eks

package
v0.95.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2022 License: Apache-2.0 Imports: 91 Imported by: 36

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DoCreateFargateProfiles

func DoCreateFargateProfiles(config *api.ClusterConfig, fargateClient FargateClient) error

DoCreateFargateProfiles creates fargate profiles as specified in the config

func LoadConfigFromFile

func LoadConfigFromFile(configFile string) (*api.ClusterConfig, error)

LoadConfigFromFile loads ClusterConfig from configFile

func LogEnabledFeatures added in v0.80.0

func LogEnabledFeatures(clusterConfig *api.ClusterConfig)

LogEnabledFeatures logs enabled features

func LogWindowsCompatibility

func LogWindowsCompatibility(nodeGroups []KubeNodeGroup, clusterMeta *api.ClusterMeta)

LogWindowsCompatibility logs Windows compatibility messages

func ParseConfig added in v0.44.0

func ParseConfig(data []byte) (*api.ClusterConfig, error)

ParseConfig parses data into a ClusterConfig

func PlatformVersion

func PlatformVersion(platformVersion string) (int, error)

PlatformVersion extracts the digit X in the provided platform version eks.X

func ResolveAMI

func ResolveAMI(ctx context.Context, provider api.ClusterProvider, version string, np api.NodePool) error

ResolveAMI ensures that the node AMI is set and is available

func ScheduleCoreDNSOnFargateIfRelevant

func ScheduleCoreDNSOnFargateIfRelevant(config *api.ClusterConfig, ctl *ClusterProvider, clientSet kubernetes.Interface) error

func SetAvailabilityZones added in v0.87.0

func SetAvailabilityZones(ctx context.Context, spec *api.ClusterConfig, given []string, ec2API awsapi.EC2, region string) error

SetAvailabilityZones sets the given (or chooses) the availability zones

func SupportsWindowsWorkloads

func SupportsWindowsWorkloads(nodeGroups []KubeNodeGroup) bool

SupportsWindowsWorkloads reports whether nodeGroups can support running Windows workloads

Types

type Client

type Client struct {
	Config    *clientcmdapi.Config
	Generator TokenGenerator
	// contains filtered or unexported fields
}

Client stores information about the client config

func (*Client) NewClientSet

func (c *Client) NewClientSet() (*kubernetes.Clientset, error)

NewClientSet creates a new API client

type ClusterInfo

type ClusterInfo struct {
	Cluster *awseks.Cluster
}

ClusterInfo provides information about the cluster.

type ClusterProvider

type ClusterProvider struct {
	// core fields used for config and AWS APIs
	Provider api.ClusterProvider
	// informative fields, i.e. used as outputs
	Status *ProviderStatus
}

ClusterProvider stores information about the cluster

func New

func New(ctx context.Context, spec *api.ProviderConfig, clusterSpec *api.ClusterConfig) (*ClusterProvider, error)

New creates a new setup of the used AWS APIs

func (*ClusterProvider) CanOperate

func (c *ClusterProvider) CanOperate(spec *api.ClusterConfig) (bool, error)

CanOperate returns true when a cluster can be operated, otherwise it returns false along with an error explaining the reason

func (*ClusterProvider) CanOperateWithRefresh added in v0.85.0

func (c *ClusterProvider) CanOperateWithRefresh(spec *api.ClusterConfig) (bool, error)

CanOperateWithRefresh returns true when a cluster can be operated, otherwise it returns false along with an error explaining the reason

func (*ClusterProvider) CanUpdate

func (c *ClusterProvider) CanUpdate(spec *api.ClusterConfig) (bool, error)

CanUpdate return true when a cluster or add-ons can be updated, otherwise it returns false along with an error explaining the reason

func (*ClusterProvider) ClusterTasksForNodeGroups

func (c *ClusterProvider) ClusterTasksForNodeGroups(cfg *api.ClusterConfig, installNeuronDevicePluginParam, installNvidiaDevicePluginParam bool) *tasks.TaskTree

