def _cluster_role(self):
return client.V1ClusterRole(
api_version='rbac.authorization.k8s.io/v1',
kind='ClusterRole',
metadata=metadata(
name=self.name,
labels=self.labels,
),
rules=[
client.V1PolicyRule(
api_groups=["", "extensions"],
resources=[
"configmaps", "endpoints", "events", "ingresses",
"ingresses/status", "services"
],
verbs=[
"create", "get", "list", "update", "watch", "patch"
],
),
client.V1PolicyRule(api_groups=["", "extensions"],
resources=[
"nodes", "pods", "secrets", "services",
"namespaces"
],
verbs=["get", "list", "watch"]),
])
def _configmap(self):
return client.V1ConfigMap(
api_version='v1',
kind='ConfigMap',
metadata=metadata(
name='cwagentconfig',
namespace=self.namespace
),
data=dict({
'cwagentconfig.json': json.dumps(
dict({
'agent': {
'region': f'{self.region}'
},
'logs': {
'metrics_collected': {
'kubernetes': {
'cluster_name': f'{self.cluster_name}',
'metrics_collection_interval': 60
}
},
'force_flush_interval': 5
}
})
)
})
)
def _service_account(self):
return client.V1ServiceAccount(
api_version='v1',
kind='ServiceAccount',
metadata=metadata(
name=self.name,
namespace=self.namespace,
)
)
def _namespace(self):
return client.V1Namespace(
api_version='v1',
kind='Namespace',
metadata=metadata(
name=self.namespace,
labels=dict({'name': self.namespace}),
)
)
def _service_account(self):
return client.V1ServiceAccount(
api_version='v1',
kind='ServiceAccount',
metadata=metadata(
name=self.name,
namespace=self.namespace,
annotations=dict({'eks.amazonaws.com/role-arn': self.role_arn})
)
)
def test_metadata(self):
labels = dict({'key': 'value'})
response = metadata(name=self.name,
namespace=self.namespace,
labels=labels,
annotations=None)
self.assertEqual(response.name, self.name)
self.assertEqual(response.namespace, self.namespace)
self.assertEqual(response.labels, labels)
self.assertEqual(response.annotations, None)
def _deployment(self):
return client.V1Deployment(
api_version='apps/v1',
kind='Deployment',
metadata=metadata(name=self.name, namespace=self.namespace),
spec=client.V1DeploymentSpec(
strategy=client.V1DeploymentStrategy(
type='Recreate'
),
selector=client.V1LabelSelector(
match_labels=self.labels
),
template=client.V1PodTemplateSpec(
metadata=metadata(
labels=self.labels,
annotations=dict({
'iam.amazonaws.com/role': self.role_arn}),
),
spec=client.V1PodSpec(
service_account_name=self.name,
security_context=client.V1PodSecurityContext(
fs_group=65534,
),
containers=client.V1Container(
name=self.name,
image=self.image,
args=[
'--source=service',
'--source=ingress',
f'--domain-filter={self.dns_domain}',
'--provider=aws',
'--registry=txt',
'--txt-owner-id=hostedzone-identifier',
]
)
)
)
)
)
def _deployment(self):
return client.V1Deployment(
api_version='apps/v1',
kind='Deployment',
metadata=metadata(name=self.name,
namespace=self.namespace,
labels=self.labels),
spec=client.V1DeploymentSpec(
selector=client.V1LabelSelector(match_labels=self.labels),
template=client.V1PodTemplateSpec(
metadata=metadata(labels=self.labels, ),
spec=client.V1PodSpec(
service_account_name=self.name,
containers=[
client.V1Container(
name=self.name,
image=self.image,
args=[
'--ingress-class=alb',
f'--cluster-name={self.cluster_name}',
f'--aws-vpc-id={self.vpc_id}',
f'--aws-region={self.region}',
])
]))))
def _cluster_role_binding(self):
return client.V1ClusterRoleBinding(
api_version='rbac.authorization.k8s.io/v1',
kind='ClusterRoleBinding',
metadata=metadata(
name=self.name,
labels=self.labels,
),
role_ref=client.V1RoleRef(api_group='rbac.authorization.k8s.io',
kind='ClusterRole',
name=self.name),
subjects=[
client.V1Subject(kind='ServiceAccount',
name=self.name,
namespace=self.namespace)
])
def _cluster_role(self):
return client.V1ClusterRole(
api_version='rbac.authorization.k8s.io/v1',
kind='ClusterRole',
metadata=metadata(
name=f'{self.name}-role',
),
rules=[
client.V1PolicyRule(
api_groups=[""],
resources=[
"pods",
"nodes",
"endpoints",
],
verbs=["list", "watch"],
),
client.V1PolicyRule(
api_groups=["apps"],
resources=["replicasets"],
verbs=["list", "watch"],
),
client.V1PolicyRule(
api_groups=["batch"],
resources=["jobs"],
verbs=["list", "watch"],
),
client.V1PolicyRule(
api_groups=[""],
resources=["nodes/proxy"],
verbs=["get"],
),
client.V1PolicyRule(
api_groups=[""],
resources=["nodes/stats", "configmaps", "events"],
verbs=["create"],
),
client.V1PolicyRule(
api_groups=[""],
resources=["configmaps"],
resource_names=["cwagent-clusterleader"],
verbs=["get", "update"],
),
]
)
def _cluster_role(self):
return client.V1beta1ClusterRole(
api_version='rbac.authorization.k8s.io/v1beta1',
kind='ClusterRole',
metadata=metadata(name=self.name),
rules=[
client.V1PolicyRule(
api_groups=[""],
resources=["services", "endpoints", "pods"],
verbs=["get", "watch", "list"]
),
client.V1PolicyRule(
api_groups=["extensions"],
resources=["ingresses"],
verbs=["get", "watch", "list"]
),
client.V1PolicyRule(
api_groups=[""],
resources=["nodes"],
verbs=["list", "watch"]
),
]
)
def _daemon_set(self):
return client.V1DaemonSet(
api_version='apps/v1',
kind='DaemonSet',
metadata=metadata(
name=self.name,
namespace=self.namespace,
),
spec=client.V1DaemonSetSpec(
selector=client.V1LabelSelector(
match_labels=self.labels
),
template=client.V1PodTemplateSpec(
metadata=metadata(name=self.name),
spec=client.V1PodSpec(
service_account_name=self.name,
termination_grace_period_seconds=60,
containers=[
client.V1Container(
name=self.name,
image=self.image,
resources=client.V1ResourceRequirements(
limits=dict({
'cpu': '200m',
'memory': '200Mi',
}),
requests=dict({
'cpu': '200m',
'memory': '200Mi',
})
),
env=[
client.V1EnvVar(
name='HOST_IP',
value_from=client.V1EnvVarSource(
field_ref=client.V1ObjectFieldSelector(
field_path='status.hostIP',
)
),
),
client.V1EnvVar(
name='HOST_NAME',
value_from=client.V1EnvVarSource(
field_ref=client.V1ObjectFieldSelector(
field_path='spec.nodeName',
)
),
),
client.V1EnvVar(
name='K8S_NAMESPACE',
value_from=client.V1EnvVarSource(
field_ref=client.V1ObjectFieldSelector(
field_path='metadata.namespace',
)
),
),
client.V1EnvVar(
name='CI_VERSION',
value='k8s/1.1.1',
),
],
volume_mounts=[
client.V1VolumeMount(
name='cwagentconfig',
mount_path='/etc/cwagentconfig',
),
client.V1VolumeMount(
name='rootfs',
mount_path='/rootfs',
read_only='true',
),
client.V1VolumeMount(
name='dockersock',
mount_path='/var/run/docker.sock',
read_only='true',
),
client.V1VolumeMount(
name='varlibdocker',
mount_path='/var/lib/docker',
read_only='true',
),
client.V1VolumeMount(
name='sys',
mount_path='/sys',
read_only='true',
),
client.V1VolumeMount(
name='devdisk',
mount_path='/dev/disk',
read_only='true',
),
]
)
],
volumes=[
client.V1Volume(
name='cwagentconfig',
config_map='cwagentconfig',
),
client.V1Volume(
name='rootfs',
host_path='/',
),
client.V1Volume(
name='dockersock',
host_path='/var/run/docker.sock',
),
client.V1Volume(
name='varlibdocker',
host_path='/var/lib/docker',
),
client.V1Volume(
name='sys',
host_path='/sys',
),
client.V1Volume(
name='devdisk',
host_path='/dev/disk/',
),
]
)
)
)
)