eks_cli 0.2.8 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f5be6fcc878fec18884e01562e9e1470cfa58183
-  data.tar.gz: 8cdaaa2c3432730502855e5e27753efc8729e8ab
+  metadata.gz: 31a75cf42b492a4173cd98f65a05240d50ae639d
+  data.tar.gz: a392ccaf9a7393f3b8f14f7002c7cf79c59fbf36
 SHA512:
-  metadata.gz: ee939489d068d59e5379a7ab9d52916e7ec4f129a8a2242fc702ef713772c04c7a490a3382641114701059a163aec7be68c8d3baec15f2ea178c8e178ba0866f
-  data.tar.gz: 16a4702bc98dd7cad06ed2ed034c4bc0ca05198b569a55a561de5429d7002ae9ece4f5e1cf3d50716fdd41c8ae65b6c957a41e75fb4f7c0351589a959773c574
+  metadata.gz: 6a08a3c0e52ef60e3a5a1f2d995ec5b4bea140085ca5729631478031cbc74b56fc3ba73c3564bcb4d0255a9503d451340313fbbd090b8c58b54ac51765227c7f
+  data.tar.gz: 178aeab23de7a7b08ba95db3e0ac3c02fd7137bfcca502373340b383df8114d92dd998bf2a3e9bd44c7e4c0514d68c7e1003311cf002ce769449c9972edd89a1

data/Gemfile.lock

@@ -1,21 +1,21 @@
 PATH
   remote: .
   specs:
-    eks_cli (0.1.6)
-      activesupport
-      aws-sdk-cloudformation
-      aws-sdk-ec2
-      aws-sdk-eks
-      aws-sdk-iam
-      aws-sdk-route53
-      httparty
-      kubeclient
-      thor
+    eks_cli (0.2.9)
+      activesupport (= 5.2.1.1)
+      aws-sdk-autoscaling (= 1.13.0)
+      aws-sdk-cloudformation (= 1.13.0)
+      aws-sdk-ec2 (= 1.62.0)
+      aws-sdk-route53 (= 1.16.0)
+      httparty (= 0.16.3)
+      ipaddress (= 0.8.3)
+      kubeclient (= 4.1.0)
+      thor (= 0.20.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.1)
+    activesupport (5.2.1.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -23,29 +23,26 @@ GEM
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
     aws-eventstream (1.0.1)
-    aws-partitions (1.115.0)
+    aws-partitions (1.125.0)
+    aws-sdk-autoscaling (1.13.0)
+      aws-sdk-core (~> 3, >= 3.39.0)
+      aws-sigv4 (~> 1.0)
     aws-sdk-cloudformation (1.13.0)
       aws-sdk-core (~> 3, >= 3.39.0)
       aws-sigv4 (~> 1.0)
-    aws-sdk-core (3.39.0)
+    aws-sdk-core (3.44.0)
       aws-eventstream (~> 1.0)
       aws-partitions (~> 1.0)
       aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
-    aws-sdk-ec2 (1.59.0)
-      aws-sdk-core (~> 3, >= 3.39.0)
-      aws-sigv4 (~> 1.0)
-    aws-sdk-eks (1.8.0)
-      aws-sdk-core (~> 3, >= 3.39.0)
-      aws-sigv4 (~> 1.0)
-    aws-sdk-iam (1.12.0)
+    aws-sdk-ec2 (1.62.0)
       aws-sdk-core (~> 3, >= 3.39.0)
       aws-sigv4 (~> 1.0)
     aws-sdk-route53 (1.16.0)
       aws-sdk-core (~> 3, >= 3.39.0)
       aws-sigv4 (~> 1.0)
     aws-sigv4 (1.0.3)
-    concurrent-ruby (1.1.3)
+    concurrent-ruby (1.1.4)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     http (3.3.0)
@@ -60,10 +57,11 @@ GEM
     httparty (0.16.3)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    i18n (1.1.1)
+    i18n (1.2.0)
       concurrent-ruby (~> 1.0)
+    ipaddress (0.8.3)
     jmespath (1.4.0)
-    kubeclient (4.0.0)
+    kubeclient (4.1.0)
       http (~> 3.0)
       recursive-open-struct (~> 1.0, >= 1.0.4)
       rest-client (~> 2.0)