ClusterTasksForNodeGroups returns all tasks dependent on node groups

func (*ClusterProvider) ControlPlaneVPCInfo added in v0.40.0

func (c *ClusterProvider) ControlPlaneVPCInfo() awseks.VpcConfigResponse

ControlPlaneVPCInfo returns cached version (EKS API)

func (*ClusterProvider) ControlPlaneVersion

func (c *ClusterProvider) ControlPlaneVersion() string

ControlPlaneVersion returns cached version (EKS API)

func (*ClusterProvider) CreateExtraClusterConfigTasks

func (c *ClusterProvider) CreateExtraClusterConfigTasks(ctx context.Context, cfg *api.ClusterConfig) *tasks.TaskTree

CreateExtraClusterConfigTasks returns all tasks for updating cluster configuration not depending on the control plane availability

func (*ClusterProvider) DescribeControlPlane

func (c *ClusterProvider) DescribeControlPlane(meta *api.ClusterMeta) (*awseks.Cluster, error)

DescribeControlPlane describes the cluster control plane

func (*ClusterProvider) EnableKMSEncryption added in v0.39.0

func (c *ClusterProvider) EnableKMSEncryption(ctx context.Context, clusterConfig *api.ClusterConfig) error

EnableKMSEncryption enables KMS encryption for the specified cluster

func (*ClusterProvider) GetCluster

func (c *ClusterProvider) GetCluster(ctx context.Context, clusterName string) (*awseks.Cluster, error)

GetCluster display details of an EKS cluster in your account

func (*ClusterProvider) GetCredentialsEnv

func (c *ClusterProvider) GetCredentialsEnv() ([]string, error)

GetCredentialsEnv returns the AWS credentials for env usage

func (*ClusterProvider) GetCurrentClusterConfigForLogging

func (c *ClusterProvider) GetCurrentClusterConfigForLogging(spec *api.ClusterConfig) (sets.String, sets.String, error)

GetCurrentClusterConfigForLogging fetches current cluster logging configuration as two sets - enabled and disabled types

func (*ClusterProvider) GetCurrentClusterVPCConfig

func (c *ClusterProvider) GetCurrentClusterVPCConfig(spec *api.ClusterConfig) (*ClusterVPCConfig, error)

GetCurrentClusterVPCConfig fetches current cluster endpoint configuration for public and private access types

func (*ClusterProvider) GetNodeGroupIAM

func (c *ClusterProvider) GetNodeGroupIAM(ctx context.Context, stackManager manager.StackManager, ng *api.NodeGroup) error

GetNodeGroupIAM retrieves the IAM configuration of the given nodegroup

func (*ClusterProvider) GetUsername

func (c *ClusterProvider) GetUsername() string

GetUsername extracts the username part from the IAM role ARN

func (*ClusterProvider) IsSupportedRegion

func (c *ClusterProvider) IsSupportedRegion() bool

IsSupportedRegion check if given region is supported

func (*ClusterProvider) LoadClusterIntoSpecFromStack added in v0.40.0

func (c *ClusterProvider) LoadClusterIntoSpecFromStack(ctx context.Context, spec *api.ClusterConfig, stackManager manager.StackManager) error

LoadClusterIntoSpecFromStack uses stack information to load the cluster configuration into the spec At the moment VPC and KubernetesNetworkConfig are respected

func (*ClusterProvider) LoadClusterVPC

func (c *ClusterProvider) LoadClusterVPC(ctx context.Context, spec *api.ClusterConfig, stackManager manager.StackManager) error

LoadClusterVPC loads the VPC configuration

func (*ClusterProvider) NewClient

func (c *ClusterProvider) NewClient(spec *api.ClusterConfig) (*Client, error)

NewClient creates a new client config by embedding the STS token

func (*ClusterProvider) NewOpenIDConnectManager

func (c *ClusterProvider) NewOpenIDConnectManager(spec *api.ClusterConfig) (*iamoidc.OpenIDConnectManager, error)

NewOpenIDConnectManager returns OpenIDConnectManager

func (*ClusterProvider) NewRawClient

func (c *ClusterProvider) NewRawClient(spec *api.ClusterConfig) (*kubewrapper.RawClient, error)

NewRawClient creates a new raw REST client in one go with an embedded STS token

func (*ClusterProvider) NewStackManager

func (c *ClusterProvider) NewStackManager(spec *api.ClusterConfig) manager.StackManager

