eks_cli 0.2.8 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +21 -23
- data/eks_cli.gemspec +0 -2
- data/lib/assets/{eks_vpc_cf_template.yaml → cf/eks_cluster.yaml.erb} +74 -1
- data/lib/assets/{nodegroup_cf_template.yaml → cf/nodegroup.yaml} +0 -0
- data/lib/assets/k8s/cni_1_2_1.yaml.erb +73 -0
- data/lib/assets/{default_storage_class.yaml → k8s/default_storage_class.yaml} +0 -0
- data/lib/assets/{dns_autoscaler.dep.yaml → k8s/dns_autoscaler.dep.yaml} +0 -0
- data/lib/assets/{nvidia_device_plugin.yaml → k8s/nvidia_device_plugin.yaml} +0 -0
- data/lib/eks_cli/cli.rb +17 -47
- data/lib/eks_cli/cloudformation/{vpc.rb → eks.rb} +16 -6
- data/lib/eks_cli/eks/cluster.rb +3 -37
- data/lib/eks_cli/k8s/client.rb +21 -4
- data/lib/eks_cli/nodegroup.rb +1 -2
- data/lib/eks_cli/utils/erb_resolver.rb +15 -0
- data/lib/eks_cli/version.rb +1 -1
- metadata +9 -38
- data/lib/eks_cli/ec2/security_group.rb +0 -53
- data/lib/eks_cli/eks/client.rb +0 -11
- data/lib/eks_cli/iam/client.rb +0 -64
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 31a75cf42b492a4173cd98f65a05240d50ae639d
|
4
|
+
data.tar.gz: a392ccaf9a7393f3b8f14f7002c7cf79c59fbf36
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6a08a3c0e52ef60e3a5a1f2d995ec5b4bea140085ca5729631478031cbc74b56fc3ba73c3564bcb4d0255a9503d451340313fbbd090b8c58b54ac51765227c7f
|
7
|
+
data.tar.gz: 178aeab23de7a7b08ba95db3e0ac3c02fd7137bfcca502373340b383df8114d92dd998bf2a3e9bd44c7e4c0514d68c7e1003311cf002ce769449c9972edd89a1
|
data/Gemfile.lock
CHANGED
@@ -1,21 +1,21 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
eks_cli (0.
|
5
|
-
activesupport
|
6
|
-
aws-sdk-
|
7
|
-
aws-sdk-
|
8
|
-
aws-sdk-
|
9
|
-
aws-sdk-
|
10
|
-
|
11
|
-
|
12
|
-
kubeclient
|
13
|
-
thor
|
4
|
+
eks_cli (0.2.9)
|
5
|
+
activesupport (= 5.2.1.1)
|
6
|
+
aws-sdk-autoscaling (= 1.13.0)
|
7
|
+
aws-sdk-cloudformation (= 1.13.0)
|
8
|
+
aws-sdk-ec2 (= 1.62.0)
|
9
|
+
aws-sdk-route53 (= 1.16.0)
|
10
|
+
httparty (= 0.16.3)
|
11
|
+
ipaddress (= 0.8.3)
|
12
|
+
kubeclient (= 4.1.0)
|
13
|
+
thor (= 0.20.3)
|
14
14
|
|
15
15
|
GEM
|
16
16
|
remote: https://rubygems.org/
|
17
17
|
specs:
|
18
|
-
activesupport (5.2.1)
|
18
|
+
activesupport (5.2.1.1)
|
19
19
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
20
20
|
i18n (>= 0.7, < 2)
|
21
21
|
minitest (~> 5.1)
|
@@ -23,29 +23,26 @@ GEM
|
|
23
23
|
addressable (2.5.2)
|
24
24
|
public_suffix (>= 2.0.2, < 4.0)
|
25
25
|
aws-eventstream (1.0.1)
|
26
|
-
aws-partitions (1.
|
26
|
+
aws-partitions (1.125.0)
|
27
|
+
aws-sdk-autoscaling (1.13.0)
|
28
|
+
aws-sdk-core (~> 3, >= 3.39.0)
|
29
|
+
aws-sigv4 (~> 1.0)
|
27
30
|
aws-sdk-cloudformation (1.13.0)
|
28
31
|
aws-sdk-core (~> 3, >= 3.39.0)
|
29
32
|
aws-sigv4 (~> 1.0)
|
30
|
-
aws-sdk-core (3.
|
33
|
+
aws-sdk-core (3.44.0)
|
31
34
|
aws-eventstream (~> 1.0)
|
32
35
|
aws-partitions (~> 1.0)
|
33
36
|
aws-sigv4 (~> 1.0)
|
34
37
|
jmespath (~> 1.0)
|
35
|
-
aws-sdk-ec2 (1.