data/eks_cli.gemspec

@@ -21,8 +21,6 @@ Gem::Specification.new do |s|
   s.executables   = ["eks"]
   s.require_paths = ["lib"]
   s.add_dependency 'thor', '0.20.3'
-  s.add_dependency 'aws-sdk-iam', '1.12.0'
-  s.add_dependency 'aws-sdk-eks', '1.9.0'
   s.add_dependency 'aws-sdk-ec2', '1.62.0'
   s.add_dependency 'aws-sdk-cloudformation', '1.13.0'
   s.add_dependency 'aws-sdk-route53', '1.16.0'

data/lib/assets/{eks_vpc_cf_template.yaml → cf/eks_cluster.yaml.erb}

@@ -1,9 +1,13 @@
 ---
 AWSTemplateFormatVersion: '2010-09-09'
-Description: 'Amazon EKS Sample VPC'
+Description: 'Amazon EKS Cluster'
 
 Parameters:
 
+  ClusterName:
+    Type: String
+    Description: EKS cluster name
+
   VpcBlock:
     Type: String
     Default: 192.168.0.0/16
@@ -52,6 +56,24 @@ Metadata:
           - Subnet03AZ
 
 Resources:
+
+  AWSServiceRoleForAmazonEKS:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Sub "${AWS::StackName}-RoleArn"
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Effect: Allow
+          Principal:
+            Service:
+            - eks.amazonaws.com
+          Action:
+          - sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonEKSServicePolicy
+        - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+  
   VPC:
     Type: AWS::EC2::VPC
     Properties:
@@ -158,6 +180,49 @@ Resources:
       GroupDescription: Cluster communication with worker nodes
       VpcId: !Ref VPC
 
+  EKSCluster:
+    Type: AWS::EKS::Cluster
+    Properties:
+      Name: !Ref ClusterName
+      ResourcesVpcConfig: 
+        SecurityGroupIds:
+          - !Ref ControlPlaneSecurityGroup
+        SubnetIds:
+          - !Ref Subnet01
+          - !Ref Subnet02
+          - !Ref Subnet03
+      RoleArn: !GetAtt AWSServiceRoleForAmazonEKS.Arn
+      Version: "1.10"
+
+  NodeGroupsInClusterSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties: 
+      GroupName: !Sub "${AWS::StackName}-EKS-NodeGroups-SG"
+      GroupDescription: Allow all nodegroups to communicate with one another
+      VpcId: !Ref VPC
+
+  NodeGroupsIngressRule:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties: 
+      Description: Allow nodegroups to communicate with each other
+      FromPort: -1
+      GroupId: !Ref NodeGroupsInClusterSecurityGroup
+      IpProtocol: "-1"
+      SourceSecurityGroupId: !Ref NodeGroupsInClusterSecurityGroup
+      ToPort: -1
+
+  <% open_ports.each do |port| %>
+  NodeGroupsOpenPort<%=port%>IngressRule:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties: 
+      Description: Open port for all nodes
+      FromPort: <%=port%>
+      GroupId: !Ref NodeGroupsInClusterSecurityGroup
+      IpProtocol: tcp
+      ToPort: <%=port%>
+      CidrIp: "0.0.0.0/0"
+  <% end %>
+
 Outputs:
 
   SubnetIds:
@@ -168,7 +233,15 @@ Outputs:
     Description: Security group for the cluster control plane communication with worker nodes
     Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
 
+  NodeGroupsInClusterSecurityGroup:
+    Description: Security group for node groups communication
+    Value: !Ref NodeGroupsInClusterSecurityGroup
+
   VpcId:
     Description: The VPC Id
     Value: !Ref VPC
 
