Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

flatcar-eks: facilitate provisioning EKS workers #794

Merged
merged 1 commit into from Jan 22, 2021

Conversation

margamanterola
Copy link
Contributor

@margamanterola margamanterola commented Jan 22, 2021

Facilitate provisioning EKS workers

This change adds a new flatcar-eks package, that ships with all scripts
needed to join a Flatcar instance to an EKS cluster.

It includes the bootstrap.sh script used on Amazon Linux, to keep
compatibility with existing provisioning tools.

The package is included from the oem-ec2-compat package, when the board
is aws_pro, and it's part of board-packages, so that it's built by the
os/board/packages job.

How to use / Testing done

Using and testing this change takes time and effort.

  1. Build the flatcar-eks package, then build the an ami_vmdk_pro image, with use flag aws_pro. This will include the flatcar-eks package in the image, as well as the ignition config. This can be done in the CI by using the marga-kinvolk/aws-pro branch from the flatcar-scripts repo.
  2. Upload the AMI to Amazon
  3. Create an EKS cluster and provision worker nodes with that AMI, by creating a Launch template and then adding a Node Group with that Launch template.
  4. The nodes should become healthy after they've been provisioned and it should be possible to interact with them with kubectl provided the right config (still working on coming up with clear instructions for this last part).

Node Configuration

The workers need to be assigned a role with these four policies:

  • arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
  • arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
  • arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
  • arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

And the userdata needs to be:

#!/bin/bash
/usr/share/oem/eks/bootstrap.sh <cluster-name>

Note for reviewers

The package includes some files taken from an Amazon repo. Some are taken verbatim, while others are modified to fit our needs. I suggest starting the review by looking at the ebuild file, which will make clear where things come from.

Copy link
Contributor

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some initial things I found by reading.

coreos-base/flatcar-eks/files/download-kubelet.sh Outdated Show resolved Hide resolved
coreos-base/flatcar-eks/files/download-kubelet.sh Outdated Show resolved Hide resolved
@margamanterola margamanterola force-pushed the marga-kinvolk/eks branch 2 times, most recently from 00e6cde to be7bc67 Compare January 22, 2021 13:28
This change adds a new flatcar-eks package, that ships with all scripts
needed to join a Flatcar instance to an EKS cluster.

It includes the bootstrap.sh script used on Amazon Linux, to keep
compatibility with existing provisioning tools.

The package is included from the oem-ec2-compat package, when the board
is aws_pro, and it's part of board-packages, so that it's built by the
os/board/packages job.
@margamanterola margamanterola merged commit bb61826 into main Jan 22, 2021
@margamanterola margamanterola deleted the marga-kinvolk/eks branch January 22, 2021 17:30
margamanterola added a commit that referenced this pull request Jan 25, 2021
flatcar-eks: facilitate provisioning EKS workers
margamanterola added a commit that referenced this pull request Jan 25, 2021
flatcar-eks: facilitate provisioning EKS workers
@margamanterola
Copy link
Contributor Author

Cherry picked to flatcar-2605 and flatcar-2705

pothos added a commit that referenced this pull request Feb 1, 2021
flatcar-eks: facilitate provisioning EKS workers
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
2 participants