eks_cli 0.2.5 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9f02bf0e81f9e39a49df18376c3c7563f2e4b328
-  data.tar.gz: b8407ff5d66e1c12a05c1612ed02f0dca43d81ba
+  metadata.gz: 1a6712d3d7d38d8223373b57caa29162bbb65f47
+  data.tar.gz: be68729009405ad954b74db051e40449cd86ee5e
 SHA512:
-  metadata.gz: e91df9b0999bb400bcc7ed8788b44ac8eea55bec1096a4b9e366e47fb0658b9efa9fb2c1813653eece72bdfc475f09ca859f03f4e78c6e2c1cbe6ba4d53c934e
-  data.tar.gz: 619af1e48d1ccd9da9afc996ac83c839ca8cd9c0f4997c2b6f4ef4cfc18d422ec57e58d50e91636c5d46442a208128902b723ca2edf6152f823e929507d57afa
+  metadata.gz: 281186a4e016c5576fdfa53066ce821c90e6518286fc7bf8dccefc2f71bf2002261ea5d49e5b298b43d15295cc382dbe8a72d99f27d5ab3ae63c5049ab96bdb5
+  data.tar.gz: 9e8d791bd97640a14630c95ce4e5ec805430c1bfac5c77bda0a969e72c4abeb02f6bd9b5f64e6452eb839cf6f7d300ce129a790627a673fe1440790e258aedd5

data/README.md

@@ -17,7 +17,7 @@ EKS cluster bootstrap with batteries included
 ## Usage
 
 ```
-$ gem install eks_cli -v 0.2.5
+$ gem install eks_cli
 $ eks create --cluster-name My-EKS-Cluster
 $ eks create-nodegroup --cluster-name My-EKS-Cluster --group-name nodes --ssh-key-name <my-ssh-key> --yes
 ```

data/lib/assets/eks_vpc_cf_template.yaml

@@ -0,0 +1,174 @@
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'Amazon EKS Sample VPC'
+
+Parameters:
+
+  VpcBlock:
+    Type: String
+    Default: 192.168.0.0/16
+    Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.
+
+  Subnet01Block:
+    Type: String
+    Default: 192.168.64.0/18
+    Description: CidrBlock for subnet 01 within the VPC
+
+  Subnet02Block:
+    Type: String
+    Default: 192.168.128.0/18
+    Description: CidrBlock for subnet 02 within the VPC
+
+  Subnet03Block:
+    Type: String
+    Default: 192.168.192.0/18
+    Description: CidrBlock for subnet 03 within the VPC
+
+  Subnet01AZ:
+    Type: AWS::EC2::AvailabilityZone::Name
+    Description: Availability Zone for subnet 01
+
+  Subnet02AZ:
+    Type: AWS::EC2::AvailabilityZone::Name
+    Description: Availability Zone for subnet 02
+
+  Subnet03AZ:
+    Type: AWS::EC2::AvailabilityZone::Name
+    Description: Availability Zone for subnet 03
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      -
+        Label:
+          default: "Worker Network Configuration"
+        Parameters:
+          - VpcBlock
+          - Subnet01Block
+          - Subnet02Block
+          - Subnet03Block
+          - Subnet01AZ
+          - Subnet02AZ
+          - Subnet03AZ
+
+Resources:
+  VPC:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock:  !Ref VpcBlock
+      EnableDnsSupport: true
+      EnableDnsHostnames: true
+      Tags:
+      - Key: Name
+        Value: !Sub '${AWS::StackName}-VPC'
+
+  InternetGateway:
+    Type: "AWS::EC2::InternetGateway"
+
+  VPCGatewayAttachment:
+    Type: "AWS::EC2::VPCGatewayAttachment"
+    Properties:
+      InternetGatewayId: !Ref InternetGateway
+      VpcId: !Ref VPC
+
+  RouteTable:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref VPC
+      Tags:
+      - Key: Name
+        Value: Public Subnets
+      - Key: Network
+        Value: Public
+
+  Route:
+    DependsOn: VPCGatewayAttachment
+    Type: AWS::EC2::Route
+    Properties:
+      RouteTableId: !Ref RouteTable
+      DestinationCidrBlock: 0.0.0.0/0
+      GatewayId: !Ref InternetGateway
+
+  Subnet01:
+    Type: AWS::EC2::Subnet
+    Metadata:
+      Comment: Subnet 01
+    Properties:
+      AvailabilityZone:
+        Ref: Subnet01AZ
+      CidrBlock:
+        Ref: Subnet01Block
+      VpcId:
+        Ref: VPC
+      Tags:
+      - Key: Name
+        Value: !Sub "${AWS::StackName}-Subnet01"
+
+  Subnet02:
+    Type: AWS::EC2::Subnet
+    Metadata:
+      Comment: Subnet 02
+    Properties:
+      AvailabilityZone:
+        Ref: Subnet02AZ
+      CidrBlock:
+        Ref: Subnet02Block
+      VpcId:
+        Ref: VPC
+      Tags:
+      - Key: Name
+        Value: !Sub "${AWS::StackName}-Subnet02"
+
+  Subnet03:
+    Type: AWS::EC2::Subnet
+    Metadata:
+      Comment: Subnet 03
+    Properties:
+      AvailabilityZone:
+        Ref: Subnet03AZ
+      CidrBlock:
+        Ref: Subnet03Block
+      VpcId:
+        Ref: VPC
+      Tags:
+      - Key: Name
+        Value: !Sub "${AWS::StackName}-Subnet03"
+
+  Subnet01RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref Subnet01
+      RouteTableId: !Ref RouteTable
+
+  Subnet02RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref Subnet02
+      RouteTableId: !Ref RouteTable
+
+  Subnet03RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref Subnet03
+      RouteTableId: !Ref RouteTable
+
+  ControlPlaneSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Cluster communication with worker nodes
+      VpcId: !Ref VPC
+
+Outputs:
+
+  SubnetIds:
+    Description: All subnets in the VPC
+    Value: !Join [ ",", [ !Ref Subnet01, !Ref Subnet02, !Ref Subnet03 ] ]
+
+  SecurityGroups:
+    Description: Security group for the cluster control plane communication with worker nodes
+    Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
+
+  VpcId:
+    Description: The VPC Id
+    Value: !Ref VPC
+