+  EKSClusterARN:
+    Description: Create EKS Cluster
+    Value: !GetAtt EKSCluster.Arn
+

data/lib/assets/k8s/cni_1_2_1.yaml.erb

@@ -0,0 +1,73 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: aws-node
+  namespace: kube-system
+  labels:
+    k8s-app: aws-node
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      k8s-app: aws-node
+  template:
+    metadata:
+      labels:
+        k8s-app: aws-node
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      serviceAccountName: aws-node
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+      containers:
+      - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.2.1
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 61678
+          name: metrics
+        name: aws-node
+        env:
+          - name: AWS_VPC_K8S_CNI_LOGLEVEL
+            value: DEBUG
+          - name: MY_NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          <% if custom_warm_ip_target %>
+          - name: WARM_IP_TARGET
+            value: "<%=custom_warm_ip_target%>"
+          <% end %>
+          - name: WATCH_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        resources:
+          requests:
+            cpu: 10m
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /host/opt/cni/bin
+          name: cni-bin-dir
+        - mountPath: /host/etc/cni/net.d
+          name: cni-net-dir
+        - mountPath: /host/var/log
+          name: log-dir
+        - mountPath: /var/run/docker.sock
+          name: dockersock
+      volumes:
+      - name: cni-bin-dir
+        hostPath:
+          path: /opt/cni/bin
+      - name: cni-net-dir
+        hostPath:
+          path: /etc/cni/net.d
+      - name: log-dir
+        hostPath:
+          path: /var/log
+      - name: dockersock
+        hostPath:
+          path: /var/run/docker.sock

data/lib/eks_cli/cli.rb

@@ -9,7 +9,6 @@ module EksCli
   autoload :NodeGroup, 'nodegroup'
   module CloudFormation
     autoload :Stack, 'cloudformation/stack'
-    autoload :VPC, 'cloudformation/vpc'
   end
   module EKS
     autoload :Cluster, 'eks/cluster'
@@ -18,12 +17,6 @@ module EksCli
     autoload :Auth, 'k8s/auth'
     autoload :Client, 'k8s/client'
   end
-  module EC2
-    autoload :SecurityGroup, 'ec2/security_group'
-  end
-  module IAM
-    autoload :Client, 'iam/client'
-  end
   module Route53
     autoload :Client, 'route53/client'
   end
@@ -46,25 +39,28 @@ module EksCli
     option :enable_gpu, type: :boolean, default: false, desc: "installs nvidia device plugin daemon set"
     option :create_default_storage_class, type: :boolean, default: true, desc: "creates a default gp2 storage class"
     option :create_dns_autoscaler, type: :boolean, default: true, desc: "creates dns autoscaler on the cluster"
+    option :warm_ip_target, type: :numeric, desc: "set a default custom warm ip target for CNI"
     def create
-      Config[cluster_name].bootstrap({region: options[:region], kubernetes_version: options[:kubernetes_version]})
-      create_eks_role
-      create_cluster_vpc
-      create_eks_cluster
-      create_cluster_security_group
+      opts = {region: options[:region],
+              kubernetes_version: options[:kubernetes_version],
+              open_ports: options[:open_ports],
+              cidr: options[:cidr],
+              warm_ip_target: options[:warm_ip_target] ? options[:warm_ip_target].to_i : nil,
+              subnet1_az: (options[:subnet1_az] || Config::AZS[options[:region]][0]),
+              subnet2_az: (options[:subnet2_az] || Config::AZS[options[:region]][1]),
+              subnet3_az: (options[:subnet3_az] || Config::AZS[options[:region]][2])}
+      config.bootstrap(opts)
+      cluster = EKS::Cluster.new(cluster_name).create
+      config.write(cluster.config)
+      cluster.update_kubeconfig
       wait_for_cluster
       enable_gpu if options[:enable_gpu]
       create_default_storage_class if options[:create_default_storage_class]
       create_dns_autoscaler if options[:create_dns_autoscaler]
+      update_cluster_cni if options[:warm_ip_target]
       say "cluster creation completed"
     end
 
-    desc "create-eks-role", "creates an IAM role for usage by EKS"
-    def create_eks_role
-      role = IAM::Client.new(cluster_name).create_eks_role
-      Config[cluster_name].write({eks_role_arn: role.arn})
-    end
-
     desc "show-config", "print cluster configuration"
     option :group_name, desc: "group name to show configuration for"
     def show_config
@@ -75,27 +71,9 @@ module EksCli
       end
     end
 
