ekstrap
ekstrap is a simple tool to bootstrap the configuration on Kuberntes nodes so that they may join an EKS cluster.
Usage
When run on an ec2 node ekstrap performs several tasks.
- Discovers the name of your EKS cluster by looking for the
kubernetes.io/cluster/<name>
tag.
- Discovers the endpoint and CA certificate of your EKS cluster.
- Updates the hostname of the node to match the
PrivateDnsName
from the EC2 API.
- Writes a kubeconfig file configured to connect to your EKS cluster to
/var/lib/kubelet/kubeconfig
.
- Writes a systemd unit file to
/lib/systemd/system/kubelet.service
.
- Writes the cluster CA certificate to
/etc/kubernetes/pki/ca.crt
.
- Calculates an appropriate value for for --kube-reserved
- Restarts the kubelet unit.
In order to run ekstrap your instance should have an IAM instance profile that allows the EC2::DescribeInstances
action and the EKS::DescribeCluster
action. Both of these actions are already included in the AWS managed policy arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
along with the other permissions that the kubelet requires to connect to your cluster, it is recommended therefore to simply attach this policy to your instance role/profile.
If you wish to provide extra aruguments to the kubelet you can create a drop-in that sets the KUBELET_EXTRA_ARGS
environment variable.
For example to taint nodes with GPU hardware you could add:
/etc/systemd/system/kubelet.service.d/40-kubelet-extra-args.conf
[Service]
Environment='KUBELET_EXTRA_ARGS=--register-with-taints="gpu=true:PreferNoSchedule"'
Installation
The simplest way to install ekstrap is to use our packagecloud repository.
If installed with the package a systemd unit will be installed and enabled, (but not started) so ekstrap will be run on the next boot.
Debian / Ubuntu
Follow the instructions here to add our repository.
Or run:
curl -s https://packagecloud.io/install/repositories/errm/ekstrap/script.deb.sh | sudo bash
Then install ekstrap:
sudo apt-get install ekstrap
Fedora / RHEL / Amazon Linux
Follow the instructions here to add our repository.
For Amazon Linux use the string for Enterprise Linux 6 (el/6)
Or run:
curl -s https://packagecloud.io/install/repositories/errm/ekstrap/script.rpm.sh | sudo bash
Then install ekstrap:
sudo yum install ekstrap
Manual Instalation
ekstrap is also distributed as a static binary so can be installed on any appropriate system with simple tools.
$ curl -LO https://github.com/errm/ekstrap/releases/download/v0.0.4/ekstrap_0.0.4_linux_x86_64
You should check that the provided checksums match before you use the binary.
$ curl -LO https://github.com/errm/ekstrap/releases/download/v0.0.4/ekstrap_checksums.txt
$ sha256sum -c ekstrap_checksums.txt
ekstrap_0.0.4_linux_x86_64: OK
Install the ekstrap binary into a suitable location e.g. /usr/sbin/ekstrap
$ install -m755 ekstrap_0.0.4_linux_x86_64 /usr/sbin/ekstrap
You might choose to run ekstrap with a oneshot unit
[Unit]
Description=Configures Kubernetes EKS Worker Node
Before=kubelet.service
[Service]
Type=oneshot
ExecStart=/usr/sbin/ekstrap
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
Remember that because ekstrap writes config files with strict permissions and interacts with the init system, it needs to run as root.
Build from source
- Install go
- Checkout the git repo / grab the latest source tarball
- Copy the source to $GOPATH/src/github.com/errm/ekstrap
- Run
make install
Development
make
Will run the tests and build a binary
Linting
We run some linting processes on GolangCI
To run locally: make lint
Dependencies
To build ekstrap you need go
If you want a tiny binary, install upx and run the make compress
task.
ekstrap currently only works with systemd, if you want us to support another init system please comment here https://github.com/errm/ekstrap/issues/28.
Contributing
If you want to contribute to this tool:
- Thank You!
- Open an issue
- Or a PR
- Try to write tests if you are adding code / features
Thanks
License
Apache 2.0