def destroy_teams(context: "Context") -> None: stack_name: str = f"orbit-{context.name}" final_eks_stack_name: str = f"eksctl-{stack_name}-cluster" _logger.debug("EKSCTL stack name: %s", final_eks_stack_name) cluster_name = f"orbit-{context.name}" if cfn.does_stack_exist(stack_name=final_eks_stack_name) and context.teams: for team in context.teams: eks.delete_fargate_profile( profile_name=f"orbit-{context.name}-{team.name}", cluster_name=cluster_name, ) username = f"orbit-{context.name}-{team.name}-runner" arn = f"arn:aws:iam::{context.account_id}:role/{username}" for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line == f'Error: no iamidentitymapping with arn "{arn}" found': _logger.debug(f"Skipping non-existent IAM Identity Mapping - Role: {arn}") break else: _logger.debug(f"Removing IAM Identity Mapping - Role: {arn}") sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn}") username = f"orbit-{context.name}-{team.name}" arn = cast(str, team.eks_pod_role_arn) for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line == f'Error: no iamidentitymapping with arn "{arn}" found': _logger.debug(f"Skipping non-existent IAM Identity Mapping - Role: {arn}") break else: _logger.debug(f"Removing IAM Identity Mapping - Role: {arn}") sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn}") _logger.debug("EKSCTL Teams destroyed")
def map_iam_identities( context: Context, cluster_name: str, eks_system_masters_roles_changes: Optional[ListChangeset] ) -> None: if eks_system_masters_roles_changes and eks_system_masters_roles_changes.added_values: for role in eks_system_masters_roles_changes.added_values: if iam.get_role(role) is None: _logger.debug(f"Skipping nonexisting IAM Role: {role}") continue arn = f"arn:aws:iam::{context.account_id}:role/{role}" for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line.startswith("Error: no iamidentitymapping with arn"): _logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {role}, Group: system:masters") sh.run( f"eksctl create iamidentitymapping --cluster {cluster_name} --arn {arn} " f"--username {role} --group system:masters" ) cast(List[str], context.eks_system_masters_roles).append(role) ContextSerDe.dump_context_to_ssm(context=context) break else: _logger.debug(f"Skip adding existing IAM Identity Mapping - Role: {arn}") if eks_system_masters_roles_changes and eks_system_masters_roles_changes.removed_values: for role in eks_system_masters_roles_changes.removed_values: arn = f"arn:aws:iam::{context.account_id}:role/{role}" for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line.startswith("Error: no iamidentitymapping with arn"): _logger.debug(f"Skip removing nonexisting IAM Identity Mapping - Role: {arn}") break else: _logger.debug(f"Removing IAM Identity Mapping - Role: {arn}") sh.run(f"eksctl delete iamidentitymapping --cluster {cluster_name} --arn {arn} --all") cast(List[str], context.eks_system_masters_roles).remove(role) ContextSerDe.dump_context_to_ssm(context=context)
def destroy_kubeflow(context: Context) -> None: stack_name: str = f"orbit-{context.name}" final_eks_stack_name: str = f"eksctl-{stack_name}-cluster" _logger.debug("EKSCTL stack name: %s", final_eks_stack_name) if cfn.does_stack_exist(stack_name=final_eks_stack_name): kubectl.write_kubeconfig(context=context) for line in sh.run_iterating("kubectl get namespace kubeflow"): if '"kubeflow" not found' in line: return cluster_name = f"orbit-{context.name}" output_path = os.path.join(".orbit.out", context.name, "kubeflow", cluster_name) gen_kubeflow_config(context, output_path, cluster_name) _logger.debug("Destroying Kubeflow") output_path = os.path.abspath(output_path) _logger.debug(f"kubeflow config dir: {output_path}") utils.print_dir(output_path) timeouts = 0 while timeouts < 3: try: _logger.info("Deleting kubeflow resources") sh.run("./delete_kf.sh", cwd=output_path) except FailedShellCommand: _logger.info( "The command returned a non-zero exit code. Retrying to delete resources" ) timeouts += 1 time.sleep(300)