|
36
|
-
aws-sdk-core (~> 3, >= 3.39.0)
|
37
|
-
aws-sigv4 (~> 1.0)
|
38
|
-
aws-sdk-eks (1.8.0)
|
39
|
-
aws-sdk-core (~> 3, >= 3.39.0)
|
40
|
-
aws-sigv4 (~> 1.0)
|
41
|
-
aws-sdk-iam (1.12.0)
|
38
|
+
aws-sdk-ec2 (1.62.0)
|
42
39
|
aws-sdk-core (~> 3, >= 3.39.0)
|
43
40
|
aws-sigv4 (~> 1.0)
|
44
41
|
aws-sdk-route53 (1.16.0)
|
45
42
|
aws-sdk-core (~> 3, >= 3.39.0)
|
46
43
|
aws-sigv4 (~> 1.0)
|
47
44
|
aws-sigv4 (1.0.3)
|
48
|
-
concurrent-ruby (1.1.
|
45
|
+
concurrent-ruby (1.1.4)
|
49
46
|
domain_name (0.5.20180417)
|
50
47
|
unf (>= 0.0.5, < 1.0.0)
|
51
48
|
http (3.3.0)
|
@@ -60,10 +57,11 @@ GEM
|
|
60
57
|
httparty (0.16.3)
|
61
58
|
mime-types (~> 3.0)
|
62
59
|
multi_xml (>= 0.5.2)
|
63
|
-
i18n (1.
|
60
|
+
i18n (1.2.0)
|
64
61
|
concurrent-ruby (~> 1.0)
|
62
|
+
ipaddress (0.8.3)
|
65
63
|
jmespath (1.4.0)
|
66
|
-
kubeclient (4.
|
64
|
+
kubeclient (4.1.0)
|
67
65
|
http (~> 3.0)
|
68
66
|
recursive-open-struct (~> 1.0, >= 1.0.4)
|
69
67
|
rest-client (~> 2.0)
|
data/eks_cli.gemspec
CHANGED
@@ -21,8 +21,6 @@ Gem::Specification.new do |s|
|
|
21
21
|
s.executables = ["eks"]
|
22
22
|
s.require_paths = ["lib"]
|
23
23
|
s.add_dependency 'thor', '0.20.3'
|
24
|
-
s.add_dependency 'aws-sdk-iam', '1.12.0'
|
25
|
-
s.add_dependency 'aws-sdk-eks', '1.9.0'
|
26
24
|
s.add_dependency 'aws-sdk-ec2', '1.62.0'
|
27
25
|
s.add_dependency 'aws-sdk-cloudformation', '1.13.0'
|
28
26
|
s.add_dependency 'aws-sdk-route53', '1.16.0'
|
@@ -1,9 +1,13 @@
|
|
1
1
|
---
|
2
2
|
AWSTemplateFormatVersion: '2010-09-09'
|
3
|
-
Description: 'Amazon EKS
|
3
|
+
Description: 'Amazon EKS Cluster'
|
4
4
|
|
5
5
|
Parameters:
|
6
6
|
|
7
|
+
ClusterName:
|
8
|
+
Type: String
|
9
|
+
Description: EKS cluster name
|
10
|
+
|
7
11
|
VpcBlock:
|
8
12
|
Type: String
|
9
13
|
Default: 192.168.0.0/16
|
@@ -52,6 +56,24 @@ Metadata:
|
|
52
56
|
- Subnet03AZ
|
53
57
|
|
54
58
|
Resources:
|
59
|
+
|
60
|
+
AWSServiceRoleForAmazonEKS:
|
61
|
+
Type: AWS::IAM::Role
|
62
|
+
Properties:
|
63
|
+
RoleName: !Sub "${AWS::StackName}-RoleArn"
|
64
|
+
AssumeRolePolicyDocument:
|
65
|
+
Version: '2012-10-17'
|
66
|
+
Statement:
|
67
|
+
- Effect: Allow
|
68
|
+
Principal:
|
69
|
+
Service:
|
70
|
+
- eks.amazonaws.com
|
71
|
+
Action:
|
72
|
+
- sts:AssumeRole
|
73
|
+
ManagedPolicyArns:
|
74
|
+
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
|
75
|
+
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
|
76
|
+
|
55
77
|
VPC:
|
56
78
|
Type: AWS::EC2::VPC
|
57
79
|
Properties:
|
@@ -158,6 +180,49 @@ Resources:
|
|
158
180
|
GroupDescription: Cluster communication with worker nodes
|
159
181
|
VpcId: !Ref VPC
|
160
182
|
|
183
|
+
EKSCluster:
|
184
|
+
Type: AWS::EKS::Cluster
|
185
|
+
Properties:
|
186
|
+
Name: !Ref ClusterName
|
187
|
+
ResourcesVpcConfig:
|
188
|
+
SecurityGroupIds:
|
189
|
+
- !Ref ControlPlaneSecurityGroup
|
190
|
+
SubnetIds:
|
191
|
+
- !Ref Subnet01
|
192
|
+
- !Ref Subnet02
|
193
|
+
- !Ref Subnet03
|
194
|
+
RoleArn: !GetAtt AWSServiceRoleForAmazonEKS.Arn
|
195
|
+
Version: "1.10"
|
196
|
+
|
197
|
+
NodeGroupsInClusterSecurityGroup:
|
198
|
+
Type: AWS::EC2::SecurityGroup
|
199
|
+
Properties:
|
200
|
+
GroupName: !Sub "${AWS::StackName}-EKS-NodeGroups-SG"
|
201
|
+
GroupDescription: Allow all nodegroups to communicate with one another
|
202
|
+
VpcId: !Ref VPC
|
203
|
+
|
204
|
+
NodeGroupsIngressRule:
|
205
|
+
Type: AWS::EC2::SecurityGroupIngress
|
206
|
+
Properties:
|
207
|
+
Description: Allow nodegroups to communicate with each other