data/lib/assets/nodegroup_cf_template.yaml

@@ -118,6 +118,10 @@ Parameters:
     Description: Security group ID for in-cluster communication between node groups
     Type: AWS::EC2::SecurityGroup::Id
 
+  NodeGroupIAMPolicies:
+    Description: Additional IAM policies to attach to nodegroup IAM Role
+    Type: CommaDelimitedList
+
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -139,6 +143,7 @@ Metadata:
           - NodeVolumeSize
           - KeyName
           - BootstrapArguments
+          - NodeGroupIAMPolicies
       -
         Label:
           default: "Worker Network Configuration"
@@ -169,9 +174,7 @@ Resources:
           - sts:AssumeRole
       Path: "/"
       ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
-        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+        Ref: NodeGroupIAMPolicies
 
   NodeSecurityGroup:
     Type: AWS::EC2::SecurityGroup

data/lib/eks_cli/cli.rb

@@ -36,8 +36,11 @@ module EksCli
     class_option :cluster_name, required: true, aliases: :c
 
     desc "create", "creates a new EKS cluster"
-    option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
     option :region, type: :string, default: "us-west-2", desc: "AWS region for EKS cluster"
+    option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
+    option :subnet1_az, type: :string, desc: "availability zone for subnet 01"
+    option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
+    option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
     option :open_ports, type: :array, default: [], desc: "open ports on cluster nodes (eg 22 for SSH access)"
     option :enable_gpu, type: :boolean, default: false, desc: "installs nvidia device plugin daemon set"
     option :create_default_storage_class, type: :boolean, default: true, desc: "creates a default gp2 storage class"
@@ -73,10 +76,17 @@ module EksCli
 
     desc "create-cluster-vpc", "creates a vpc according to aws cloudformation template"
     option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
+    option :subnet1_az, type: :string, desc: "availability zone for subnet 01"
+    option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
+    option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
     def create_cluster_vpc
-      Config[cluster_name].write({cidr: options[:cidr]}, :config)
+      opts = options.slice("cidr", "subnet1_az", "subnet2_az", "subnet3_az")
+      opts["subnet1_az"] ||= Config::AZS[config["region"]][0]
+      opts["subnet2_az"] ||= Config::AZS[config["region"]][1]
+      opts["subnet3_az"] ||= Config::AZS[config["region"]][2]
+      config.write(opts, :config)
       cfg = CloudFormation::VPC.new(cluster_name).create
-      Config[cluster_name].write(cfg)
+      config.write(cfg)
     end
 
