A Kuberhealthy check to make sure the AWS AMIs in use still exist.
The Kuberhealthy Get AMI Check gathers the list Nodes, finds the AWS Instances, creates a unique list of AMI IDs, and verifies that the AMI(s) still exist.
A big shout-out and thank you goes to Comcast for writing Kuberhealthy
A large part of this check is due to the preceding work done https://github.com/Comcast/kuberhealthy/tree/master/cmd/ami-check
apiVersion: comcast.github.io/v1
kind: KuberhealthyCheck
metadata:
name: ami-exists
spec:
runInterval: 30m
timeout: 1m
extraAnnotations:
iam.amazonaws.com/role: <role-arn> # Replace this value with your ARN
iam.amazonaws.com/external-id: <role-external-id> # Use this if kube2iam is using external-id for roles
podSpec:
serviceAccountName: khcheck-ami-exists
containers:
- name: main
image: ghcr.io/mtougeron/khcheck-ami-exists:latest # Change to a specific version
imagePullPolicy: IfNotPresent
env:
- name: DEBUG
value: "1"
- name: AWS_REGION
value: "<region name>" # The region your cluster runs inMake sure you are using the latest release of Kuberhealthy 2.x
Create the AWS Role that will be assumed so that the check has access to ec2:DescribeInstances & ec2:DescribeImages using the example role policy.
Run kubectl apply against example spec file. NOTE: This also installs the ClusterRole and RoleBinding to allow the check to get the list of Nodes running in the cluster.
kubectl apply -f khcheck-ami-exists.yaml -n kuberhealthyImages are available on the GitHub Container Registry and DockerHub
This project is licensed under the Apache V2 License. See LICENSE for more information.