def add_to_cluster(cls, cluster: Cluster) -> None:
"""
Deploys into the EKS cluster the external secrets manager
:param cluster:
:return:
"""
namespace = "prometheus"
resource = ManifestGenerator.namespace_resource(namespace)
ns = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource)
operator_sa = cluster.add_service_account(
'prometheus-operator',
name=f'prometheus-operator',
namespace=resource.get('metadata', {}).get('name'),
)
operator_sa.node.add_dependency(ns)
prometheus_sa = cluster.add_service_account(
'prometheus',
name=f'prometheus',
namespace=resource.get('metadata', {}).get('name'),
)
prometheus_sa.node.add_dependency(ns)
alertmanager_sa = cluster.add_service_account(
'alertmanager',
name=f'alertmanager',
namespace=resource.get('metadata', {}).get('name'),
)
alertmanager_sa.node.add_dependency(ns)
cls._create_chart_release(cluster, operator_sa, prometheus_sa,
alertmanager_sa)
def add_to_cluster(cls, cluster: Cluster) -> None:
"""
Deploys into the EKS cluster the kubernetes metrics server
:param cluster:
:return:
"""
resource = ManifestGenerator.namespace_resource('metrics-server')
namespace = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource)
chart = cluster.add_chart(
'helm-chart-metrics-server',
release="metrics-server",
chart="metrics-server",
namespace="metrics-server",
repository=cls.HELM_REPOSITORY,
version="4.2.1",
values={
"extraArgs": {
"kubelet-preferred-address-types": "InternalIP",
},
"apiService": {
"create": True,
},
},
)
chart.node.add_dependency(namespace)
def add_to_cluster(cls, cluster: Cluster, kubernetes_version: str) -> None:
"""
Deploys into the EKS cluster the kubernetes cluster autoscaler
:param cluster:
:param kubernetes_version:
:return:
"""
resource = ManifestGenerator.namespace_resource('cluster-autoscaler')
namespace = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource)
sa = cluster.add_service_account(
'ClusterAutoscalerServiceAccount',
name='cluster-autoscaler',
namespace=resource.get('metadata', {}).get('name'),
)
sa.node.add_dependency(namespace)
cls.attach_iam_policies_to_role(sa.role)
chart = cluster.add_chart(
"helm-chart-cluster-autoscaler",
release="cluster-autoscaler",
chart="cluster-autoscaler",
namespace=sa.service_account_namespace,
repository=cls.HELM_REPOSITORY,
version="7.3.3",
values={
"autoDiscovery": {
"clusterName": cluster.cluster_name,
},
"cloudProvider": "aws",
"awsRegion": cluster.vpc.stack.region,
"image": {
"repository":
"eu.gcr.io/k8s-artifacts-prod/autoscaling/cluster-autoscaler",
"tag":
cls._get_cluster_autoscaler_version(kubernetes_version),
"pullPolicy": "Always",
},
"extraArgs": {
"balance-similar-node-groups": "true"
},
"rbac": {
"create": True,
"serviceAccount": {
"name": sa.service_account_name,
"create": False,
},
"pspEnabled": True,
},
},
)
chart.node.add_dependency(sa)
def add_to_cluster(cls, cluster: Cluster) -> None:
"""
Deploys into the EKS cluster the external secrets manager
:param cluster:
:return:
"""
resource = ManifestGenerator.namespace_resource('external-secrets')
namespace = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource
)
sa = cluster.add_service_account(
'ExternalSecretsServiceAccount',
name='external-secrets',
namespace=resource.get('metadata', {}).get('name'),
)
sa.node.add_dependency(namespace)
cls.attach_iam_policies_to_role(sa.role)
chart = cluster.add_chart(
"helm-chart-external-secrets",
release="kubernetes-external-secrets",
chart="kubernetes-external-secrets",
namespace=sa.service_account_namespace,
repository=cls.HELM_REPOSITORY,
version="4.0.0",
values={
"customResourceManagerDisabled": True,
"env": {
"AWS_REGION": cluster.vpc.stack.region,
},
"rbac": {
"create": True,
"serviceAccount": {
"name": sa.service_account_name,
"create": False,
},
},
},
)
chart.node.add_dependency(sa)
def add_to_cluster(cls,
cluster: Cluster,
env_domain: str = 'example.com') -> None:
"""
Deploys into the EKS cluster the external secrets manager
:param env_domain:
:param cluster:
:return:
"""
namespace = "grafana"
resource = ManifestGenerator.namespace_resource(namespace)
ns = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource)
sa = cluster.add_service_account(
'grafana',
name=f'grafana',
namespace=resource.get('metadata', {}).get('name'),
)
sa.node.add_dependency(ns)
cls._create_chart_release(cluster, sa, env_domain)
def add_to_cluster(cls, cluster: Cluster, zone_type: ZoneType) -> None:
"""
Deploys into the EKS cluster the external secrets manager
:param cluster:
:param zone_type:
:return:
"""
namespace = f"external-dns-{zone_type.value}"
resource = ManifestGenerator.namespace_resource(namespace)
ns = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource)
sa = cluster.add_service_account(
f'externalDnsServiceAccount-{zone_type.value}',
name=f'external-dns-{zone_type.value}',
namespace=resource.get('metadata', {}).get('name'),
)
sa.node.add_dependency(ns)
cls.attach_iam_policies_to_role(sa.role)
cls._create_chart_release(cluster, sa, zone_type)
def add_to_cluster(cls, cluster: Cluster) -> None:
"""
Deploys cert-manager into the EKS cluster
:param cluster:
:return:
"""
resource = ManifestGenerator.namespace_resource('cert-manager')
namespace = cluster.add_resource(
f"{resource.get('kind')}-{resource.get('metadata', {}).get('name')}",
resource
)
sa = cluster.add_service_account(
'CertManagerServiceAccount',
name='cert-manager',
namespace=resource.get('metadata', {}).get('name'),
)
sa.node.add_dependency(namespace)
injector_sa = cluster.add_service_account(
'CertManagerCAInjectorServiceAccount',
name='cert-manager-ca-injector',
namespace=resource.get('metadata', {}).get('name'),
)
injector_sa.node.add_dependency(namespace)
webhook_sa = cluster.add_service_account(
'CertManagerWebhookServiceAccount',
name='cert-manager-webhook',
namespace=resource.get('metadata', {}).get('name'),
)
webhook_sa.node.add_dependency(namespace)
chart = cluster.add_chart(
"helm-chart-cert-manager",
release="cert-manager",
chart="cert-manager",
namespace="cert-manager",
repository=cls.HELM_REPOSITORY,
version="v0.15.2",
values={
"global": {
"podSecurityPolicy": {
"enabled": True,
},
},
"installCRDs": True,
"serviceAccount": {
"create": False,
"name": sa.service_account_name,
},
"cainjector": {
"serviceAccount": {
"create": False,
"name": injector_sa.service_account_name
},
},
"webhook": {
"serviceAccount": {
"create": False,
"name": injector_sa.service_account_name
},
},
},
)
chart.node.add_dependency(sa)
chart.node.add_dependency(injector_sa)
chart.node.add_dependency(webhook_sa)