def package_chart(repo: str, chart_path: str, values: Optional[Dict[str, Any]]) -> Tuple[str, str, str]: chart_yaml = os.path.join(chart_path, "Chart.yaml") values_yaml = os.path.join(chart_path, "values.yaml") chart_version = aws_orbit.__version__.replace(".dev", "-") chart = yaml.safe_load( update_file(chart_yaml, { "orbit_version": aws_orbit.__version__, "chart_version": chart_version })) chart_version = chart["version"] if values: update_file(values_yaml, values) chart_name = chart_path.split("/")[-1] _logger.debug("Packaging %s at %s", chart_name, chart_path) for line in sh.run_iterating(f"helm package --debug {chart_path}"): if line.startswith("Successfully packaged chart and saved it to: "): chart_package = line.replace( "Successfully packaged chart and saved it to: ", "") _logger.debug("Created package: %s", chart_package) _logger.debug("Pushing %s to %s repository", chart_package, repo) sh.run(f"helm s3 push --force {chart_package} {repo}") return chart_name, chart_version, chart_package
def deploy_team(context: "Context", team_context: "TeamContext") -> None: stack_name: str = f"orbit-{context.name}" final_eks_stack_name: str = f"eksctl-{stack_name}-cluster" _logger.debug("EKSCTL stack name: %s", final_eks_stack_name) _logger.debug("Synthetizing the EKSCTL Teams manifest") cluster_name = f"orbit-{context.name}" if cfn.does_stack_exist(stack_name=final_eks_stack_name) and context.teams: if team_context.fargate: subnets_ids = context.networking.data.nodes_subnets sh.run(f"aws eks wait cluster-active --name orbit-{context.name} --debug") eks.create_fargate_profile( profile_name=f"orbit-{context.name}-{team_context.name}", cluster_name=f"orbit-{context.name}", role_arn=cast(str, context.eks_fargate_profile_role_arn), subnets=subnets_ids, namespaces=[team_context.name], selector_labels={"team": team_context.name, "orbit/node-type": "fargate"}, ) username = f"orbit-{context.name}-{team_context.name}-runner" arn = f"arn:aws:iam::{context.account_id}:role/{username}" for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line == f'Error: no iamidentitymapping with arn "{arn}" found': _logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {username}") sh.run( f"eksctl create iamidentitymapping --cluster {cluster_name} " f"--arn {arn} --username {username}" ) break else: _logger.debug(f"Skipping existing IAM Identity Mapping - Role: {arn}, Username: {username}") username = f"orbit-{context.name}-{team_context.name}" arn = cast(str, team_context.eks_pod_role_arn) for line in sh.run_iterating(f"eksctl get iamidentitymapping --cluster {cluster_name} --arn {arn}"): if line == f'Error: no iamidentitymapping with arn "{arn}" found': _logger.debug(f"Adding IAM Identity Mapping - Role: {arn}, Username: {username}") sh.run( f"eksctl create iamidentitymapping --cluster {cluster_name} " f"--arn {arn} --username {username}" ) break else: _logger.debug(f"Skipping existing IAM Identity Mapping - Role: {arn}, Username: {username}")
def is_exists_chart_release(name: str, namespace: str) -> bool: try: _logger.info("Installed charts at %s", namespace) found = False for line in sh.run_iterating(f"helm list -n {namespace}"): _logger.info(line) if name in line: found = True return found except exceptions.FailedShellCommand as e: _logger.error(e) raise e
def ns_exists(team_context: "TeamContext") -> bool: namespace = team_context.name try: _logger.info(f"Checking if {namespace} exists") found = False for line in sh.run_iterating("kubectl get ns"): _logger.info(line) if namespace in line: found = True return found except exceptions.FailedShellCommand as e: _logger.error(e) raise e