NewStackManager returns a new stack manager

func (*ClusterProvider) NewStdClientSet

func (c *ClusterProvider) NewStdClientSet(spec *api.ClusterConfig) (*kubernetes.Clientset, error)

NewStdClientSet creates a new API client in one go with an embedded STS token, this is most commonly used option

func (*ClusterProvider) RefreshClusterStatus

func (c *ClusterProvider) RefreshClusterStatus(spec *api.ClusterConfig) error

RefreshClusterStatus calls c.DescribeControlPlane and caches the results; it parses the credentials (endpoint, CA certificate) and stores them in ClusterConfig.Status, so that a Kubernetes client can be constructed; additionally it caches Kubernetes version (use ctl.ControlPlaneVersion to retrieve it) and other properties in c.Status.cachedClusterInfo

func (*ClusterProvider) RefreshClusterStatusIfStale added in v0.73.0

func (c *ClusterProvider) RefreshClusterStatusIfStale(spec *api.ClusterConfig) error

RefreshClusterStatusIfStale refreshes the cluster status if enough time has passed since the last refresh

func (*ClusterProvider) ServerVersion added in v0.53.0

func (c *ClusterProvider) ServerVersion(rawClient *kubewrapper.RawClient) (string, error)

ServerVersion will use discovery API to fetch version of Kubernetes control plane

func (*ClusterProvider) UpdateAuthConfigMap added in v0.53.0

func (c *ClusterProvider) UpdateAuthConfigMap(nodeGroups []*api.NodeGroup, clientSet kubernetes.Interface) error

UpdateAuthConfigMap creates or adds a nodegroup IAM role in the auth ConfigMap for the given nodegroup.

func (*ClusterProvider) UpdateClusterConfigForEndpoints

func (c *ClusterProvider) UpdateClusterConfigForEndpoints(cfg *api.ClusterConfig) error

UpdateClusterConfigForEndpoints calls eks.UpdateClusterConfig and updates access to API endpoints

func (*ClusterProvider) UpdateClusterConfigForLogging

func (c *ClusterProvider) UpdateClusterConfigForLogging(cfg *api.ClusterConfig) error

UpdateClusterConfigForLogging calls UpdateClusterConfig to enable logging

func (*ClusterProvider) UpdateClusterVersion

func (c *ClusterProvider) UpdateClusterVersion(cfg *api.ClusterConfig) (*eks.Update, error)

UpdateClusterVersion calls eks.UpdateClusterVersion and updates to cfg.Metadata.Version, it will return update ID along with an error (if it occurs)

func (*ClusterProvider) UpdateClusterVersionBlocking

func (c *ClusterProvider) UpdateClusterVersionBlocking(cfg *api.ClusterConfig) error

UpdateClusterVersionBlocking calls UpdateClusterVersion and blocks until update operation is successful

func (*ClusterProvider) UpdatePublicAccessCIDRs

func (c *ClusterProvider) UpdatePublicAccessCIDRs(clusterConfig *api.ClusterConfig) error

UpdatePublicAccessCIDRs calls eks.UpdateClusterConfig and updates the CIDRs for public access

func (*ClusterProvider) ValidateClusterForCompatibility

func (c *ClusterProvider) ValidateClusterForCompatibility(ctx context.Context, cfg *api.ClusterConfig, stackManager manager.StackManager) error

ValidateClusterForCompatibility looks at the cluster stack and check if it's compatible with current nodegroup configuration, if it find issues it returns an error

func (*ClusterProvider) WaitForControlPlane

func (c *ClusterProvider) WaitForControlPlane(meta *api.ClusterMeta, clientSet *kubernetes.Clientset) error

WaitForControlPlane waits till the control plane is ready

func (*ClusterProvider) WaitForNodes

func (c *ClusterProvider) WaitForNodes(clientSet kubernetes.Interface, ng KubeNodeGroup) error

WaitForNodes waits till the nodes are ready

type ClusterVPCConfig

type ClusterVPCConfig struct {
	ClusterEndpoints  *api.ClusterEndpoints
	PublicAccessCIDRs []string
}

