workers",
|
114
|
-
"instance_type" => "m5.xlarge",
|
115
|
-
"max" => 1,
|
116
|
-
"min" => 1,
|
117
|
-
"num_subnets" => 3,
|
118
|
-
"volume_size" => 100}
|
119
|
-
end
|
120
118
|
end
|
121
119
|
end
|
data/lib/eks_cli/iam/client.rb
CHANGED
@@ -44,14 +44,6 @@ module EksCli
|
|
44
44
|
role
|
45
45
|
end
|
46
46
|
|
47
|
-
def attach_node_policies(role_name)
|
48
|
-
attach_policies(role_name, node_policies)
|
49
|
-
end
|
50
|
-
|
51
|
-
def detach_node_policies(role_name)
|
52
|
-
detach_policies(role_name, node_policies)
|
53
|
-
end
|
54
|
-
|
55
47
|
def attach_policies(role_name, policies)
|
56
48
|
Log.info "attaching IAM policies to #{role_name}"
|
57
49
|
policies.each do |p|
|
@@ -60,18 +52,6 @@ module EksCli
|
|
60
52
|
end
|
61
53
|
end
|
62
54
|
|
63
|
-
def detach_policies(role_name, policies)
|
64
|
-
Log.info "detaching IAM policies to #{role_name}"
|
65
|
-
policies.each do |p|
|
66
|
-
client.detach_role_policy(policy_arn: arn(p),
|
67
|
-
role_name: role_name)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
def node_policies
|
72
|
-
config["iam_policies"] || []
|
73
|
-
end
|
74
|
-
|
75
55
|
def arn(p)
|
76
56
|
"arn:aws:iam::aws:policy/#{p}"
|
77
57
|
end
|
data/lib/eks_cli/nodegroup.rb
CHANGED
@@ -22,6 +22,7 @@ module EksCli
|
|
22
22
|
vpc_id: "VpcId",
|
23
23
|
subnets: "Subnets",
|
24
24
|
group_name: "NodeGroupName",
|
25
|
+
iam_policies: "NodeGroupIAMPolicies",
|
25
26
|
bootstrap_args: "BootstrapArguments"}
|
26
27
|
|
27
28
|
AMIS = {"us-west-2" => "ami-0f54a2f7d2e9c88b3",
|
@@ -34,6 +35,10 @@ module EksCli
|
|
34
35
|
"us-east-2" => "ami-089849e811ace242f",
|
35
36
|
"us-west-1" => "ami-0c3479bcd739094f0"}
|
36
37
|
|
38
|
+
EKS_IAM_POLICIES = %w{AmazonEKSWorkerNodePolicy
|
39
|
+
AmazonEKS_CNI_Policy
|
40
|
+
AmazonEC2ContainerRegistryReadOnly}
|
41
|
+
|
37
42
|
CAPABILITIES = ["CAPABILITY_IAM"]
|
38
43
|
|
39
44
|
def initialize(cluster_name, name)
|
@@ -57,12 +62,7 @@ module EksCli
|
|
57
62
|
{key: "eks-cluster", value: @cluster_name}]
|
58
63
|
end
|
59
64
|
|
60
|
-
def detach_iam_policies
|
61
|
-
IAM::Client.new(@cluster_name).detach_node_policies(cf_stack.node_instance_role_name)
|
62
|
-
end
|
63
|
-
|
64
65
|
def delete
|
65
|
-
detach_iam_policies
|
66
66
|
cf_stack.delete
|
67
67
|
end
|
68
68
|
|
@@ -74,9 +74,10 @@ module EksCli
|
|
74
74
|
@group["instance_type"]
|
75
75
|
end
|
76
76
|
|
77
|
-
def export_to_spotinst
|
77
|
+
def export_to_spotinst(exact_instance_type)
|
78
78
|
Log.info "exporting nodegroup #{@name} to spotinst"
|
79
|
-
|
79
|
+
instance_types = exact_instance_type ? [instance_type] : nil
|
80
|
+
Log.info Spotinst::Client.new.import_asg(config["region"], asg, instance_types)
|
80
81
|
end
|
81
82
|
|
82
83
|
def cf_stack
|
@@ -111,7 +112,6 @@ module EksCli
|
|
111
112
|
Log.info "stack completed with status #{stack.status}"
|
112
113
|
|
113
114
|
K8s::Auth.new(@cluster_name).update
|
114
|
-
IAM::Client.new(@cluster_name).attach_node_policies(stack.node_instance_role_name)
|
115
115
|
end
|
116
116
|
|
117
117
|
def cloudformation_config
|
@@ -129,11 +129,16 @@ module EksCli
|
|
129
129
|
def build_params
|
130
130
|
@group["bootstrap_args"] = bootstrap_args
|
131
131
|
@group["ami"] ||= default_ami
|
132
|
+
@group["iam_policies"] = iam_policies
|
132
133
|
@group.except("taints").inject([]) do |params, (k, v)|
|
133
134
|
params << build_param(k, v)
|
134
135
|
end
|
135
136
|
end
|
136
137
|
|
138
|
+
def iam_policies
|
139
|
+
(EKS_IAM_POLICIES + (config["iam_policies"] || [])).map {|p| "arn:aws:iam::aws:policy/#{p}"}.join(",")
|
140
|
+
end
|
141
|
+
|
137
142
|
def bootstrap_args
|
138
143
|
flags = "--node-labels=kubernetes.io/role=node,eks/node-group=#{@group["group_name"].downcase}"
|
139
144
|
if taints = @group["taints"]
|
@@ -21,8 +21,9 @@ module EksCli
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def import_asg(region, asg_name, instance_types)
|
24
|
+
body = instance_types ? {group: {spotInstanceTypes: instance_types}} : {}
|
24
25
|
self.class.post("/aws/ec2/group/autoScalingGroup/import?region=#{region}&accountId=#{@account_id}&autoScalingGroupName=#{asg_name}",
|
25
|
-
body:
|
26
|
+
body: body.to_json)
|
26
27
|
end
|
27
28
|
|
28
29
|
def list_groups
|
data/lib/eks_cli/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: eks_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erez Rabih
|
@@ -180,6 +180,7 @@ files:
|
|
180
180
|
- eks_cli.gemspec
|
181
181
|
- lib/assets/default_storage_class.yaml
|
182
182
|
- lib/assets/dns_autoscaler.dep.yaml
|
183
|
+
- lib/assets/eks_vpc_cf_template.yaml
|
183
184
|
- lib/assets/nodegroup_cf_template.yaml
|
184
185
|
- lib/assets/nvidia_device_plugin.yaml
|
185
186
|
- lib/eks_cli.rb
|