-    desc "create-cluster-vpc", "creates a vpc according to aws cloudformation template"
-    option :cidr, type: :string, default: "192.168.0.0/16", desc: "CIRD block for cluster VPC"
-    option :subnet1_az, type: :string, desc: "availability zone for subnet 01"
-    option :subnet2_az, type: :string, desc: "availability zone for subnet 02"
-    option :subnet3_az, type: :string, desc: "availability zone for subnet 03"
-    def create_cluster_vpc
-      opts = options.slice("cidr", "subnet1_az", "subnet2_az", "subnet3_az")
-      opts["subnet1_az"] ||= Config::AZS[config["region"]][0]
-      opts["subnet2_az"] ||= Config::AZS[config["region"]][1]
-      opts["subnet3_az"] ||= Config::AZS[config["region"]][2]
-      config.write(opts, :config)
-      cfg = CloudFormation::VPC.new(cluster_name).create
-      config.write(cfg)
-    end
-
-    desc "create-eks-cluster", "create EKS cluster on AWS"
-    def create_eks_cluster
-      cluster = EKS::Cluster.new(cluster_name).create
-      cluster.await
-      Config[cluster_name].write({cluster_arn: cluster.arn})
-      cluster.update_kubeconfig
+    desc "update-cluster-cni", "updates cni with warm ip target"
+    def update_cluster_cni
+      K8s::Client.new(cluster_name).update_cni
     end
 
     desc "enable-gpu", "installs nvidia plugin as a daemonset on the cluster"
@@ -164,14 +142,6 @@ module EksCli
       Config[cluster_name].set_iam_policies(options[:policies])
     end
 
-    desc "create-cluster-security-group", "creates a SG for cluster communication"
-    option :open_ports, type: :array, default: [], desc: "open ports on cluster nodes"
-    def create_cluster_security_group
-      open_ports = options[:open_ports].map(&:to_i)
-      gid = EC2::SecurityGroup.new(cluster_name, open_ports).create
-      Config[cluster_name].write({nodes_sg_id: gid})
-    end
-
     desc "update-dns HOSTNAME K8S_SERVICE_NAME", "alters route53 CNAME records to point to k8s service ELBs"
     option :route53_hosted_zone_id, required: true, desc: "hosted zone ID for the cname record on route53"
     option :elb_hosted_zone_id, required: true, desc: "hosted zone ID for the ELB on ec2"

data/lib/eks_cli/cloudformation/{vpc.rb → eks.rb}

@@ -2,17 +2,18 @@ require 'cloudformation/stack'
 require 'config'
 require 'ipaddress'
 require 'log'
+require 'utils/erb_resolver'
 
 module EksCli
   module CloudFormation
-    class VPC
+    class EKS
 
       def initialize(cluster_name)
         @cluster_name = cluster_name
       end
 
       def create
-        Log.info "creating VPC stack for #{@cluster_name}"
+        Log.info "creating EKS stack for #{@cluster_name}"
         s = Stack.create(@cluster_name, cf_config)
         Stack.await([s])
         s.reload
@@ -20,10 +21,14 @@ module EksCli
           SecurityGroups: #{s.output("SecurityGroups")}
           VpcId: #{s.output("VpcId")}
           SubnetIds: #{s.output("SubnetIds")}
+          EKSClusterARN: #{s.output("EKSClusterARN")}
+          NodeGroupsInClusterSecurityGroup: #{s.output("NodeGroupsInClusterSecurityGroup")}
         "
         {control_plane_sg_id: s.output("SecurityGroups"),
          vpc_id: s.output("VpcId"),
-         subnets: s.output("SubnetIds").split(",")}
+         subnets: s.output("SubnetIds").split(","),
+         nodes_sg_id: s.output("NodeGroupsInClusterSecurityGroup"),
+         cluster_arn: s.output("EKSClusterARN")}
       end
 
       private
@@ -32,15 +37,19 @@ module EksCli
         {stack_name: stack_name,
          template_body: cf_template_body,
          parameters: build_params,
+         capabilities: ["CAPABILITY_NAMED_IAM"],
          tags: tags}
       end
 
