def destroy_teams(context: "Context") -> None:
stack_name: str = f"orbit-{context.name}"
final_eks_stack_name: str = f"eksctl-{stack_name}-cluster"
_logger.debug("EKSCTL stack name: %s", final_eks_stack_name)
cluster_name = f"orbit-{context.name}"
if cfn.does_stack_exist(stack_name=final_eks_stack_name) and context.teams:
for team in context.teams:
eks.delete_fargate_profile(
profile_name=f"orbit-{context.name}-{team.name}",
cluster_name=cluster_name,
)
username = f"orbit-{context.name}-{team.name}-runner"
arn = f"arn:aws:iam::{context.account_id}:role/{username}"
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line == f'Error: no iamidentitymapping with arn "{arn}" found':
_logger.debug(f"Skipping non-existent IAM Identity Mapping - Role: {arn}")
break
else:
_logger.debug(f"Removing IAM Identity Mapping - Role: {arn}")
sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn}")
username = f"orbit-{context.name}-{team.name}"
arn = cast(str, team.eks_pod_role_arn)
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line == f'Error: no iamidentitymapping with arn "{arn}" found':
_logger.debug(f"Skipping non-existent IAM Identity Mapping - Role: {arn}")
break
else:
_logger.debug(f"Removing IAM Identity Mapping - Role: {arn}")
sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn}")
_logger.debug("EKSCTL Teams destroyed")
def map_iam_identities(
context: Context, cluster_name: str, eks_system_masters_roles_changes: Optional[ListChangeset]
) -> None:
if eks_system_masters_roles_changes and eks_system_masters_roles_changes.added_values:
for role in eks_system_masters_roles_changes.added_values:
if iam.get_role(role) is None:
_logger.debug(f"Skipping nonexisting IAM Role: {role}")
continue
arn = f"arn:aws:iam::{context.account_id}:role/{role}"
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line.startswith("Error: no iamidentitymapping with arn"):
_logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {role}, Group: system:masters")
sh.run(
f"eksctl create iamidentitymapping --cluster {cluster_name} --arn {arn} "
f"--username {role} --group system:masters"
)
cast(List[str], context.eks_system_masters_roles).append(role)
ContextSerDe.dump_context_to_ssm(context=context)
break
else:
_logger.debug(f"Skip adding existing IAM Identity Mapping - Role: {arn}")
if eks_system_masters_roles_changes and eks_system_masters_roles_changes.removed_values:
for role in eks_system_masters_roles_changes.removed_values:
arn = f"arn:aws:iam::{context.account_id}:role/{role}"
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line.startswith("Error: no iamidentitymapping with arn"):
_logger.debug(f"Skip removing nonexisting IAM Identity Mapping - Role: {arn}")
break
else:
_logger.debug(f"Removing IAM Identity Mapping - Role: {arn}")
sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn} --all")
cast(List[str], context.eks_system_masters_roles).remove(role)
ContextSerDe.dump_context_to_ssm(context=context)
def destroy_kubeflow(context: Context) -> None:
stack_name: str = f"orbit-{context.name}"
final_eks_stack_name: str = f"eksctl-{stack_name}-cluster"
_logger.debug("EKSCTL stack name: %s", final_eks_stack_name)
if cfn.does_stack_exist(stack_name=final_eks_stack_name):
kubectl.write_kubeconfig(context=context)
for line in sh.run_iterating("kubectl get namespace kubeflow"):
if '"kubeflow" not found' in line:
return
cluster_name = f"orbit-{context.name}"
output_path = os.path.join(".orbit.out", context.name, "kubeflow",
cluster_name)
gen_kubeflow_config(context, output_path, cluster_name)
_logger.debug("Destroying Kubeflow")
output_path = os.path.abspath(output_path)
_logger.debug(f"kubeflow config dir: {output_path}")
utils.print_dir(output_path)
timeouts = 0
while timeouts < 3:
try:
_logger.info("Deleting kubeflow resources")