|
208
|
+
FromPort: -1
|
209
|
+
GroupId: !Ref NodeGroupsInClusterSecurityGroup
|
210
|
+
IpProtocol: "-1"
|
211
|
+
SourceSecurityGroupId: !Ref NodeGroupsInClusterSecurityGroup
|
212
|
+
ToPort: -1
|
213
|
+
|
214
|
+
<% open_ports.each do |port| %>
|
215
|
+
NodeGroupsOpenPort<%=port%>IngressRule:
|
216
|
+
Type: AWS::EC2::SecurityGroupIngress
|
217
|
+
Properties:
|
218
|
+
Description: Open port for all nodes
|
219
|
+
FromPort: <%=port%>
|
220
|
+
GroupId: !Ref NodeGroupsInClusterSecurityGroup
|
221
|
+
IpProtocol: tcp
|
222
|
+
ToPort: <%=port%>
|
223
|
+
CidrIp: "0.0.0.0/0"
|
224
|
+
<% end %>
|
225
|
+
|
161
226
|
Outputs:
|
162
227
|
|
163
228
|
SubnetIds:
|
@@ -168,7 +233,15 @@ Outputs:
|
|
168
233
|
Description: Security group for the cluster control plane communication with worker nodes
|
169
234
|
Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
|
170
235
|
|
236
|
+
NodeGroupsInClusterSecurityGroup:
|
237
|
+
Description: Security group for node groups communication
|
238
|
+
Value: !Ref NodeGroupsInClusterSecurityGroup
|
239
|
+
|
171
240
|
VpcId:
|
172
241
|
Description: The VPC Id
|
173
242
|
Value: !Ref VPC
|
174
243
|
|
244
|
+
EKSClusterARN:
|
245
|
+
Description: Create EKS Cluster
|
246
|
+
Value: !GetAtt EKSCluster.Arn
|
247
|
+
|
File without changes
|
@@ -0,0 +1,73 @@
|
|
1
|
+
kind: DaemonSet
|
2
|
+
apiVersion: apps/v1
|
3
|
+
metadata:
|
4
|
+
name: aws-node
|
5
|
+
namespace: kube-system
|
6
|
+
labels:
|
7
|
+
k8s-app: aws-node
|
8
|
+
spec:
|
9
|
+
updateStrategy:
|
10
|
+
type: RollingUpdate
|
11
|
+
selector:
|
12
|
+
matchLabels:
|
13
|
+
k8s-app: aws-node
|
14
|
+
template:
|
15
|
+
metadata:
|
16
|
+
labels:
|
17
|
+
k8s-app: aws-node
|
18
|
+
annotations:
|
19
|
+
scheduler.alpha.kubernetes.io/critical-pod: ''
|
20
|
+
spec:
|
21
|
+
serviceAccountName: aws-node
|
22
|
+
hostNetwork: true
|
23
|
+
tolerations:
|
24
|
+
- operator: Exists
|
25
|
+
containers:
|
26
|
+
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.2.1
|
27
|
+
imagePullPolicy: Always
|
28
|
+
ports:
|
29
|
+
- containerPort: 61678
|
30
|
+
name: metrics
|
31
|
+
name: aws-node
|
32
|
+
env:
|
33
|
+
- name: AWS_VPC_K8S_CNI_LOGLEVEL
|
34
|
+
value: DEBUG
|
35
|
+
- name: MY_NODE_NAME
|
36
|
+
valueFrom:
|
37
|
+
fieldRef:
|
38
|
+
fieldPath: spec.nodeName
|
39
|
+
<% if custom_warm_ip_target %>
|
40
|
+
- name: WARM_IP_TARGET
|
41
|
+
value: "<%=custom_warm_ip_target%>"
|
42
|
+
<% end %>
|
43
|
+
- name: WATCH_NAMESPACE
|
44
|
+
valueFrom:
|
45
|
+
fieldRef:
|
46
|
+
fieldPath: metadata.namespace
|
47
|
+
resources:
|
48
|
+
requests:
|
49
|
+
cpu: 10m
|
50
|
+
securityContext:
|
51
|
+
privileged: true
|
52
|
+
volumeMounts:
|
53
|
+
- mountPath: /host/opt/cni/bin
|
54
|
+
name: cni-bin-dir
|
55
|
+
- mountPath: /host/etc/cni/net.d
|
56
|
+
name: cni-net-dir
|
57
|
+
- mountPath: /host/var/log
|
58
|
+
name: log-dir
|
59
|
+
- mountPath: /var/run/docker.sock
|
60
|
+
name: dockersock
|
61
|
+
volumes:
|
62
|
+
- name: cni-bin-dir
|
63
|
+
hostPath:
|
64
|
+
path: /opt/cni/bin
|
65
|
+
- name: cni-net-dir
|
66
|
+
hostPath:
|
67
|
+
path: /etc/cni/net.d
|
68
|
+
- name: log-dir
|
69
|
+
hostPath:
|
70
|
+
path: /var/log
|
71
|
+
- name: dockersock
|
72
|
+
hostPath:
|
73
|
+
path: /var/run/docker.sock
|
File without changes
|
File without changes
|
File without changes
|
data/lib/eks_cli/cli.rb
CHANGED
@@ -9,7 +9,6 @@ module EksCli
|
|
9
9
|
autoload :NodeGroup, 'nodegroup'
|
10
10