       def cf_template_body
-        @cf_template_body ||= File.read(File.join($root_dir, '/assets/eks_vpc_cf_template.yaml'))
+        @cf_template_body ||= begin
+                                template = File.read(File.join($root_dir, '/assets/cf/eks_cluster.yaml.erb'))
+                                ERBResolver.render(template, {open_ports: config["open_ports"]})
+                              end
       end
 
       def stack_name
-        "#{@cluster_name}-EKS-VPC"
+        "#{@cluster_name}-EKS"
       end
 
       def tags
@@ -56,7 +65,8 @@ module EksCli
          "Subnet03Block" => subnets[2],
          "Subnet01AZ" => config["subnet1_az"],
          "Subnet02AZ" => config["subnet2_az"],
-         "Subnet03AZ" => config["subnet3_az"]}.map do |(k,v)|
+         "Subnet03AZ" => config["subnet3_az"],
+         "ClusterName" => @cluster_name}.map do |(k,v)|
           {parameter_key: k, parameter_value: v}
         end
 

data/lib/eks_cli/eks/cluster.rb

@@ -1,5 +1,4 @@
-require 'aws-sdk-eks'
-require 'eks/client'
+require 'cloudformation/eks'
 require 'config'
 require 'log'
 
@@ -13,44 +12,11 @@ module EksCli
 
       def create
         Log.info "creating cluster #{@cluster_name}"
-        Log.debug config
-        resp = client.create_cluster(config)
-        Log.info "response: #{resp.cluster}"
+        @config = CloudFormation::EKS.new(@cluster_name).create
         self
       end
 
-      def config
-        {name: @cluster_name,
-         version: Config[@cluster_name]["kubernetes_version"],
-         role_arn: Config[@cluster_name]["eks_role_arn"],
-         resources_vpc_config: {
-           subnet_ids: Config[@cluster_name]["subnets"],
-           security_group_ids:  [Config[@cluster_name]["control_plane_sg_id"]]}}
-      end
-
-      def await
-        while status == "CREATING" do
-          Log.info "waiting for cluster #{@cluster_name} to finish creation (#{status})"
-          sleep 10
-        end
-        Log.info "cluster #{@cluster_name} created with status #{status}"
-      end
-
-      def status
-        cluster.status
-      end
-
-      def cluster
-        client.describe_cluster(name: @cluster_name).cluster
-      end
-
-      def arn
-        cluster.arn
-      end
-
-      def client
-        Client.get(@cluster_name)
-      end
+      def config; @config; end
 
       def update_kubeconfig
         Log.info "updating kubeconfig for cluster #{@cluster_name}"

data/lib/eks_cli/k8s/client.rb

@@ -1,3 +1,4 @@
+require 'utils/erb_resolver'
 require 'yaml'
 require 'kubeclient'
 require_relative '../log'
@@ -18,7 +19,7 @@ module EksCli
 
       def enable_gpu
         Log.info "installing nvidia device plugin daemon set (GPU support)"
-        self.create_daemon_set(resource_from_yaml("nvidia_device_plugin.yaml"))
+        self.create_daemon_set(resource_from_yaml("k8s/nvidia_device_plugin.yaml"))
       end
 
       def set_docker_registry_credentials(user, password, email)
@@ -33,12 +34,17 @@ module EksCli
 
       def create_default_storage_class
         Log.info "creating default storage class"
-        Log.info self.create_storage_class(resource_from_yaml("default_storage_class.yaml"))
+        Log.info self.create_storage_class(resource_from_yaml("k8s/default_storage_class.yaml"))
       end
 
       def create_dns_autoscaler
         Log.info "creating kube-dns autoscaler"
-        Log.info self.create_deployment(resource_from_yaml("dns_autoscaler.dep.yaml"))
+        Log.info self.create_deployment(resource_from_yaml("k8s/dns_autoscaler.dep.yaml"))
+      end
+
+      def update_cni
+        Log.info "updating cni"
+        Log.info self.update_daemon_set(resource_from_erb("k8s/cni_1_2_1.yaml.erb", {custom_warm_ip_target: config["warm_ip_target"]}))
       end
 
       def wait_for_cluster
@@ -59,11 +65,22 @@ module EksCli
 
       private
 
+      def resource_from_erb(filename, bindings)
+        erb = File.read(file_path(filename))
+        resolved = ERBResolver.render(erb, bindings)
+        yaml = YAML.load(resolved)
+        Kubeclient::Resource.new(yaml)
+      end
+
       def resource_from_yaml(filename)
-        yaml = YAML.load_file(File.join($root_dir, "/assets/#{filename}"))
+        yaml = YAML.load_file(file_path(filename))
         Kubeclient::Resource.new(yaml)
       end
 
