Skip to content

Commit

Permalink
Move workers to substack: Remove worker resources
Browse files Browse the repository at this point in the history 
This removes the old worker resources. Deploy the prior commit first, if
you want to update an existing cluster without deleting all workers at
once.
  • Loading branch information
@discordianfish
discordianfish committed Feb 12, 2018
1 parent 27a6491 commit 689e828
Showing 1 changed file with 0 additions and 216 deletions.
216 changes: 0 additions & 216 deletions kubernetes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,26 +56,6 @@ Parameters:
Description: No leading /
Default: bin/linux/amd64/kubeadm

WorkerInstanceType:
Description: EC2 instance type for controller nodes.
Type: String
Default: c5.4xlarge

WorkerPoolSizeMin:
Description: Number of Worker Nodes
Type: Number
Default: 2

WorkerPoolSizeMax:
Description: Number of Worker Nodes
Type: Number
Default: 25

WorkerVolumeSize:
Description: Worker volume size in GB
Type: Number
Default: 100

VPCID:
Description: Existing VPC with attached internet gateway to use for this cluster.
Type: AWS::EC2::VPC::Id
Expand Down Expand Up @@ -1200,202 +1180,6 @@ Resources:
ResourceRecords:
- !GetAtt [ "ControllerELB", "DNSName" ]

################################# WORKERS ######################################

# FIXME: Lock down to only worker coms
WorkerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCID
GroupDescription: Kubernetes Worker SecurityGroup
SecurityGroupIngress:
- CidrIp: "0.0.0.0/0"
IpProtocol: tcp
FromPort: 0
ToPort: 65535
- CidrIp: "0.0.0.0/0"
IpProtocol: udp
FromPort: 0
ToPort: 65535

PolicyWorker:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: "k8s-worker"
Path: /
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "ec2:Describe*"
Resource:
- "*"
- Effect: Allow
Action:
- "s3:Get*"
- "s3:List*"
- "s3:Head*"
Resource:
- !Sub
- "arn:aws:s3:::${assetBucket}/${domain}/kubeadm/admin.conf"
- assetBucket: !Ref assetBucket
domain: !Ref DomainName
WorkerRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- !Ref PolicyWorker
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: "sts:AssumeRole"

WorkerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref WorkerRole

WorkerLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
KeyName: !Ref KeyName
ImageId: !FindInMap [ RegionToImageMap, !Ref "AWS::Region", hvm ]
InstanceType: !Ref WorkerInstanceType
BlockDeviceMappings:
- DeviceName: '/dev/xvda'
Ebs:
VolumeSize:
Ref: WorkerVolumeSize
IamInstanceProfile: !GetAtt [ WorkerInstanceProfile, Arn ]
SecurityGroups:
- !Ref WorkerSecurityGroup
UserData:
Fn::Base64:
Fn::Sub:
- |
{
"ignition": {
"version": "2.1.0",
"config": {}
},
"storage": {
"files": [{
"filesystem": "root",
"path": "/etc/kubernetes/cloud-config",
"mode": 420,
"contents": { "source": "data:;base64,${cloudProviderConfig}" }
}, {
"filesystem": "root",
"path": "/etc/kubernetes/admin.conf",
"mode": 384,
"contents": { "source": "s3://${assetBucket}/${domain}/kubeadm/admin.conf" }
}, {
"filesystem": "root",
"path": "/etc/kubernetes.env",
"mode": 420,
"contents": { "source": "data:;base64,${kubernetesEnv}" }
}, {
"filesystem": "root",
"path": "/opt/bin/cfn-signal-success",
"mode": 493,
"contents": { "source": "data:;base64,${cfnSignalSuccess}" }
}
]
},
"systemd": {
"units": [{
"name": "kubelet.service",
"enable": true,
"contents": "${kubeletUnit}"
}, {
"name": "update-engine.service",
"mask": true
}, {
"name": "locksmithd.service",
"mask": true
}]
},
"networkd": {},
"passwd": {}
}
- kubeletUnit: !Join
- "\\n"
- !Split
- "\n"
- !Join
- "\\\""
- !Split
- "\""
- !Join
- "\\\\"
- !Split
- "\\"
- !FindInMap [ Assets, kubelet, unit ]

# Environment files
kubernetesEnv:
Fn::Base64:
Fn::Sub:
- |
KUBELET_IMAGE_TAG=${KubeletImageTag}
KUBELET_API_SERVERS=api.${DomainName}
KUBELET_CLUSTER_DOMAIN=${DomainName}
- KubeletImageTag: !Ref KubeletImageTag
DomainName: !Ref DomainName
cloudProviderConfig:
Fn::Base64:
Fn::Sub:
- |
[Global]
KubernetesClusterTag=${DomainName}
KubernetesClusterID=${DomainName}
- DomainName: !Ref DomainName
cfnSignalSuccess:
Fn::Base64: !Sub
- |
#!/bin/bash
set -euo pipefail
echo "Signaling success"
docker run --rm rochacon/cfn-bootstrap cfn-signal \
--resource $1 \
--stack ${StackName} \
--region ${Region} || true # Ignore if signaling failed
- StackName: !Ref AWS::StackName
Region: !Ref AWS::Region
domain: !Ref DomainName

WorkerAutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
- !Ref PrivateSubnetC
LaunchConfigurationName:
Ref: WorkerLaunchConfiguration
MaxSize: !Ref WorkerPoolSizeMax
MinSize: !Ref WorkerPoolSizeMin
Tags:
- Key: StackName
PropagateAtLaunch: true
Value: !Ref AWS::StackName
- Key: KubernetesCluster
PropagateAtLaunch: true
Value: !Ref DomainName
# FIXME: We should check that cluster is healthy and signal success
# UpdatePolicy:
# AutoScalingRollingUpdate:
# MaxBatchSize: 1
# MinInstancesInService: 1
# PauseTime: PT15M
# WaitOnResourceSignals: true

WorkerPoolDefault:
Type: "AWS::CloudFormation::Stack"
Properties:
Expand Down

0 comments on commit 689e828

Please sign in to comment.