     desc "create-eks-cluster", "create EKS cluster on AWS"
@@ -104,21 +114,23 @@ module EksCli
 
     desc "create-nodegroup", "creates all nodegroups on environment"
     option :all, type: :boolean, default: false, desc: "create all nodegroups. must be used in conjunction with --yes"
-    option :group_name, type: :string, desc: "create a specific nodegroup. can't be used with --all"
+    option :group_name, type: :string, default: "Workers", desc: "create a specific nodegroup. can't be used with --all"
     option :ami, desc: "AMI for the nodegroup"
-    option :instance_type, desc: "EC2 instance type (m5.xlarge etc...)"
-    option :num_subnets, type: :numeric, desc: "Number of subnets (AZs) to spread the nodegroup across"
-    option :ssh_key_name, desc: "Name of the default SSH key for the nodes"
+    option :instance_type, default: "m5.xlarge", desc: "EC2 instance type (m5.xlarge etc...)"
+    option :subnets, type: :array, default: ["1", "2", "3"], desc: "subnets to run on. for example --subnets=1 3 will run the nodegroup on subnet1 and subnet 3"
+    option :ssh_key_name, desc: "name of the default SSH key for the nodes"
     option :taints, desc: "Kubernetes taints to put on the nodes for example \"dedicated=critical:NoSchedule\""
-    option :min, type: :numeric, desc: "Minimum number of nodes on the nodegroup"
-    option :max, type: :numeric, desc: "Maximum number of nodes on the nodegroup"
-    option :yes, type: :boolean, default: false, desc: "Perform nodegroup creation"
+    option :volume_size, type: :numeric, default: 100, desc: "disk size for node group in GB"
+    option :min, type: :numeric, default: 1, desc: "minimum number of nodes on the nodegroup"
+    option :max, type: :numeric, default: 1, desc: "maximum number of nodes on the nodegroup"
+    option :yes, type: :boolean, default: false, desc: "perform nodegroup creation"
     def create_nodegroup
-      Config[cluster_name].update_nodegroup(options) unless options[:all]
-      if options[:yes]
+      opts = options.dup
+      opts[:subnets] = opts[:subnets].map(&:to_i)
+      Config[cluster_name].update_nodegroup(opts) unless opts[:all]
+      if opts[:yes]
         cf_stacks = nodegroups.map {|ng| ng.create(wait_for_completion: false)}
         CloudFormation::Stack.await(cf_stacks)
-        cf_stacks.each {|s| IAM::Client.new(cluster_name).attach_node_policies(s.node_instance_role_name)}
         K8s::Auth.new(cluster_name).update
       end
     end
@@ -144,13 +156,6 @@ module EksCli
       K8s::Auth.new(cluster_name).update
     end
 
-    desc "detach-iam-policies", "detaches added policies to nodegroup IAM Role"
-    option :all, type: :boolean, default: false, desc: "detach from all nodegroups. can't be used with --name"
-    option :name, type: :string, desc: "detach from a specific nodegroup. can't be used with --all"
-    def detach_iam_policies
-      nodegroups.each(&:detach_iam_policies)
-    end
-
     desc "set-iam-policies", "sets IAM policies to be attached to created nodegroups"
     option :policies, type: :array, required: true, desc: "IAM policies ARNs"
     def set_iam_policies
@@ -191,8 +196,9 @@ module EksCli
     desc "export-nodegroup", "exports nodegroup auto scaling group to spotinst"
     option :all, type: :boolean, default: false, desc: "create all nodegroups. must be used in conjunction with --yes"
     option :group_name, type: :string, desc: "create a specific nodegroup. can't be used with --all"
+    option :exact_instance_type, type: :boolean, default: false, desc: "enforce spotinst to use existing instance type only"
     def export_nodegroup
-      nodegroups.each {|ng| ng.export_to_spotinst }
+      nodegroups.each {|ng| ng.export_to_spotinst(options[:exact_instance_type]) }
     end
 
     desc "add-iam-user IAM_ARN", "adds an IAM user as an authorized member on the EKS cluster"
@@ -213,10 +219,12 @@ module EksCli
     no_commands do
       def cluster_name; options[:cluster_name]; end
 