sh.run("./delete_kf.sh", cwd=output_path)
except FailedShellCommand:
_logger.info(
"The command returned a non-zero exit code. Retrying to delete resources"
)
timeouts += 1
time.sleep(300)
def package_chart(repo: str, chart_path: str,
values: Optional[Dict[str, Any]]) -> Tuple[str, str, str]:
chart_yaml = os.path.join(chart_path, "Chart.yaml")
values_yaml = os.path.join(chart_path, "values.yaml")
chart_version = aws_orbit.__version__.replace(".dev", "-")
chart = yaml.safe_load(
update_file(chart_yaml, {
"orbit_version": aws_orbit.__version__,
"chart_version": chart_version
}))
chart_version = chart["version"]
if values:
update_file(values_yaml, values)
chart_name = chart_path.split("/")[-1]
_logger.debug("Packaging %s at %s", chart_name, chart_path)
for line in sh.run_iterating(f"helm package --debug {chart_path}"):
if line.startswith("Successfully packaged chart and saved it to: "):
chart_package = line.replace(
"Successfully packaged chart and saved it to: ", "")
_logger.debug("Created package: %s", chart_package)
_logger.debug("Pushing %s to %s repository", chart_package, repo)
sh.run(f"helm s3 push --force {chart_package} {repo}")
return chart_name, chart_version, chart_package
def deploy_team(context: "Context", team_context: "TeamContext") -> None:
stack_name: str = f"orbit-{context.name}"
final_eks_stack_name: str = f"eksctl-{stack_name}-cluster"
_logger.debug("EKSCTL stack name: %s", final_eks_stack_name)
_logger.debug("Synthetizing the EKSCTL Teams manifest")
cluster_name = f"orbit-{context.name}"
if cfn.does_stack_exist(stack_name=final_eks_stack_name) and context.teams:
if team_context.fargate:
subnets_ids = context.networking.data.nodes_subnets
sh.run(f"aws eks wait cluster-active --name orbit-{context.name} --debug")
eks.create_fargate_profile(
profile_name=f"orbit-{context.name}-{team_context.name}",
cluster_name=f"orbit-{context.name}",
role_arn=cast(str, context.eks_fargate_profile_role_arn),
subnets=subnets_ids,
namespaces=[team_context.name],
selector_labels={"team": team_context.name, "orbit/node-type": "fargate"},
)
username = f"orbit-{context.name}-{team_context.name}-runner"
arn = f"arn:aws:iam::{context.account_id}:role/{username}"
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line == f'Error: no iamidentitymapping with arn "{arn}" found':
_logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {username}")
sh.run(
f"eksctl create iamidentitymapping --cluster {cluster_name} " f"--arn {arn} --username {username}"
)
break
else:
_logger.debug(f"Skipping existing IAM Identity Mapping - Role: {arn}, Username: {username}")
username = f"orbit-{context.name}-{team_context.name}"
arn = cast(str, team_context.eks_pod_role_arn)
for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"):
if line == f'Error: no iamidentitymapping with arn "{arn}" found':
_logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {username}")
sh.run(
f"eksctl create iamidentitymapping --cluster {cluster_name} " f"--arn {arn} --username {username}"
)
break
else:
_logger.debug(f"Skipping existing IAM Identity Mapping - Role: {arn}, Username: {username}")
def is_exists_chart_release(name: str, namespace: str) -> bool:
try:
_logger.info("Installed charts at %s", namespace)
found = False
for line in sh.run_iterating(f"helm list -n {namespace}"):
_logger.info(line)
if name in line:
found = True
return found
except exceptions.FailedShellCommand as e:
_logger.error(e)
raise e
def ns_exists(team_context: "TeamContext") -> bool:
namespace = team_context.name
try:
_logger.info(f"Checking if {namespace} exists")
found = False
for line in sh.run_iterating("kubectl get ns"):
_logger.info(line)
if namespace in line:
found = True
return found
except exceptions.FailedShellCommand as e:
_logger.error(e)
raise e