|
module CloudFormation
|
11
11
|
autoload :Stack, 'cloudformation/stack'
|
12
|
-
autoload :VPC, 'cloudformation/vpc'
|
13
12
|
end
|
14
13
|
module EKS
|
15
14
|
autoload :Cluster, 'eks/cluster'
|
@@ -18,12 +17,6 @@ module EksCli
|
|
18
17
|
autoload :Auth, 'k8s/auth'
|
19
18
|
autoload :Client, 'k8s/client'
|
20
19
|
end
|
21
|
-
module EC2
|
22
|
-
autoload :SecurityGroup, 'ec2/security_group'
|
23
|
-
end
|
24
|
-
module IAM
|
25
|
-
autoload :Client, 'iam/client'
|
26
|
-
end
|
27
20
|
module Route53
|
28
21
|
autoload :Client, 'route53/client'
|
29
22
|
end
|
@@ -46,25 +39,28 @@ module EksCli
|
|
46
39
|
option :enable_gpu, type: :boolean, default: false, desc: "installs nvidia device plugin daemon set"
|
47
40
|
option :create_default_storage_class, type: :boolean, default: true, desc: "creates a default gp2 storage class"
|
48
41
|
option :create_dns_autoscaler, type: :boolean, default: true, desc: "creates dns autoscaler on the cluster"
|
42
|
+
option :warm_ip_target, type: :numeric, desc: "set a default custom warm ip target for CNI"
|
49
43
|
def create
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
44
|
+
opts = {region: options[:region],
|
45
|
+
kubernetes_version: options[:kubernetes_version],
|
46
|
+
open_ports: options[:open_ports],
|
47
|
+
cidr: options[:cidr],
|
48
|
+
warm_ip_target: options[:warm_ip_target] ? options[:warm_ip_target].to_i : nil,
|
49
|
+
subnet1_az: (options[:subnet1_az] || Config::AZS[options[:region]][0]),
|
50
|
+
subnet2_az: (options[:subnet2_az] || Config::AZS[options[:region]][1]),
|
51
|
+
subnet3_az: (options[:subnet3_az] || Config::AZS[options[:region]][2])}
|
52
|
+
config.bootstrap(opts)
|
53
|
+
cluster = EKS::Cluster.new(cluster_name).create
|
54
|
+
config.write(cluster.config)
|
55
|
+
cluster.update_kubeconfig
|
55
56
|
wait_for_cluster
|
56
57
|
enable_gpu if options[:enable_gpu]
|
57
58
|
create_default_storage_class if options[:create_default_storage_class]
|
58
59
|
create_dns_autoscaler if options[:create_dns_autoscaler]
|
60
|
+
update_cluster_cni if options[:warm_ip_target]
|
59
61
|
say "cluster creation completed"
|
60
62
|
end
|
61
63
|
|
62
|
-
desc "create-eks-role", "creates an IAM role for usage by EKS"
|
63
|
-
def create_eks_role
|
64
|
-
role = IAM::Client.new(cluster_name).create_eks_role
|
65
|
-
Config[cluster_name].write({eks_role_arn: role.arn})
|
66
|
-
end
|
67
|
-
|
68
64
|
desc "show-config", "print cluster configuration"
|
69
65
|
option :group_name, desc: "group name to show configuration for"
|
70
66
|
def show_config
|
@@ -75,27 +71,9 @@ module EksCli
|
|
75
71
|
end
|
76
72
|
end
|
77
73
|
|
78
|
-
desc "
|
79
|
-
|
80
|
-
|
81
|
-
option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
|
82
|
-
option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
|
83
|
-
def create_cluster_vpc
|
84
|
-
opts = options.slice("cidr", "subnet1_az", "subnet2_az", "subnet3_az")
|
85
|
-
opts["subnet1_az"] ||= Config::AZS[config["region"]][0]
|
86
|
-
opts["subnet2_az"] ||= Config::AZS[config["region"]][1]
|
87
|
-
opts["subnet3_az"] ||= Config::AZS[config["region"]][2]
|
88
|
-
config.write(opts, :config)
|
89
|
-
cfg = CloudFormation::VPC.new(cluster_name).create
|
90
|
-
config.write(cfg)
|
91
|
-
end
|
92
|
-
|
93
|
-
desc "create-eks-cluster", "create EKS cluster on AWS"
|
94
|
-
def create_eks_cluster
|
95
|
-
cluster = EKS::Cluster.new(cluster_name).create
|
96
|
-
cluster.await
|
97
|
-
Config[cluster_name].write({cluster_arn: cluster.arn})