ClusterVPCConfig represents a cluster's VPC configuration

type FargateClient

type FargateClient interface {
	CreateProfile(profile *api.FargateProfile, waitForCreation bool) error
}

type Generator added in v0.92.0

type Generator struct {
	// contains filtered or unexported fields
}

Generator provides a token generating functionality using a signed STS CallerIdentity call.

func NewGenerator added in v0.92.0

func NewGenerator(client api.STSPresigner, clock credentials.Clock) Generator

func (Generator) GetWithSTS added in v0.92.0

func (g Generator) GetWithSTS(ctx context.Context, clusterID string) (Token, error)

GetWithSTS returns a token valid for clusterID using the given STS client. This implementation follows the steps outlined here: https://github.com/kubernetes-sigs/aws-iam-authenticator#api-authorization-from-outside-a-cluster We either add this implementation or have to maintain two versions of STS since aws-iam-authenticator is not switching over to aws-go-sdk-v2.

type InstanceSelector added in v0.45.0

type InstanceSelector interface {
	// Filter returns a set of instance types matching the specified instance selector filters
	Filter(selector.Filters) ([]string, error)
}

InstanceSelector selects a set of instance types matching the specified instance selector criteria

type KubeNodeGroup

type KubeNodeGroup interface {
	// NameString returns the name
	NameString() string
	// Size returns the number of the nodes (desired capacity)
	Size() int
	// ListOptions returns the selector for listing nodes in this nodegroup
	ListOptions() metav1.ListOptions
	// GetAMIFamily returns the AMI family
	GetAMIFamily() string
}

KubeNodeGroup defines a set of Kubernetes Nodes

type KubeProvider added in v0.53.0

type KubeProvider interface {
	NewRawClient(spec *api.ClusterConfig) (*kubewrapper.RawClient, error)
	ServerVersion(rawClient *kubernetes.RawClient) (string, error)
	LoadClusterIntoSpecFromStack(ctx context.Context, spec *api.ClusterConfig, stackManager manager.StackManager) error
	ValidateClusterForCompatibility(ctx context.Context, cfg *api.ClusterConfig, stackManager manager.StackManager) error
	UpdateAuthConfigMap(nodeGroups []*api.NodeGroup, clientSet kubernetes.Interface) error
	WaitForNodes(clientSet kubernetes.Interface, ng KubeNodeGroup) error
}

KubeProvider is an interface with helper funcs for k8s and EKS that are part of ClusterProvider

type LoggingRetryer

type LoggingRetryer struct {
	client.DefaultRetryer
	// contains filtered or unexported fields
}

LoggingRetryer adds some logging when we are retrying, so we have some idea what is happening Right now it is very basic - e.g. it only logs when we retry (so doesn't log when we fail due to too many retries) It was copied from k8s.io/kops/upup/pkg/fi/cloudup/awsup/logging_retryer.go; the original version used glog, and didn't export the constructor

func (LoggingRetryer) RetryRules

func (l LoggingRetryer) RetryRules(r *request.Request) time.Duration

RetryRules extends on DefaultRetryer.RetryRules

func (LoggingRetryer) ShouldRetry added in v0.39.0

func (l LoggingRetryer) ShouldRetry(r *request.Request) bool

ShouldRetry uses DefaultRetryer.ShouldRetry but also checks for non-retryable EC2MetadataError (see #2564)

type NodeGroupInitialiser added in v0.53.0

type NodeGroupInitialiser interface {
	Normalize(ctx context.Context, nodePools []api.NodePool, clusterMeta *api.ClusterMeta) error
	ExpandInstanceSelectorOptions(nodePools []api.NodePool, clusterAZs []string) error
	NewAWSSelectorSession(provider api.ClusterProvider)
	ValidateLegacySubnetsForNodeGroups(ctx context.Context, spec *api.ClusterConfig, provider api.ClusterProvider) error
	DoesAWSNodeUseIRSA(ctx context.Context, provider api.ClusterProvider, clientSet kubernetes.Interface) (bool, error)
	DoAllNodegroupStackTasks(taskTree *tasks.TaskTree, region, name string) error
	ValidateExistingNodeGroupsForCompatibility(ctx context.Context, cfg *api.ClusterConfig, stackManager manager.StackManager) error
}