+      def config; Config[cluster_name]; end
+
       def all_nodegroups; Config[cluster_name]["groups"].keys ;end
 
       def nodegroups
-        ng = options[:group_name] ? [options[:group_name]] : all_nodegroups
+        ng = options[:all] ? all_nodegroups : [options[:group_name]]
         ng.map {|n| NodeGroup.new(cluster_name, n)}
       end
     end

data/lib/eks_cli/cloudformation/vpc.rb

@@ -7,8 +7,6 @@ module EksCli
   module CloudFormation
     class VPC
 
-      CF_TEMPLATE_URL = "https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-08-30/amazon-eks-vpc-sample.yaml" 
-
       def initialize(cluster_name)
         @cluster_name = cluster_name
       end
@@ -32,11 +30,15 @@ module EksCli
 
       def cf_config
         {stack_name: stack_name,
-         template_url: CF_TEMPLATE_URL,
+         template_body: cf_template_body,
          parameters: build_params,
          tags: tags}
       end
 
+      def cf_template_body
+        @cf_template_body ||= File.read(File.join($root_dir, '/assets/eks_vpc_cf_template.yaml'))
+      end
+
       def stack_name
         "#{@cluster_name}-EKS-VPC"
       end
@@ -51,7 +53,10 @@ module EksCli
         {"VpcBlock" => cidr,
          "Subnet01Block" => subnets[0],
          "Subnet02Block" => subnets[1],
-         "Subnet03Block" => subnets[2]}.map do |(k,v)|
+         "Subnet03Block" => subnets[2],
+         "Subnet01AZ" => config["subnet1_az"],
+         "Subnet02AZ" => config["subnet2_az"],
+         "Subnet03AZ" => config["subnet3_az"]}.map do |(k,v)|
           {parameter_key: k, parameter_value: v}
         end
 

data/lib/eks_cli/config.rb

@@ -4,7 +4,14 @@ require 'active_support/core_ext/hash'
 require 'fileutils'
 module EksCli
   class Config
+
+    AZS = {"us-east-1" => ["us-east-1a", "us-east-1b", "us-east-1c"],
+           "us-west-2" => ["us-west-2a", "us-west-2b", "us-west-2c"],
+           "us-east-2" => ["us-east-2a", "us-east-2b", "us-east-2c"],
+           "us-west-1" => ["us-west-1b", "us-west-1b", "us-west-1c"]}
+
     class << self
+
       def [](cluster_name)
         new(cluster_name)
       end
@@ -28,10 +35,9 @@ module EksCli
 
     def for_group(group_name)
       all = read_from_disk
-      group = group_defaults
-        .merge(all["groups"][group_name])
+      group = all["groups"][group_name]
         .merge(all.slice("cluster_name", "control_plane_sg_id", "nodes_sg_id", "vpc_id"))
-      group["subnets"] = all["subnets"][0..(group["num_subnets"]-1)].join(",")
+      group["subnets"] = group["subnets"].map {|s| all["subnets"][s-1]}.join(",")
       group
     end
 
@@ -56,7 +62,7 @@ module EksCli
     end
 
     def update_nodegroup(options)
-      options = options.slice("ami", "group_name", "instance_type", "num_subnets", "ssh_key_name", "taints", "min", "max")
+      options = options.slice("ami", "group_name", "instance_type", "subnets", "ssh_key_name", "volume_size", "taints", "min", "max")
       raise "bad nodegroup name #{options["group_name"]}" if options["group_name"] == nil || options["group_name"].empty?
       write({groups: { options["group_name"] => options }}, :groups)
     end
@@ -109,13 +115,5 @@ module EksCli
       yield dir
     end
 
-    def group_defaults
-      {"group_name" => "Workers",
-       "instance_type" => "m5.xlarge",
-       "max" => 1,
-       "min" =>  1,
-       "num_subnets" =>  3,
-       "volume_size" => 100}
-    end
   end
 end

data/lib/eks_cli/iam/client.rb

@@ -44,14 +44,6 @@ module EksCli
         role
       end
 
-      def attach_node_policies(role_name)
-        attach_policies(role_name, node_policies)
-      end
-
-      def detach_node_policies(role_name)
-        detach_policies(role_name, node_policies)
-      end
-
       def attach_policies(role_name, policies)
         Log.info "attaching IAM policies to #{role_name}"
         policies.each do |p|
@@ -60,18 +52,6 @@ module EksCli
         end
       end
 