|
98
|
-
cluster.update_kubeconfig
|
74
|
+
desc "update-cluster-cni", "updates cni with warm ip target"
|
75
|
+
def update_cluster_cni
|
76
|
+
K8s::Client.new(cluster_name).update_cni
|
99
77
|
end
|
100
78
|
|
101
79
|
desc "enable-gpu", "installs nvidia plugin as a daemonset on the cluster"
|
@@ -164,14 +142,6 @@ module EksCli
|
|
164
142
|
Config[cluster_name].set_iam_policies(options[:policies])
|
165
143
|
end
|
166
144
|
|
167
|
-
desc "create-cluster-security-group", "creates a SG for cluster communication"
|
168
|
-
option :open_ports, type: :array, default: [], desc: "open ports on cluster nodes"
|
169
|
-
def create_cluster_security_group
|
170
|
-
open_ports = options[:open_ports].map(&:to_i)
|
171
|
-
gid = EC2::SecurityGroup.new(cluster_name, open_ports).create
|
172
|
-
Config[cluster_name].write({nodes_sg_id: gid})
|
173
|
-
end
|
174
|
-
|
175
145
|
desc "update-dns HOSTNAME K8S_SERVICE_NAME", "alters route53 CNAME records to point to k8s service ELBs"
|
176
146
|
option :route53_hosted_zone_id, required: true, desc: "hosted zone ID for the cname record on route53"
|
177
147
|
option :elb_hosted_zone_id, required: true, desc: "hosted zone ID for the ELB on ec2"
|
@@ -2,17 +2,18 @@ require 'cloudformation/stack'
|
|
2
2
|
require 'config'
|
3
3
|
require 'ipaddress'
|
4
4
|
require 'log'
|
5
|
+
require 'utils/erb_resolver'
|
5
6
|
|
6
7
|
module EksCli
|
7
8
|
module CloudFormation
|
8
|
-
class
|
9
|
+
class EKS
|
9
10
|
|
10
11
|
def initialize(cluster_name)
|
11
12
|
@cluster_name = cluster_name
|
12
13
|
end
|
13
14
|
|
14
15
|
def create
|
15
|
-
Log.info "creating
|
16
|
+
Log.info "creating EKS stack for #{@cluster_name}"
|
16
17
|
s = Stack.create(@cluster_name, cf_config)
|
17
18
|
Stack.await([s])
|
18
19
|
s.reload
|
@@ -20,10 +21,14 @@ module EksCli
|
|
20
21
|
SecurityGroups: #{s.output("SecurityGroups")}
|
21
22
|
VpcId: #{s.output("VpcId")}
|
22
23
|
SubnetIds: #{s.output("SubnetIds")}
|
24
|
+
EKSClusterARN: #{s.output("EKSClusterARN")}
|
25
|
+
NodeGroupsInClusterSecurityGroup: #{s.output("NodeGroupsInClusterSecurityGroup")}
|
23
26
|
"
|
24
27
|
{control_plane_sg_id: s.output("SecurityGroups"),
|
25
28
|
vpc_id: s.output("VpcId"),
|
26
|
-
subnets: s.output("SubnetIds").split(",")
|
29
|
+
subnets: s.output("SubnetIds").split(","),
|
30
|
+
nodes_sg_id: s.output("NodeGroupsInClusterSecurityGroup"),
|
31
|
+
cluster_arn: s.output("EKSClusterARN")}
|
27
32
|
end
|
28
33
|
|
29
34
|
private
|
@@ -32,15 +37,19 @@ module EksCli
|
|
32
37
|
{stack_name: stack_name,
|
33
38
|
template_body: cf_template_body,
|
34
39
|
parameters: build_params,
|
40
|
+
capabilities: ["CAPABILITY_NAMED_IAM"],
|
35
41
|
tags: tags}
|
36
42
|
end
|
37
43
|
|
38
44
|
def cf_template_body
|
39
|
-
@cf_template_body ||=
|
45
|
+
@cf_template_body ||= begin
|
46
|
+
template = File.read(File.join($root_dir, '/assets/cf/eks_cluster.yaml.erb'))
|
47
|
+
ERBResolver.render(template, {open_ports: config["open_ports"]})
|
48
|
+
end
|
40
49
|
end
|
41
50
|
|
42
51
|
def stack_name
|
43
|
-
"#{@cluster_name}-EKS
|
52
|
+
"#{@cluster_name}-EKS"
|
44
53
|
end
|
45
54
|
|
46
55
|
def tags
|
@@ -56,7 +65,8 @@ module EksCli
|
|
56
65
|
"Subnet03Block" => subnets[2],
|
57
66
|
"Subnet01AZ" => config["subnet1_az"],
|
58
67
|
"Subnet02AZ" => config["subnet2_az"],
|
59
|
-
"Subnet03AZ" => config["subnet3_az"]
|
68
|
+
"Subnet03AZ" => config["subnet3_az"],
|
69
|
+
"ClusterName" => @cluster_name}.map do |(k,v)|