+      def file_path(filename)
+        File.join($root_dir, "/assets/#{filename}")
+      end
+
       def method_missing(method, *args, &block)
         if v1_client.respond_to?(method)
           v1_client.send(method, *args, &block)

data/lib/eks_cli/nodegroup.rb

@@ -3,7 +3,6 @@ require 'aws-sdk-autoscaling'
 require 'config'
 require 'spotinst/client'
 require 'cloudformation/stack'
-require 'iam/client'
 require 'k8s/auth'
 require 'log'
 
@@ -100,7 +99,7 @@ module EksCli
     private
 
     def cf_template_body
-      @cf_template_body ||= File.read(File.join($root_dir, '/assets/nodegroup_cf_template.yaml'))
+      @cf_template_body ||= File.read(File.join($root_dir, '/assets/cf/nodegroup.yaml'))
     end
 
     def await(stack)

data/lib/eks_cli/utils/erb_resolver.rb

@@ -0,0 +1,15 @@
+require 'ostruct'
+require 'erb'
+
+module EksCli
+  class ERBResolver < OpenStruct
+    def self.render(t, h)
+      ERBResolver.new(h).render(t)
+    end
+
+    def render(template)
+      ERB.new(template).result(binding)
+    end
+  end
+end
+

data/lib/eks_cli/version.rb

@@ -1,3 +1,3 @@
 module EksCli
-  VERSION = "0.2.8"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: eks_cli
 version: !ruby/object:Gem::Version
-  version: 0.2.8
+  version: 0.3.0
 platform: ruby
 authors:
 - Erez Rabih
@@ -24,34 +24,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.20.3
-- !ruby/object:Gem::Dependency
-  name: aws-sdk-iam
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.12.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.12.0
-- !ruby/object:Gem::Dependency
-  name: aws-sdk-eks
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.9.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.9.0
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ec2
   requirement: !ruby/object:Gem::Requirement
@@ -178,21 +150,19 @@ files:
 - README.md
 - bin/eks
 - eks_cli.gemspec
-- lib/assets/default_storage_class.yaml
-- lib/assets/dns_autoscaler.dep.yaml
-- lib/assets/eks_vpc_cf_template.yaml
-- lib/assets/nodegroup_cf_template.yaml
-- lib/assets/nvidia_device_plugin.yaml
+- lib/assets/cf/eks_cluster.yaml.erb
+- lib/assets/cf/nodegroup.yaml
+- lib/assets/k8s/cni_1_2_1.yaml.erb
+- lib/assets/k8s/default_storage_class.yaml
+- lib/assets/k8s/dns_autoscaler.dep.yaml
+- lib/assets/k8s/nvidia_device_plugin.yaml
 - lib/eks_cli.rb
 - lib/eks_cli/cli.rb
 - lib/eks_cli/cloudformation/client.rb
+- lib/eks_cli/cloudformation/eks.rb
 - lib/eks_cli/cloudformation/stack.rb
-- lib/eks_cli/cloudformation/vpc.rb
 - lib/eks_cli/config.rb
-- lib/eks_cli/ec2/security_group.rb
-- lib/eks_cli/eks/client.rb
 - lib/eks_cli/eks/cluster.rb
-- lib/eks_cli/iam/client.rb
 - lib/eks_cli/k8s/auth.rb
 - lib/eks_cli/k8s/client.rb
 - lib/eks_cli/k8s/configmap_builder.rb
@@ -200,6 +170,7 @@ files:
 - lib/eks_cli/nodegroup.rb
 - lib/eks_cli/route53/client.rb
 - lib/eks_cli/spotinst/client.rb
+- lib/eks_cli/utils/erb_resolver.rb
 - lib/eks_cli/version.rb
 - lib/eks_cli/vpc/client.rb
 homepage: https://github.com/nanit/eks_cli