NodeGroupInitialiser is an interface that provides helpers for nodegroup creation.

type NodeGroupService

type NodeGroupService struct {
	Provider api.ClusterProvider
	// contains filtered or unexported fields
}

A NodeGroupService provides helpers for nodegroup creation

func NewNodeGroupService

func NewNodeGroupService(provider api.ClusterProvider, instanceSelector InstanceSelector) *NodeGroupService

NewNodeGroupService creates a new NodeGroupService

func (*NodeGroupService) DoAllNodegroupStackTasks added in v0.53.0

func (m *NodeGroupService) DoAllNodegroupStackTasks(taskTree *tasks.TaskTree, region, name string) error

DoAllNodegroupStackTasks iterates over nodegroup tasks and returns any errors.

func (*NodeGroupService) DoesAWSNodeUseIRSA added in v0.53.0

func (n *NodeGroupService) DoesAWSNodeUseIRSA(ctx context.Context, provider api.ClusterProvider, clientSet kubernetes.Interface) (bool, error)

DoesAWSNodeUseIRSA evaluates whether an aws-node uses IRSA

func (*NodeGroupService) ExpandInstanceSelectorOptions added in v0.44.0

func (m *NodeGroupService) ExpandInstanceSelectorOptions(nodePools []api.NodePool, clusterAZs []string) error

ExpandInstanceSelectorOptions sets instance types to instances matched by the instance selector criteria

func (*NodeGroupService) NewAWSSelectorSession added in v0.53.0

func (m *NodeGroupService) NewAWSSelectorSession(provider api.ClusterProvider)

NewAWSSelectorSession returns a new instance of Selector provided an aws session

func (*NodeGroupService) Normalize

func (m *NodeGroupService) Normalize(ctx context.Context, nodePools []api.NodePool, clusterMeta *api.ClusterMeta) error

Normalize normalizes nodegroups

func (*NodeGroupService) ValidateExistingNodeGroupsForCompatibility added in v0.53.0

func (m *NodeGroupService) ValidateExistingNodeGroupsForCompatibility(ctx context.Context, cfg *api.ClusterConfig, stackManager manager.StackManager) error

ValidateExistingNodeGroupsForCompatibility looks at each of the existing nodegroups and validates configuration, if it find issues it logs messages

func (*NodeGroupService) ValidateLegacySubnetsForNodeGroups added in v0.53.0

func (m *NodeGroupService) ValidateLegacySubnetsForNodeGroups(ctx context.Context, spec *api.ClusterConfig, provider api.ClusterProvider) error

type ProviderServices

type ProviderServices struct {
	*ServicesV2
	// contains filtered or unexported fields
}

ProviderServices stores the used APIs

func (ProviderServices) ASG added in v0.39.0

func (p ProviderServices) ASG() awsapi.ASG

ASG returns a representation of the AutoScaling API

func (ProviderServices) CloudFormationDisableRollback

func (p ProviderServices) CloudFormationDisableRollback() bool

CloudFormationDisableRollback returns whether stacks should not rollback on failure

func (ProviderServices) CloudFormationRoleARN

func (p ProviderServices) CloudFormationRoleARN() string

CloudFormationRoleARN returns, if any, a service role used by CloudFormation to call AWS API on your behalf

func (ProviderServices) CloudTrail

func (p ProviderServices) CloudTrail() awsapi.CloudTrail

CloudTrail returns a representation of the CloudTrail API

func (ProviderServices) CloudWatchLogs added in v0.73.0

func (p ProviderServices) CloudWatchLogs() awsapi.CloudWatchLogs

CloudWatchLogs returns a representation of the CloudWatchLogs API.

func (ProviderServices) ConfigProvider added in v0.39.0

func (p ProviderServices) ConfigProvider() client.ConfigProvider

func (ProviderServices) EKS

EKS returns a representation of the EKS API

func (ProviderServices) Profile

func (p ProviderServices) Profile() string

Profile returns provider-level profile name

func (ProviderServices) Region

func (p ProviderServices) Region() string

Region returns provider-level region setting

func (ProviderServices) Session added in v0.45.0

func (p ProviderServices) Session() *session.Session

func (ProviderServices) WaitTimeout

func (p ProviderServices) WaitTimeout() time.Duration

WaitTimeout returns provider-level duration after which any wait operation has to timeout

type ProviderStatus

type ProviderStatus struct {
	ClusterInfo *ClusterInfo
	// contains filtered or unexported fields
}