|
60
70
|
{parameter_key: k, parameter_value: v}
|
61
71
|
end
|
62
72
|
|
data/lib/eks_cli/eks/cluster.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
|
-
require '
|
2
|
-
require 'eks/client'
|
1
|
+
require 'cloudformation/eks'
|
3
2
|
require 'config'
|
4
3
|
require 'log'
|
5
4
|
|
@@ -13,44 +12,11 @@ module EksCli
|
|
13
12
|
|
14
13
|
def create
|
15
14
|
Log.info "creating cluster #{@cluster_name}"
|
16
|
-
|
17
|
-
resp = client.create_cluster(config)
|
18
|
-
Log.info "response: #{resp.cluster}"
|
15
|
+
@config = CloudFormation::EKS.new(@cluster_name).create
|
19
16
|
self
|
20
17
|
end
|
21
18
|
|
22
|
-
def config
|
23
|
-
{name: @cluster_name,
|
24
|
-
version: Config[@cluster_name]["kubernetes_version"],
|
25
|
-
role_arn: Config[@cluster_name]["eks_role_arn"],
|
26
|
-
resources_vpc_config: {
|
27
|
-
subnet_ids: Config[@cluster_name]["subnets"],
|
28
|
-
security_group_ids: [Config[@cluster_name]["control_plane_sg_id"]]}}
|
29
|
-
end
|
30
|
-
|
31
|
-
def await
|
32
|
-
while status == "CREATING" do
|
33
|
-
Log.info "waiting for cluster #{@cluster_name} to finish creation (#{status})"
|
34
|
-
sleep 10
|
35
|
-
end
|
36
|
-
Log.info "cluster #{@cluster_name} created with status #{status}"
|
37
|
-
end
|
38
|
-
|
39
|
-
def status
|
40
|
-
cluster.status
|
41
|
-
end
|
42
|
-
|
43
|
-
def cluster
|
44
|
-
client.describe_cluster(name: @cluster_name).cluster
|
45
|
-
end
|
46
|
-
|
47
|
-
def arn
|
48
|
-
cluster.arn
|
49
|
-
end
|
50
|
-
|
51
|
-
def client
|
52
|
-
Client.get(@cluster_name)
|
53
|
-
end
|
19
|
+
def config; @config; end
|
54
20
|
|
55
21
|
def update_kubeconfig
|
56
22
|
Log.info "updating kubeconfig for cluster #{@cluster_name}"
|
data/lib/eks_cli/k8s/client.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'utils/erb_resolver'
|
1
2
|
require 'yaml'
|
2
3
|
require 'kubeclient'
|
3
4
|
require_relative '../log'
|
@@ -18,7 +19,7 @@ module EksCli
|
|
18
19
|
|
19
20
|
def enable_gpu
|
20
21
|
Log.info "installing nvidia device plugin daemon set (GPU support)"
|
21
|
-
self.create_daemon_set(resource_from_yaml("nvidia_device_plugin.yaml"))
|
22
|
+
self.create_daemon_set(resource_from_yaml("k8s/nvidia_device_plugin.yaml"))
|
22
23
|
end
|
23
24
|
|
24
25
|
def set_docker_registry_credentials(user, password, email)
|
@@ -33,12 +34,17 @@ module EksCli
|
|
33
34
|
|
34
35
|
def create_default_storage_class
|
35
36
|
Log.info "creating default storage class"
|
36
|
-
Log.info self.create_storage_class(resource_from_yaml("default_storage_class.yaml"))
|
37
|
+
Log.info self.create_storage_class(resource_from_yaml("k8s/default_storage_class.yaml"))
|
37
38
|
end
|
38
39
|
|
39
40
|
def create_dns_autoscaler
|
40
41
|
Log.info "creating kube-dns autoscaler"
|
41
|
-
Log.info self.create_deployment(resource_from_yaml("dns_autoscaler.dep.yaml"))
|
42
|
+
Log.info self.create_deployment(resource_from_yaml("k8s/dns_autoscaler.dep.yaml"))
|
43
|
+
end
|
44
|
+
|
45
|
+
def update_cni
|
46
|
+
Log.info "updating cni"
|
47
|
+
Log.info self.update_daemon_set(resource_from_erb("k8s/cni_1_2_1.yaml.erb", {custom_warm_ip_target: config["warm_ip_target"]}))
|
42
48
|
end
|
43
49
|
|
44
50
|
def wait_for_cluster
|
@@ -59,11 +65,22 @@ module EksCli
|
|
59
65
|
|
60
66
|
private
|
61
67
|
|
68
|
+
def resource_from_erb(filename, bindings)
|
69
|
+
erb = File.read(file_path(filename))
|
70
|
+
resolved = ERBResolver.render(erb, bindings)
|
71
|
+
yaml = YAML.load(resolved)
|
72
|
+
