From 94eb1dbe58affecd3701a639b989d510429cc18a Mon Sep 17 00:00:00 2001 From: Ajay Kumar Date: Wed, 2 Nov 2022 08:05:10 +0530 Subject: [PATCH 1/2] Added the provision eks script --- eksctl-configs/README.md | 37 ++++---- eksctl-configs/provision-eks.py | 147 ++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+), 22 deletions(-) create mode 100644 eksctl-configs/provision-eks.py diff --git a/eksctl-configs/README.md b/eksctl-configs/README.md index 387f69f..59afb75 100644 --- a/eksctl-configs/README.md +++ b/eksctl-configs/README.md @@ -7,34 +7,27 @@ - Create 2 s3 buckets for storing cache and logs in the same region where you intend to create Devtron cluster ( Names can be something like s3://organization-devtron-ci-caching (versioning enabled), s3://organization-devtron-ci-logs ) - Create a customPolicy `devtron-cluster-IAM-policy` ( arn:aws:iam::XXXXXXXXXXXXXX:policy/devtron-cluster-IAM-policy ) and give S3FullAccess to the s3 buckets created in previous step and `ElasticLoadBalancingFullAccess` (Devtron creates a Loadbalancer for it's service) - -## Download the eksctl configs template and Modify - -### Already have a VPC where the Devtron Cluster needs to be provisioned -``` -wget https://raw.githubusercontent.com/devtron-labs/utilities/main/eksctl-configs/eksctl-devtron-prod-configs.yaml -``` - -### Let eksctl automatically create a new VPC and subnets +## Clone the repo. ``` -https://raw.githubusercontent.com/devtron-labs/utilities/main/eksctl-configs/ekstl-devtron-configs-create-new-vpc.yaml +git clone https://github.com/devtron-labs/utilities.git ``` +## Prerequisites before run the provision script. -Edit the fields prefilled with sample data - -- vpc.id -- vpc.subnets.private and vpc.subnets.public -- vpc.clusterEndpoints.publicAccessCIDRs (Include the public IP addresses CIDR that you wish to whitelist for Kubernetes apiserver access, vpc cidr is already whitelisted if vpc.clusterEndpoints.privateAccess is set true) -- nodeGroups.ssh.publicKeyName for both the nodegroups -- Replace AWS account ID in nodeGroups.iam.attachPolicyARNs ( arn:aws:iam::XXXXXXXXXXXXXX:policy/devtron-cluster-IAM-policy ) +- Make sure bastion have aws configured with required permission to provision EKS. +- Make sure bastion have python installed. +- Install `pyyaml` python module by running `pip3 install pyyaml` -The eksctl template shared in the step above is a recommended configuration for devtron setup for Production usage, you can do any other changes according to your customizations if required or get in touch with Devtron Team on Discord https://discord.devtron.ai +## First go inside eksctl-configs folder and run script by `python3 provision-eks.py` -## Creating Cluster +- This script will going to install `helm`, `kubectl`, `eksctl` if these are already installed it will ignore. +- Script will take inputs from users like `cluster-name`, `region`,`eks-version`, `arn of devtron-cluster-IAM-policy` , `key pair name` +- Next it will take input `Do you want to use your existing vpc or not` and value of it either `yes` or `no`. +- Here if you provide `no` then it will create eks cluster with new vpc. +- Here if you provide `yes` as input it will take input `vpc-id` , `total number of private subnets` +- Take input `subnet name` and its `subnet id` for private subnets. +- Next input `total number of public subnets`. +- Next input `subnet name` and its `subnet id` after that it will provision eks with existing vpc and subnets which are provided. -``` -eksctl create cluster -f eksctl-devtron-prod-configs.yaml -``` ### Manually creating Kubeconfig for a Cluster diff --git a/eksctl-configs/provision-eks.py b/eksctl-configs/provision-eks.py new file mode 100644 index 0000000..2d53b9e --- /dev/null +++ b/eksctl-configs/provision-eks.py @@ -0,0 +1,147 @@ +# Make sure python is installed on system. +#pip3 install pyyaml +import subprocess as sp , os +import yaml +#************************************************************* +def is_eksctl_installed(): + print("****************************************") + print("\nVerfiying eksctl utility ............") + is_eksctl=sp.getstatusoutput("eksctl version") + return is_eksctl + +def install_eksctl(): + o1=sp.getstatusoutput("curl --silent --location https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz | tar xz -C /tmp") + o2=sp.getstatusoutput("sudo mv /tmp/eksctl /usr/local/bin") + if o1[0]==0 and o2[0]==0: + print("Installation of eksctl is succeeded") + else: + print("Getting some error during eksctl installation") +def is_kubectl_installed(): + print("****************************************") + print("\nVerfiying kubectl client utility .......") + is_kubectl=sp.getstatusoutput("kubectl version --client") + return is_kubectl + +def install_kubectl(): + o1=sp.getstatusoutput("curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl") + o2=sp.getstatusoutput("curl -LO https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256") + o3=sp.getstatusoutput("sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl") + if o1[0]==0 and o2[0]==0 and o3[0]==0: + print("Installation of kubectl is succeeded") + else: + print("Getting some error during kubectl installation") + +def is_helm_installed(): + print("****************************************") + print("\nVerfiying helm utility .......") + is_helm=sp.getstatusoutput("helm version") + return is_helm + +def install_helm(): + o1=sp.getstatusoutput("curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3") + o2=sp.getstatusoutput("chmod 700 get_helm.sh") + o3=sp.getstatusoutput("./get_helm.sh") + if o1[0]==0 and o2[0]==0 and o3[0]==0: + print("Installation of helm is succeeded") + else: + print("Getting some error during helm installation") + +def create_eks_new_vpc(cluster_name,region_name,eks_version,arn_devtron_cluster_IAM_policy,key_name): + print("\nWill provision eks with new vpc ... ") + # print(cluster_name, region_name,eks_version) + filename = "ekstl-devtron-configs-create-new-vpc.yaml" + stream = open(filename, 'r') + data = yaml.load(stream,Loader=yaml.SafeLoader) + data['metadata']['name']=cluster_name + data['metadata']['region']=region_name + data['metadata']['version']=eks_version + data['nodeGroups'][0]['iam']['attachPolicyARNs'][5]=arn_devtron_cluster_IAM_policy + data['nodeGroups'][1]['iam']['attachPolicyARNs'][5]=arn_devtron_cluster_IAM_policy + data['nodeGroups'][0]['ssh']['publicKeyName']=key_name + data['nodeGroups'][1]['ssh']['publicKeyName']=key_name + with open(filename, 'w') as yaml_file: + yaml_file.write( yaml.dump(data, default_flow_style=False)) + print("\n Creating the eks cluster with configured values .....\n") + os.system("eksctl create cluster -f ekstl-devtron-configs-create-new-vpc.yaml") +def create_eks_existing_vpc(cluster_name,region_name,eks_version,arn_devtron_cluster_IAM_policy,key_name): + print("\nWill provision eks with existing vpc configuration ") + vpc_id=input("Your vpc id (Ex vpc-xxxxxxx): ") + filename = "eksctl-devtron-prod-configs.yaml" + stream = open(filename, 'r') + data = yaml.load(stream,Loader=yaml.SafeLoader) + data['metadata']['name']=cluster_name + data['metadata']['region']=region_name + data['vpc']['id']=vpc_id + data['metadata']['version']=eks_version + data['nodeGroups'][0]['iam']['attachPolicyARNs'][5]=arn_devtron_cluster_IAM_policy + data['nodeGroups'][1]['iam']['attachPolicyARNs'][5]=arn_devtron_cluster_IAM_policy + data['nodeGroups'][0]['ssh']['publicKeyName']=key_name + data['nodeGroups'][1]['ssh']['publicKeyName']=key_name + total_private=int(input("\nEnter total number of private subnets : ")) + private_subnets={} + public_subnets={} + for i in range(total_private): + subnet_name=input("Subnet name : ") + subnet_id=input("Subnet id of repective subnet : ") + private_subnets[subnet_name]=subnet_id + total_public=int(input("\nEnter total number of public subnets : ")) + for i in range(total_public): + subnet_name=input("Subnet name : ") + subnet_id=input("Subnet id of repective subnet: ") + public_subnets[subnet_name]=subnet_id + data['vpc']['subnets']['private']={} + data['vpc']['subnets']['public']={} + for key ,value in private_subnets.items(): + data['vpc']['subnets']['private'][key]={} + data['vpc']['subnets']['private'][key]['id']=value + for key ,value in public_subnets.items(): + data['vpc']['subnets']['public'][key]={} + data['vpc']['subnets']['public'][key]['id']=value + with open(filename, 'w') as yaml_file: + yaml_file.write( yaml.dump(data, default_flow_style=False)) + + print("\n Creating the eks cluster with configured values .....\n") + os.system("eksctl create cluster -f eksctl-devtron-prod-configs.yaml") + +#********************************************************************************* + + + +is_eksctl=is_eksctl_installed() +if is_eksctl[0]==0: + print(f"eksctl is already istalled with version {is_eksctl[1]}") +else: + print("eksctl is not installed will do with latest version ........") + install_eksctl() + +is_kubectl=is_kubectl_installed() +if is_kubectl[0]==0: + print("kubectl is already installed") +else: + print("kubectl client is not installed will do that.........") + install_kubectl() + +is_helm=is_helm_installed() +if is_helm[0]==0: + print(f"Helm is already installed with version {is_helm[1]}") +else: + print("Helm is not installed will do .......") + install_helm() + + + +print("******************************************************************") +cluster_name=input("cluster-name (Ex devtron-cluster): ") +region_name=input("region (Ex ap-south-1): ") +eks_version=input("k8s version (Ex 1.21, 1.22): ") +arn_devtron_cluster_IAM_policy=input("arn for cluster iam policy: ") +key_name=input("Key pair name (Will be attach to nodes): ") +print("\n******************************************************************") +is_create_vpc=input("Do you want to use your existing vpc(yes/no): ") +if is_create_vpc.lower()=='yes' or is_create_vpc.lower()=='y': + create_eks_existing_vpc(cluster_name,region_name,eks_version,arn_devtron_cluster_IAM_policy,key_name) +elif is_create_vpc.lower()=='no' or is_create_vpc.lower()=='n': + create_eks_new_vpc(cluster_name,region_name,eks_version,arn_devtron_cluster_IAM_policy,key_name) +else: + print("\n Value provided are not supported") + \ No newline at end of file From bd1422be43001b81f34e8ab519b7192c5c1e8f51 Mon Sep 17 00:00:00 2001 From: Ajay Kumar Date: Wed, 2 Nov 2022 08:17:23 +0530 Subject: [PATCH 2/2] modified readme --- eksctl-configs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eksctl-configs/README.md b/eksctl-configs/README.md index 59afb75..b80fa8b 100644 --- a/eksctl-configs/README.md +++ b/eksctl-configs/README.md @@ -26,7 +26,7 @@ git clone https://github.com/devtron-labs/utilities.git - Here if you provide `yes` as input it will take input `vpc-id` , `total number of private subnets` - Take input `subnet name` and its `subnet id` for private subnets. - Next input `total number of public subnets`. -- Next input `subnet name` and its `subnet id` after that it will provision eks with existing vpc and subnets which are provided. +- Next input `subnet name` and its `subnet id` for public subnets after that it will provision eks with existing vpc and subnets which are provided. ### Manually creating Kubeconfig for a Cluster