-      def detach_policies(role_name, policies)
-        Log.info "detaching IAM policies to #{role_name}"
-        policies.each do |p|
-          client.detach_role_policy(policy_arn: arn(p),
-                                    role_name: role_name)
-        end
-      end
-
-      def node_policies
-        config["iam_policies"] || []
-      end
-
       def arn(p)
         "arn:aws:iam::aws:policy/#{p}"
       end

data/lib/eks_cli/nodegroup.rb

@@ -22,6 +22,7 @@ module EksCli
          vpc_id: "VpcId",
          subnets: "Subnets",
          group_name: "NodeGroupName",
+         iam_policies: "NodeGroupIAMPolicies",
          bootstrap_args: "BootstrapArguments"}
 
     AMIS = {"us-west-2" => "ami-0f54a2f7d2e9c88b3",
@@ -34,6 +35,10 @@ module EksCli
                 "us-east-2" => "ami-089849e811ace242f",
                 "us-west-1" => "ami-0c3479bcd739094f0"}
 
+    EKS_IAM_POLICIES = %w{AmazonEKSWorkerNodePolicy
+                          AmazonEKS_CNI_Policy
+                          AmazonEC2ContainerRegistryReadOnly}
+
     CAPABILITIES = ["CAPABILITY_IAM"]
 
     def initialize(cluster_name, name)
@@ -57,12 +62,7 @@ module EksCli
        {key: "eks-cluster", value: @cluster_name}]
     end
 
-    def detach_iam_policies
-      IAM::Client.new(@cluster_name).detach_node_policies(cf_stack.node_instance_role_name)
-    end
-
     def delete
-      detach_iam_policies
       cf_stack.delete
     end
 
@@ -74,9 +74,10 @@ module EksCli
       @group["instance_type"]
     end
 
-    def export_to_spotinst
+    def export_to_spotinst(exact_instance_type)
       Log.info "exporting nodegroup #{@name} to spotinst"
-      Log.info Spotinst::Client.new.import_asg(config["region"], asg, [instance_type])
+      instance_types = exact_instance_type ? [instance_type] : nil
+      Log.info Spotinst::Client.new.import_asg(config["region"], asg, instance_types)
     end
 
     def cf_stack
@@ -111,7 +112,6 @@ module EksCli
       Log.info "stack completed with status #{stack.status}"
 
       K8s::Auth.new(@cluster_name).update
-      IAM::Client.new(@cluster_name).attach_node_policies(stack.node_instance_role_name)
     end
 
     def cloudformation_config
@@ -129,11 +129,16 @@ module EksCli
     def build_params
       @group["bootstrap_args"] = bootstrap_args
       @group["ami"] ||= default_ami
+      @group["iam_policies"] = iam_policies
       @group.except("taints").inject([]) do |params, (k, v)|
         params << build_param(k, v)
       end
     end
 
+    def iam_policies
+      (EKS_IAM_POLICIES + (config["iam_policies"] || [])).map {|p| "arn:aws:iam::aws:policy/#{p}"}.join(",")
+    end
+
     def bootstrap_args
       flags = "--node-labels=kubernetes.io/role=node,eks/node-group=#{@group["group_name"].downcase}"
       if taints = @group["taints"]

data/lib/eks_cli/spotinst/client.rb

@@ -21,8 +21,9 @@ module EksCli
       end
 
       def import_asg(region, asg_name, instance_types)
+        body = instance_types ? {group: {spotInstanceTypes: instance_types}} : {}
         self.class.post("/aws/ec2/group/autoScalingGroup/import?region=#{region}&accountId=#{@account_id}&autoScalingGroupName=#{asg_name}",
-                        body: {group: {spotInstanceTypes: instance_types} }.to_json)
+                        body: body.to_json)
       end
 
       def list_groups

data/lib/eks_cli/version.rb

@@ -1,3 +1,3 @@
 module EksCli
-  VERSION = "0.2.5"
+  VERSION = "0.2.7"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: eks_cli
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.7
 platform: ruby
 authors:
 - Erez Rabih
@@ -180,6 +180,7 @@ files:
 - eks_cli.gemspec
 - lib/assets/default_storage_class.yaml
 - lib/assets/dns_autoscaler.dep.yaml
+- lib/assets/eks_vpc_cf_template.yaml
 - lib/assets/nodegroup_cf_template.yaml
 - lib/assets/nvidia_device_plugin.yaml
 - lib/eks_cli.rb