Kubeclient::Resource.new(yaml)
|
73
|
+
end
|
74
|
+
|
62
75
|
def resource_from_yaml(filename)
|
63
|
-
yaml = YAML.load_file(
|
76
|
+
yaml = YAML.load_file(file_path(filename))
|
64
77
|
Kubeclient::Resource.new(yaml)
|
65
78
|
end
|
66
79
|
|
80
|
+
def file_path(filename)
|
81
|
+
File.join($root_dir, "/assets/#{filename}")
|
82
|
+
end
|
83
|
+
|
67
84
|
def method_missing(method, *args, &block)
|
68
85
|
if v1_client.respond_to?(method)
|
69
86
|
v1_client.send(method, *args, &block)
|
data/lib/eks_cli/nodegroup.rb
CHANGED
@@ -3,7 +3,6 @@ require 'aws-sdk-autoscaling'
|
|
3
3
|
require 'config'
|
4
4
|
require 'spotinst/client'
|
5
5
|
require 'cloudformation/stack'
|
6
|
-
require 'iam/client'
|
7
6
|
require 'k8s/auth'
|
8
7
|
require 'log'
|
9
8
|
|
@@ -100,7 +99,7 @@ module EksCli
|
|
100
99
|
private
|
101
100
|
|
102
101
|
def cf_template_body
|
103
|
-
@cf_template_body ||= File.read(File.join($root_dir, '/assets/
|
102
|
+
@cf_template_body ||= File.read(File.join($root_dir, '/assets/cf/nodegroup.yaml'))
|
104
103
|
end
|
105
104
|
|
106
105
|
def await(stack)
|
data/lib/eks_cli/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: eks_cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erez Rabih
|
@@ -24,34 +24,6 @@ dependencies:
|
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 0.20.3
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: aws-sdk-iam
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 1.12.0
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 1.12.0
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: aws-sdk-eks
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - '='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 1.9.0
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - '='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 1.9.0
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: aws-sdk-ec2
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -178,21 +150,19 @@ files:
|
|
178
150
|
- README.md
|
179
151
|
- bin/eks
|
180
152
|
- eks_cli.gemspec
|
181
|
-
- lib/assets/
|
182
|
-
- lib/assets/
|
183
|
-
- lib/assets/
|
184
|
-
- lib/assets/
|
185
|
-
- lib/assets/
|
153
|
+
- lib/assets/cf/eks_cluster.yaml.erb
|
154
|
+
- lib/assets/cf/nodegroup.yaml
|
155
|
+
- lib/assets/k8s/cni_1_2_1.yaml.erb
|
156
|
+
- lib/assets/k8s/default_storage_class.yaml
|
157
|
+
- lib/assets/k8s/dns_autoscaler.dep.yaml
|
158
|
+
- lib/assets/k8s/nvidia_device_plugin.yaml
|
186
159
|
- lib/eks_cli.rb
|
187
160
|
- lib/eks_cli/cli.rb
|
188
161
|
- lib/eks_cli/cloudformation/client.rb
|
162
|
+
- lib/eks_cli/cloudformation/eks.rb
|
189
163
|
- lib/eks_cli/cloudformation/stack.rb
|
190
|
-
- lib/eks_cli/cloudformation/vpc.rb
|
191
164
|
- lib/eks_cli/config.rb
|
192
|
-
- lib/eks_cli/ec2/security_group.rb
|
193
|
-
- lib/eks_cli/eks/client.rb
|
194
165
|
- lib/eks_cli/eks/cluster.rb
|
195
|
-
- lib/eks_cli/iam/client.rb
|
196
166
|
- lib/eks_cli/k8s/auth.rb
|
197
167
|
- lib/eks_cli/k8s/client.rb
|
198
168
|
- lib/eks_cli/k8s/configmap_builder.rb
|
@@ -200,6 +170,7 @@ files:
|
|
200
170
|
- lib/eks_cli/nodegroup.rb
|
201
171
|
- lib/eks_cli/route53/client.rb
|
202
172
|
- lib/eks_cli/spotinst/client.rb
|
173
|
+
- lib/eks_cli/utils/erb_resolver.rb
|
203
174
|
- lib/eks_cli/version.rb
|
204
175
|
- lib/eks_cli/vpc/client.rb
|
205
176
|
homepage: https://github.com/nanit/eks_cli
|
@@ -1,53 +0,0 @@
|
|
1
|
-
require 'aws-sdk-ec2'
|
2
|
-
require 'log'
|
3
|
-
require 'config'
|
4
|
-
module EksCli