data/lib/eks_cli/ec2/security_group.rb

@@ -1,53 +0,0 @@
-require 'aws-sdk-ec2'
-require 'log'
-require 'config'
-module EksCli
-  module EC2
-    class SecurityGroup
-
-      def initialize(cluster_name, open_ports)
-        @cluster_name = cluster_name
-        @open_ports = open_ports
-      end
-
-      def create
-        Log.info "creating security group for in-cluster communication for #{@cluster_name}"
-        gid = client.create_security_group(description: "Security group for in-cluster communication on #{@cluster_name}", 
-                                           group_name: "#{@cluster_name}-SG", 
-                                           vpc_id: vpc_id).group_id
-
-        Log.info "created security group #{gid}, setting ingress/egress rules"
-
-        client.authorize_security_group_ingress(group_id: gid,
-                                                ip_permissions: [{from_port: -1,
-                                                                  ip_protocol: "-1",
-                                                                  to_port: -1,
-                                                                  user_id_group_pairs: [{description: "in-cluster communication for #{@cluster_name}", 
-                                                                                         group_id: gid}]}])
-
-        @open_ports.each do |port|
-
-          client.authorize_security_group_ingress(group_id: gid,
-                                                  ip_permissions: [{from_port: port,
-                                                                    to_port: port,
-                                                                    ip_protocol: "tcp",
-                                                                    ip_ranges: [{cidr_ip: "0.0.0.0/0",
-                                                                                 description: "EKS cluster allow access on port #{port}"}]}])
-        end
-
-        Log.info "done"
-        gid
-      end
-
-      private
-
-      def vpc_id
-        Config[@cluster_name]["vpc_id"]
-      end
-
-      def client
-        @client ||= Aws::EC2::Client.new(region: Config[@cluster_name]["region"])
-      end
-    end
-  end
-end

data/lib/eks_cli/eks/client.rb

@@ -1,11 +0,0 @@
-require 'aws-sdk-eks'
-require 'config'
-module EksCli
-  module EKS
-    class Client
-      def self.get(cluster_name)
-        @client ||= Aws::EKS::Client.new(region: Config[cluster_name]["region"])
-      end
-    end
-  end
-end

data/lib/eks_cli/iam/client.rb

@@ -1,64 +0,0 @@
-require 'aws-sdk-iam'
-require 'config'
-module EksCli
-  module IAM
-    class Client
-
-      EKS_CLUSTER_POLICIES = ["AmazonEKSClusterPolicy", "AmazonEKSServicePolicy"]
-      ASSUME_ROLE = {
-        "Version" => "2012-10-17",
-        "Statement" => [
-          {
-            "Effect" => "Allow",
-            "Principal" => {
-              "Service" => "eks.amazonaws.com"
-            },
-            "Action" => "sts:AssumeRole"
-          }
-        ]
-      }
-
-      def initialize(cluster_name)
-        @cluster_name = cluster_name
-      end
-
-      def client
-        @client ||= Aws::IAM::Client.new(region: config["region"])
-      end
-
-      def config
-        @config ||= Config[@cluster_name]
-      end
-
-      def create_eks_role
-        Log.info "creating IAM cluster role for #{@cluster_name}"
-        begin 
-          role = client.get_role(role_name: role_name).role
-        rescue Aws::IAM::Errors::NoSuchEntity => e
-          role = client.create_role(role_name: role_name,
-                                    description: "created by eks cli for #{@cluster_name}",
-                                    assume_role_policy_document: ASSUME_ROLE.to_json).role
-          attach_policies(role.role_name, EKS_CLUSTER_POLICIES)
-        end
-        Log.info "created role #{role}"
-        role
-      end
-
-      def attach_policies(role_name, policies)
-        Log.info "attaching IAM policies to #{role_name}"
-        policies.each do |p|
-          client.attach_role_policy(policy_arn: arn(p),
-                                    role_name: role_name)
-        end
-      end
-
-      def arn(p)
-        "arn:aws:iam::aws:policy/#{p}"
-      end
-
-      def role_name
-        "#{@cluster_name}-EKS-Role"
-      end
-    end
-  end
-end