ekstrap is a simple tool to bootstrap the configuration on Kuberntes nodes so that they may join an EKS cluster.
When run on an ec2 node ekstrap performs several tasks.
- Discovers the name of your EKS cluster by looking for the
kubernetes.io/cluster/<name>tag. - Discovers the endpoint and CA certificate of your EKS cluster.
- Updates the hostname of the node to match the
PrivateDnsNamefrom the EC2 API. - Writes a kubeconfig file configured to connect to your EKS cluster to
/var/lib/kubelet/kubeconfig. - Writes a systemd unit file to
/lib/systemd/system/kubelet.service. - Writes the cluster CA certificate to
/etc/kubernetes/pki/ca.crt. - Calculates an appropriate value for for --kube-reserved
- Restarts the kubelet unit.
In order to run ekstrap your instance should have an IAM instance profile that allows the EC2::DescribeInstances action and the EKS::DescribeCluster action. Both of these actions are already included in the AWS managed policy arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy along with the other permissions that the kubelet requires to connect to your cluster, it is recommended therefore to simply attach this policy to your instance role/profile.
If you wish to provide extra aruguments to the kubelet you can create a drop-in that sets the KUBELET_EXTRA_ARGS environment variable.
For example to taint nodes with GPU hardware you could add:
/etc/systemd/system/kubelet.service.d/40-kubelet-extra-args.conf
[Service]
Environment='KUBELET_EXTRA_ARGS=--register-with-taints="gpu=true:PreferNoSchedule"'
The simplest way to install ekstrap is to use our packagecloud repository.
If installed with the package a systemd unit will be installed and enabled, (but not started) so ekstrap will be run on the next boot.
Follow the instructions here to add our repository.
Or run:
curl -s https://packagecloud.io/install/repositories/errm/ekstrap/script.deb.sh | sudo bashThen install ekstrap:
sudo apt-get install ekstrapFollow the instructions here to add our repository.
For Amazon Linux use the string for Enterprise Linux 6 (el/6)
Or run:
curl -s https://packagecloud.io/install/repositories/errm/ekstrap/script.rpm.sh | sudo bashThen install ekstrap:
sudo yum install ekstrapekstrap is also distributed as a static binary so can be installed on any appropriate system with simple tools.
$ curl -LO https://github.com/errm/ekstrap/releases/download/v0.0.4/ekstrap_0.0.4_linux_x86_64
You should check that the provided checksums match before you use the binary.
$ curl -LO https://github.com/errm/ekstrap/releases/download/v0.0.4/ekstrap_checksums.txt
$ sha256sum -c ekstrap_checksums.txt
ekstrap_0.0.4_linux_x86_64: OK
Install the ekstrap binary into a suitable location e.g. /usr/sbin/ekstrap
$ install -m755 ekstrap_0.0.4_linux_x86_64 /usr/sbin/ekstrap
You might choose to run ekstrap with a oneshot unit
[Unit]
Description=Configures Kubernetes EKS Worker Node
Before=kubelet.service
[Service]
Type=oneshot
ExecStart=/usr/sbin/ekstrap
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
Remember that because ekstrap writes config files with strict permissions and interacts with the init system, it needs to run as root.
- Install go
- Checkout the git repo / grab the latest source tarball
- Copy the source to $GOPATH/src/github.com/errm/ekstrap
- Run
make install
make
Will run the tests and build a binary
We run some linting processes on GolangCI
To run locally: make lint
To build ekstrap you need go
If you want a tiny binary, install upx and run the make compress task.
ekstrap currently only works with systemd, if you want us to support another init system please comment here #28.
If you want to contribute to this tool:
- Thank You!
- Open an issue
- Or a PR
- Try to write tests if you are adding code / features
Apache 2.0