ProviderStatus stores information about the used IAM role and the resulting session

type RetryerV2 added in v0.90.0

type RetryerV2 struct {
	aws.Retryer
}

RetryerV2 implements aws.Retryer

func NewRetryerV2 added in v0.90.0

func NewRetryerV2() *RetryerV2

NewRetryerV2 returns a new *RetryerV2

func (*RetryerV2) IsErrorRetryable added in v0.90.0

func (r *RetryerV2) IsErrorRetryable(err error) bool

IsErrorRetryable implements aws.Retryer

type ServicesV2 added in v0.90.0

type ServicesV2 struct {
	// contains filtered or unexported fields
}

ServicesV2 implements api.ServicesV2. The SDK clients are initialized lazily and guarded by a mutex.

func (*ServicesV2) CloudFormation added in v0.95.0

func (s *ServicesV2) CloudFormation() awsapi.CloudFormation

CloudFormationV2 implements the AWS CloudFormation service.

func (*ServicesV2) EC2 added in v0.94.0

func (s *ServicesV2) EC2() awsapi.EC2

EC2 implements the AWS EC2 service.

func (*ServicesV2) ELB added in v0.91.0

func (s *ServicesV2) ELB() awsapi.ELB

ELB implements the AWS ELB service.

func (*ServicesV2) ELBV2 added in v0.91.0

func (s *ServicesV2) ELBV2() awsapi.ELBV2

ELBV2 implements the ELBV2 service.

func (*ServicesV2) IAM added in v0.94.0

func (s *ServicesV2) IAM() awsapi.IAM

IAM implements the AWS IAM service.

func (*ServicesV2) SSM added in v0.91.0

func (s *ServicesV2) SSM() awsapi.SSM

SSM implements the AWS SSM service.

func (*ServicesV2) STS added in v0.92.0

func (s *ServicesV2) STS() awsapi.STS

STS implements the AWS STS service.

func (*ServicesV2) STSPresigner added in v0.92.0

func (s *ServicesV2) STSPresigner() api.STSPresigner

STSPresign provides a signed STS client for calls to Kubernetes.

type Token added in v0.92.0

type Token struct {
	Token      string
	Expiration time.Time
}

Token is generated and used by Kubernetes client-go to authenticate with a Kubernetes cluster.

type TokenGenerator added in v0.92.0

type TokenGenerator interface {
	GetWithSTS(ctx context.Context, clusterID string) (Token, error)
}

TokenGenerator defines a token generator using STS.

type UnsupportedOIDCError

type UnsupportedOIDCError struct {
	// contains filtered or unexported fields
}

UnsupportedOIDCError represents an unsupported OIDC error

func (*UnsupportedOIDCError) Error

func (u *UnsupportedOIDCError) Error() string

type VPCControllerTask

type VPCControllerTask struct {
	Context         context.Context
	Info            string
	ClusterProvider *ClusterProvider
	ClusterConfig   *api.ClusterConfig
	PlanMode        bool
}

VPCControllerTask represents a task to install the VPC controller

func (*VPCControllerTask) Describe

func (v *VPCControllerTask) Describe() string

Describe implements Task

func (*VPCControllerTask) Do

func (v *VPCControllerTask) Do(errCh chan error) error

Do implements Task

type WindowsIPAMTask added in v0.74.0

type WindowsIPAMTask struct {
	Info          string
	ClientsetFunc func() (kubernetes.Interface, error)
}

WindowsIPAMTask is a task for enabling Windows IPAM.

func (*WindowsIPAMTask) Describe added in v0.74.0

func (w *WindowsIPAMTask) Describe() string

Describe implements Task.

func (*WindowsIPAMTask) Do added in v0.74.0

func (w *WindowsIPAMTask) Do(errCh chan error) error

Do implements Task.

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL