AWS Service Operator allows you to create AWS resources using kubectl.
Clone or download
christopherhein Merge pull request #143 from christopherhein/chore/add-bash-completion
Adding bash completion for codegen and for the server
Latest commit 9fcf5ca Dec 5, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Adding Governance Files for OSS Sep 28, 2018
charts/aws-service-operator Add aws-service-operator helm chart Oct 24, 2018
cloudformation Adding Updated CloudFormation Templates Nov 28, 2018
cmd/aws-service-operator Merge pull request #143 from christopherhein/chore/add-bash-completion Dec 5, 2018
code-generation Merge pull request #143 from christopherhein/chore/add-bash-completion Dec 5, 2018
configs Adding code generated code Nov 28, 2018
examples Adding Updated CloudFormation Templates Nov 28, 2018
hack Fix generation of deepcopy funcs Oct 17, 2018
models Adding Code Generation Files and Supporting the Resource lists Oct 16, 2018
pkg Adding code generation for non-pointer config Nov 28, 2018
vendor added vendored deps + codegen assets Oct 25, 2018
.generated_files Adding Source for removing Opkit managing CRDs Oct 16, 2018
.gitignore Using AWS Service Operator Name Sep 29, 2018
.goreleaser.yml Configures New Project Repo awslabs/aws-service-operator Oct 1, 2018
Dockerfile Using AWS Service Operator Name Sep 29, 2018
Gopkg.lock added vendored deps + codegen assets Oct 25, 2018
Gopkg.toml Adding vendored code for removing opkit resources Oct 16, 2018
LICENSE.txt Adding Governance Files for OSS Sep 28, 2018
Makefile let codegen makefile handle more logic Oct 22, 2018
NOTICE Adding Governance Files for OSS Sep 28, 2018
OWNERS Adding an OWNERS file for reviewers and approvers Sep 27, 2018
aws-service-operator-example.gif - Renamed k8s resources to reflect new project name Sep 18, 2018
code_of_conduct.adoc Adding Governance Files for OSS Sep 28, 2018
contributing.adoc Adding Governance Files for OSS Sep 28, 2018
development.adoc Updating the developer documentation Nov 28, 2018
readme.adoc Add aws-service-operator helm chart Oct 24, 2018

readme.adoc

AWS Service Operator

The AWS Service Operator allows you to manage AWS resources using Kubernetes Custom Resource Definitions.

Using the AWS Service Operator enables a gitops workflow to drive your infrastructure to the desired state leveraging Kubernetes Custom Resource Definitions (CRD), the Kubernetes internal control loop, and AWS CloudFormation orchestration. Read more about "operators" here.

aws service operator example

Prerequisites

To get started you will need

Getting Started

Make sure your Kubernetes cluster is up and running and you’ve configured your awscli for the approriate account and region you’ll be working in.

IAM permissions management

You will need to install an IAM management layer such as kube2iam. This will allow you to use an AWS IAM role to manage a pod’s access to AWS resources.

To get started with kube2iam go here or check out the helm chart

The aws-service-operator runs as a pod in your Kubernetes cluster and listens for new aws type CRDs. When a new CRD is created the operator will create the resource in AWS via CloudFormation and create a Kubernetes Service for access within the cluster.

Create an IAM role for the aws-service-operator

The `K8S_WORKER_NODE_IAM_ROLE` is the IAM role assigned to your kubernetes worker instances.
aws cloudformation create-stack \
  --stack-name aws-service-operator-role \
  --capabilities CAPABILITY_NAMED_IAM \
  --template-body file://configs/aws-service-operator-role.yaml \
  --parameters \
    ParameterKey=WorkerArn,ParameterValue=<K8S_WORKER_NODE_IAM_ROLE>

Your resulting IAM role arn should look something like arn:aws:iam::<ACCOUNT_ID>:role/aws-service-operator

Deploy the aws-service-operator

Before applying these resources make sure to replace the following placeholders with the approriate information in configs/aws-service-operator.yaml

  • <ACCOUNT_ID> - Your AWS Account ID

  • <REGION> - The AWS Region you’re working in

  • <CLUSTER_NAME> - The name of your cluster

  • <BUCKET_NAME> - (optional) The operator stores certain things in s3 create a bucket or provide an existing bucket for the operator to use i.e. aws s3 mb s3://foobar

1. Create the operator
kubectl apply -f configs/aws-service-operator.yaml
2. Create the CloudFormation templates (cft) used by the operator
kubectl apply -f examples/cloudformationtemplates
3. (optional) Follow the operator logs
kubectl logs -f -n aws-service-operator deploy/aws-service-operator
4. Create an ECR repository with the operator
kubectl apply -f examples/ecrrepository.yaml

The operator will communicate directly with CloudFormation to create the ECR repository using the parameters you have passed in. If you’d like to see the progress you can view the status directly via kubectl.

5. Check the ecr resource in Kubernetes
kubectl describe ecr example-repository-name

Removing everything

If you would like to tear everything down - run the following commands.

IMPORTANT this will not remove anything you created with the AWS CLI (ECR repo for the operator itself, IAM roles etc.)

kubectl delete ecr example-repository-name
kubectl get crd | grep ".operator.aws" | awk '{print $1}' | xargs kubectl delete crd
kubectl delete -f configs/aws-service-operator.yaml