diff --git a/deploy.py b/deploy.py index 61a1f5274f..e1c747797f 100755 --- a/deploy.py +++ b/deploy.py @@ -29,6 +29,9 @@ "prod": "us-central1", } +# Mapping of config name to cluster name for AWS EKS deployments +AWS_DEPLOYMENTS = {"aws-curvenote": "binderhub"} + # Mapping of cluster names (keys) to resource group names (values) for Azure deployments AZURE_RGs = {} @@ -140,6 +143,27 @@ def setup_auth_gcloud(release, cluster=None, dry_run=False): ) +def setup_auth_aws(cluster, dry_run=False): + """ + Set up authentication for EKS on AWS + + Assumes you already have an AWS CLI profile setup with access to EKS, + and that either this is the default profile (e.g. on CI) or you have set the + AWS_PROFILE environment variable. + """ + print(f"Obtaining AWS EKS kubeconfig for {cluster}") + + eks_kubeconfig = [ + "aws", + "eks", + "update-kubeconfig", + "--name", + AWS_DEPLOYMENTS[cluster], + ] + stdout = check_output(eks_kubeconfig, dry_run) + print(stdout) + + def update_networkbans(cluster, dry_run=False): """ Run secrets/ban.py to update network bans @@ -165,7 +189,9 @@ def get_config_files(release, config_dir="config"): ) # release-specific config files for config_dir in (config_dir, os.path.join("secrets", config_dir)): - config_files.append(os.path.join(config_dir, release + ".yaml")) + f = os.path.join(config_dir, release + ".yaml") + if os.path.exists(f): + config_files.append(f) return config_files @@ -309,6 +335,41 @@ def patch_coredns(dry_run=False): ) +def deploy_kube_system_charts(release, name=None, dry_run=False): + """ + Some charts must be deployed into the kube-system namespace + """ + if not name: + name = release + log_name = f"mybinder-kube-system {release}" + + config_files = get_config_files(release, config_dir="config-kube-system") + if not config_files: + print(BOLD + GREEN + f"No config files found for {log_name}" + NC, flush=True) + return + + print(BOLD + GREEN + f"Starting helm upgrade for {log_name}" + NC, flush=True) + helm = [ + "helm", + "upgrade", + "--install", + "--cleanup-on-fail", + "--namespace=kube-system", + name, + "mybinder-kube-system", + ] + for config_file in config_files: + helm.extend(["-f", config_file]) + + check_call(helm, dry_run) + print( + BOLD + GREEN + f"SUCCESS: Helm upgrade for {log_name} completed" + NC, + flush=True, + ) + + wait_for_deployments_daemonsets("kube-system", dry_run) + + def main(): # parse command line args argparser = argparse.ArgumentParser() @@ -320,6 +381,7 @@ def main(): "prod", "ovh", "ovh2", + "aws-curvenote", ], ) argparser.add_argument( @@ -335,7 +397,7 @@ def main(): argparser.add_argument( "--local", action="store_true", - help="If the script is running locally, skip auth step", + help="Required if the script is running locally", ) argparser.add_argument( "--dry-run", @@ -383,10 +445,13 @@ def main(): setup_auth_azure(cluster, args.dry_run) elif cluster in GCP_PROJECTS: setup_auth_gcloud(args.release, cluster, args.dry_run) + elif cluster in AWS_DEPLOYMENTS: + setup_auth_aws(cluster, args.dry_run) else: raise Exception("Cloud cluster not recognised!") update_networkbans(cluster, args.dry_run) + deploy_kube_system_charts(args.release, args.name, args.dry_run) deploy(args.release, args.name, args.dry_run)