From a2434ec0a131c43488b597896382565ddc89cf1e Mon Sep 17 00:00:00 2001 From: Matt Date: Sun, 10 Dec 2023 17:55:08 -0800 Subject: [PATCH] Update get-ecr-uri.sh with ca-west-1 account (#1542) --- bootstrap-v2-launch.sh | 129 +++++++++++++++ eks-worker-al2023-variables.json | 39 +++++ eks-worker-al2023.json | 269 +++++++++++++++++++++++++++++++ files/get-ecr-uri.sh | 3 + 4 files changed, 440 insertions(+) create mode 100755 bootstrap-v2-launch.sh create mode 100644 eks-worker-al2023-variables.json create mode 100644 eks-worker-al2023.json diff --git a/bootstrap-v2-launch.sh b/bootstrap-v2-launch.sh new file mode 100755 index 000000000..87a6fc723 --- /dev/null +++ b/bootstrap-v2-launch.sh @@ -0,0 +1,129 @@ +#!/usr/bin/env bash + +set -euo pipefail + +VERSION=1.28 + +CURRENT_DIR=$(pwd) +BOOTSTRAP_PROJECT_DIR=$(pwd)/nodeadm + +cd $BOOTSTRAP_PROJECT_DIR +make clean build +go test ./... +make dist +cd $CURRENT_DIR + +build() { + output=$(PACKER_TEMPLATE_FILE=./eks-worker-al2023.json \ + PACKER_DEFAULT_VARIABLE_FILE=./eks-worker-al2023-variables.json \ + make $VERSION | tee /dev/tty || true) + ami_id=$(echo $output | grep 'ami-\w\+' | tail -1 | sed "s/.*\(ami-\w\+\).*/\1/g") +} + +if [ -z "${1:-}" ]; then + build + + if [[ $output = *"used by an existing AMI"* ]]; then + echo "removing existing ami $ami_id..." + aws ec2 deregister-image --image-id $ami_id + build + fi + + echo "ami-id=$ami_id" +else + ami_id=$1 +fi + +# deploy the nodegroup + +if [ ! -z "${NODEPLOY:-}" ]; then + exit +fi + +TEST_DIR=$(mktemp -d) +echo "temp dir: $TEST_DIR" + +# Generated +TEST_CONFIG_PATH=$TEST_DIR/bootstrap-v2-config.yaml +LT_DATA_PATH=$TEST_DIR/bootstrap-v2-launch-template.json + +CLUSTER_NAME=bootstrap-v2-cluster +NODEGROUP_NAME=bootstrap-v2-nodegroup +LT_NAME=bootstrap-v2-launch-template + +API_SERVER_ENDPOINT=$(aws eks describe-cluster --name $CLUSTER_NAME --query cluster.endpoint --output text) +CERTIFICATE_AUTHORITY=$(aws eks describe-cluster --name $CLUSTER_NAME --query cluster.certificateAuthority.data --output text) + +# Dependency +tempfile=$(mktemp) +cat > $tempfile << EOF +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" + +--==MYBOUNDARY== +Content-Type: text/x-shellscript; charset=us-ascii + +#!/bin/bash +/usr/bin/nodeadm init + +--==MYBOUNDARY== +Content-Type: application/node.eks.aws + +--- +apiVersion: node.eks.aws/v1alpha1 +kind: NodeConfig +metadata: + name: example +spec: + cluster: + name: $CLUSTER_NAME + apiServerEndpoint: $API_SERVER_ENDPOINT + certificateAuthority: $CERTIFICATE_AUTHORITY + region: us-west-2 + ipFamily: ipv4 + +--==MYBOUNDARY==-- +EOF + +echo -e ">>> UserData <<<\n$(cat $tempfile)" +userdata=$(cat $tempfile | base64 -w 0) +echo -e ">>> UserDataB64 <<<\n$userdata" + +# launch a nodegroup using this ami and make sure that is properly configured +cat > $LT_DATA_PATH << EOF +{ + "ImageId": "$ami_id", + "InstanceType": "m5.large", + "UserData": "$userdata" +} +EOF + +aws ec2 delete-launch-template --launch-template-name $LT_NAME 2>&1>/dev/null || true + +LT_ID=$(aws ec2 create-launch-template \ + --launch-template-name $LT_NAME \ + --launch-template-data file://$LT_DATA_PATH \ + --query LaunchTemplate.LaunchTemplateId \ + --output text) +echo "LT_ID=$LT_ID" + +cat > $TEST_CONFIG_PATH << EOF +--- +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: $CLUSTER_NAME + region: us-west-2 + +managedNodeGroups: + - name: $NODEGROUP_NAME + desiredCapacity: 1 + launchTemplate: + id: $LT_ID +EOF + +eksctl create nodegroup -f $TEST_CONFIG_PATH || true +read -t 3600 -p "pausing for 1 hour.." || true +eksctl delete nodegroup -f $TEST_CONFIG_PATH --approve --wait + diff --git a/eks-worker-al2023-variables.json b/eks-worker-al2023-variables.json new file mode 100644 index 000000000..123c4ca89 --- /dev/null +++ b/eks-worker-al2023-variables.json @@ -0,0 +1,39 @@ +{ + "additional_yum_repos": "", + "ami_component_description": "(k8s: {{ user `kubernetes_version` }}, containerd: {{ user `containerd_version` }})", + "ami_description": "EKS-optimized Kubernetes node based on Amazon Linux 2023", + "ami_regions": "", + "ami_users": "", + "associate_public_ip_address": "", + "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}", + "aws_region": "us-west-2", + "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", + "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}", + "binary_bucket_name": "amazon-eks", + "binary_bucket_region": "us-west-2", + "cache_container_images": "false", + "cni_plugin_version": "v1.2.0", + "containerd_version": "*", + "creator": "{{env `USER`}}", + "docker_version": "", + "enable_fips": "false", + "encrypted": "false", + "kernel_version": "", + "kms_key_id": "", + "launch_block_device_mappings_volume_size": "4", + "pause_container_version": "3.5", + "pull_cni_from_github": "true", + "remote_folder": "/tmp", + "runc_version": "*", + "security_group_id": "", + "source_ami_filter_name": "al2023-ami-minimal-2023.*-kernel-6.1-x86_64", + "source_ami_id": "", + "source_ami_owners": "137112412989", + "ssh_interface": "", + "ssh_username": "ec2-user", + "ssm_agent_version": "", + "subnet_id": "", + "temporary_security_group_source_cidrs": "", + "volume_type": "gp3", + "working_dir": "{{user `remote_folder`}}/worker" +} diff --git a/eks-worker-al2023.json b/eks-worker-al2023.json new file mode 100644 index 000000000..2fcda5aa0 --- /dev/null +++ b/eks-worker-al2023.json @@ -0,0 +1,269 @@ +{ + "_comment": "All template variables are enumerated here; and most variables have a default value defined in eks-worker-al2023-variables.json", + "variables": { + "additional_yum_repos": null, + "ami_component_description": null, + "ami_description": null, + "ami_name": null, + "ami_regions": null, + "ami_users": null, + "arch": null, + "associate_public_ip_address": null, + "aws_access_key_id": null, + "aws_region": null, + "aws_secret_access_key": null, + "aws_session_token": null, + "binary_bucket_name": null, + "binary_bucket_region": null, + "cache_container_images": null, + "cni_plugin_version": null, + "containerd_version": null, + "creator": null, + "docker_version": null, + "encrypted": null, + "enable_fips": null, + "instance_type": null, + "kernel_version": null, + "kms_key_id": null, + "kubernetes_build_date": null, + "kubernetes_version": null, + "launch_block_device_mappings_volume_size": null, + "pause_container_version": null, + "pull_cni_from_github": null, + "remote_folder": null, + "runc_version": null, + "security_group_id": null, + "source_ami_filter_name": null, + "source_ami_id": null, + "source_ami_owners": null, + "ssh_interface": null, + "ssh_username": null, + "ssm_agent_version": null, + "subnet_id": null, + "temporary_security_group_source_cidrs": null, + "volume_type": null, + "working_dir": null, + "temporary_key_pair_type": "ed25519" + }, + "builders": [ + { + "type": "amazon-ebs", + "region": "{{user `aws_region`}}", + "source_ami": "{{user `source_ami_id`}}", + "ami_users": "{{user `ami_users`}}", + "snapshot_users": "{{user `ami_users`}}", + "source_ami_filter": { + "filters": { + "name": "{{user `source_ami_filter_name`}}", + "architecture": "{{user `arch`}}", + "root-device-type": "ebs", + "state": "available", + "virtualization-type": "hvm" + }, + "owners": [ + "{{user `source_ami_owners`}}" + ], + "most_recent": true + }, + "instance_type": "{{user `instance_type`}}", + "launch_block_device_mappings": [ + { + "device_name": "/dev/xvda", + "volume_type": "{{user `volume_type`}}", + "volume_size": "{{user `launch_block_device_mappings_volume_size`}}", + "delete_on_termination": true + } + ], + "ami_block_device_mappings": [ + { + "device_name": "/dev/xvda", + "volume_type": "{{user `volume_type`}}", + "volume_size": 20, + "delete_on_termination": true + } + ], + "aws_polling": { + "delay_seconds": 30, + "max_attempts": 90 + }, + "ami_regions": "{{user `ami_regions`}}", + "ssh_username": "{{user `ssh_username`}}", + "ssh_interface": "{{user `ssh_interface`}}", + "temporary_security_group_source_cidrs": "{{user `temporary_security_group_source_cidrs`}}", + "security_group_id": "{{user `security_group_id`}}", + "associate_public_ip_address": "{{user `associate_public_ip_address`}}", + "ssh_pty": true, + "encrypt_boot": "{{user `encrypted`}}", + "kms_key_id": "{{user `kms_key_id`}}", + "run_tags": { + "creator": "{{user `creator`}}" + }, + "subnet_id": "{{user `subnet_id`}}", + "tags": { + "Name": "{{user `ami_name`}}", + "created": "{{timestamp}}", + "build_region": "{{ .BuildRegion }}", + "source_ami_id": "{{ .SourceAMI }}", + "source_ami_name": "{{ .SourceAMIName }}", + "docker_version": "{{ user `docker_version`}}", + "containerd_version": "{{ user `containerd_version`}}", + "kubernetes": "{{ user `kubernetes_version`}}/{{ user `kubernetes_build_date` }}/bin/linux/{{ user `arch` }}", + "cni_plugin_version": "{{ user `cni_plugin_version`}}", + "ssm_agent_version": "{{ user `ssm_agent_version`}}" + }, + "ami_name": "{{user `ami_name`}}", + "ami_description": "{{ user `ami_description` }}, {{ user `ami_component_description` }}", + "metadata_options": { + "http_tokens": "required" + } + } + ], + "provisioners": [ + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "inline": [ + "mkdir -p {{user `working_dir`}}", + "mkdir -p {{user `working_dir`}}/log-collector-script" + ] + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/install_additional_repos.sh", + "environment_vars": [ + "ADDITIONAL_YUM_REPOS={{user `additional_yum_repos`}}" + ] + }, + { + "type": "file", + "source": "{{template_dir}}/files/", + "destination": "{{user `working_dir`}}" + }, + { + "type": "file", + "source": "{{template_dir}}/log-collector-script/linux/", + "destination": "{{user `working_dir`}}/log-collector-script/" + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "inline": [ + "sudo chmod -R a+x {{user `working_dir`}}/bin/", + "sudo mv {{user `working_dir`}}/bin/* /usr/bin/" + ] + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/install-worker.sh", + "environment_vars": [ + "KUBERNETES_VERSION={{user `kubernetes_version`}}", + "KUBERNETES_BUILD_DATE={{user `kubernetes_build_date`}}", + "BINARY_BUCKET_NAME={{user `binary_bucket_name`}}", + "BINARY_BUCKET_REGION={{user `binary_bucket_region`}}", + "DOCKER_VERSION={{user `docker_version`}}", + "CONTAINERD_VERSION={{user `containerd_version`}}", + "RUNC_VERSION={{user `runc_version`}}", + "CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}", + "PULL_CNI_FROM_GITHUB={{user `pull_cni_from_github`}}", + "AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}", + "AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}", + "AWS_SESSION_TOKEN={{user `aws_session_token`}}", + "PAUSE_CONTAINER_VERSION={{user `pause_container_version`}}", + "CACHE_CONTAINER_IMAGES={{user `cache_container_images`}}", + "WORKING_DIR={{user `working_dir`}}", + "SSM_AGENT_VERSION={{user `ssm_agent_version`}}" + ] + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/cleanup.sh" + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/cleanup_additional_repos.sh", + "environment_vars": [ + "ADDITIONAL_YUM_REPOS={{user `additional_yum_repos`}}" + ] + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/validate.sh", + "environment_vars": [ + "KERNEL_VERSION={{user `kernel_version`}}" + ] + }, + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "script": "{{template_dir}}/scripts/generate-version-info.sh", + "execute_command": "chmod +x {{ .Path }}; {{ .Path }} {{user `working_dir`}}/version-info.json", + "environment_vars": [ + "CACHE_CONTAINER_IMAGES={{user `cache_container_images`}}" + ] + }, + { + "type": "file", + "direction": "download", + "source": "{{user `working_dir`}}/version-info.json", + "destination": "{{ user `ami_name` }}-version-info.json" + }, + + { + "type": "file", + "source": "{{template_dir}}/nodeadm/_dist/bin/linux/amd64/nodeadm", + "destination": "{{user `working_dir`}}/nodeadm" + }, + { + "type": "shell", + "inline": [ + "sudo chmod a+x {{user `working_dir`}}/nodeadm", + "sudo mv {{user `working_dir`}}/nodeadm /usr/bin/" + ] + }, + { + "type": "file", + "source": "{{template_dir}}/nodeadm/rootfs", + "destination": "{{user `working_dir`}}" + }, + { + "type": "shell", + "inline": [ + "sudo chmod -R a+x {{user `working_dir`}}/rootfs/usr/bin/", + "sudo cp -rv {{user `working_dir`}}/rootfs/* /" + ] + }, + + { + "type": "shell", + "remote_folder": "{{ user `remote_folder`}}", + "inline": [ + "rm -rf {{user `working_dir`}}" + ] + } + ], + "post-processors": [ + { + "type": "manifest", + "output": "manifest.json", + "strip_path": true, + "custom_data": { + "source_ami_name": "{{ build `SourceAMIName` }}", + "source_ami_id": "{{ build `SourceAMI` }}" + } + }, + { + "type": "manifest", + "output": "{{user `ami_name`}}-manifest.json", + "strip_path": true, + "custom_data": { + "source_ami_name": "{{ build `SourceAMIName` }}", + "source_ami_id": "{{ build `SourceAMI` }}" + } + } + ] +} diff --git a/files/get-ecr-uri.sh b/files/get-ecr-uri.sh index 3a5bad0b0..3dc56523a 100755 --- a/files/get-ecr-uri.sh +++ b/files/get-ecr-uri.sh @@ -63,6 +63,9 @@ else il-central-1) acct="066635153087" ;; + ca-west-1) + acct="761377655185" + ;; # This sections includes all commercial non-opt-in regions, which use # the same account for ECR pause container images, but still have in-region # registries.