|
5
|
-
module EC2
|
6
|
-
class SecurityGroup
|
7
|
-
|
8
|
-
def initialize(cluster_name, open_ports)
|
9
|
-
@cluster_name = cluster_name
|
10
|
-
@open_ports = open_ports
|
11
|
-
end
|
12
|
-
|
13
|
-
def create
|
14
|
-
Log.info "creating security group for in-cluster communication for #{@cluster_name}"
|
15
|
-
gid = client.create_security_group(description: "Security group for in-cluster communication on #{@cluster_name}",
|
16
|
-
group_name: "#{@cluster_name}-SG",
|
17
|
-
vpc_id: vpc_id).group_id
|
18
|
-
|
19
|
-
Log.info "created security group #{gid}, setting ingress/egress rules"
|
20
|
-
|
21
|
-
client.authorize_security_group_ingress(group_id: gid,
|
22
|
-
ip_permissions: [{from_port: -1,
|
23
|
-
ip_protocol: "-1",
|
24
|
-
to_port: -1,
|
25
|
-
user_id_group_pairs: [{description: "in-cluster communication for #{@cluster_name}",
|
26
|
-
group_id: gid}]}])
|
27
|
-
|
28
|
-
@open_ports.each do |port|
|
29
|
-
|
30
|
-
client.authorize_security_group_ingress(group_id: gid,
|
31
|
-
ip_permissions: [{from_port: port,
|
32
|
-
to_port: port,
|
33
|
-
ip_protocol: "tcp",
|
34
|
-
ip_ranges: [{cidr_ip: "0.0.0.0/0",
|
35
|
-
description: "EKS cluster allow access on port #{port}"}]}])
|
36
|
-
end
|
37
|
-
|
38
|
-
Log.info "done"
|
39
|
-
gid
|
40
|
-
end
|
41
|
-
|
42
|
-
private
|
43
|
-
|
44
|
-
def vpc_id
|
45
|
-
Config[@cluster_name]["vpc_id"]
|
46
|
-
end
|
47
|
-
|
48
|
-
def client
|
49
|
-
@client ||= Aws::EC2::Client.new(region: Config[@cluster_name]["region"])
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
data/lib/eks_cli/eks/client.rb
DELETED
data/lib/eks_cli/iam/client.rb
DELETED
@@ -1,64 +0,0 @@
|
|
1
|
-
require 'aws-sdk-iam'
|
2
|
-
require 'config'
|
3
|
-
module EksCli
|
4
|
-
module IAM
|
5
|
-
class Client
|
6
|
-
|
7
|
-
EKS_CLUSTER_POLICIES = ["AmazonEKSClusterPolicy", "AmazonEKSServicePolicy"]
|
8
|
-
ASSUME_ROLE = {
|
9
|
-
"Version" => "2012-10-17",
|
10
|
-
"Statement" => [
|
11
|
-
{
|
12
|
-
"Effect" => "Allow",
|
13
|
-
"Principal" => {
|
14
|
-
"Service" => "eks.amazonaws.com"
|
15
|
-
},
|
16
|
-
"Action" => "sts:AssumeRole"
|
17
|
-
}
|
18
|
-
]
|
19
|
-
}
|
20
|
-
|
21
|
-
def initialize(cluster_name)
|
22
|
-
@cluster_name = cluster_name
|
23
|
-
end
|
24
|
-
|
25
|
-
def client
|
26
|
-
@client ||= Aws::IAM::Client.new(region: config["region"])
|
27
|
-
end
|
28
|
-
|
29
|
-
def config
|
30
|
-
@config ||= Config[@cluster_name]
|
31
|
-
end
|
32
|
-
|
33
|
-
def create_eks_role
|
34
|
-
Log.info "creating IAM cluster role for #{@cluster_name}"
|
35
|
-
begin
|
36
|
-
role = client.get_role(role_name: role_name).role
|
37
|
-
rescue Aws::IAM::Errors::NoSuchEntity => e
|
38
|
-
role = client.create_role(role_name: role_name,
|
39
|
-
description: "created by eks cli for #{@cluster_name}",
|
40
|
-
assume_role_policy_document: ASSUME_ROLE.to_json).role
|
41
|
-
attach_policies(role.role_name, EKS_CLUSTER_POLICIES)
|
42
|
-
end
|
43
|
-
Log.info "created role #{role}"
|
44
|
-
role
|
45
|
-
end
|
46
|
-
|
47
|
-
def attach_policies(role_name, policies)
|
48
|
-
Log.info "attaching IAM policies to #{role_name}"
|
49
|
-
policies.each do |p|
|
50
|
-
client.attach_role_policy(policy_arn: arn(p),
|
51
|
-
role_name: role_name)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def arn(p)
|
56
|
-
"arn:aws:iam::aws:policy/#{p}"
|
57
|
-
end
|
58
|
-
|
59
|
-
def role_name
|
60
|
-
"#{@cluster_name}-EKS-Role"
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|