Package eks contains utility functions for interacting with EKS



    func CleanupSecurityGroup

    func CleanupSecurityGroup(
    	clusterArn string,
    	securityGroupID string,
    	vpcID string,
    ) error

      CleanupSecurityGroup deletes the AWS EKS managed security group, which otherwise doesn't get cleaned up when destroying the EKS cluster. It also attempts to delete the security group left by ALB ingress controller, if applicable.

      func ConfigureKubectlForEks

      func ConfigureKubectlForEks(
      	eksCluster *eks.Cluster,
      	kubectlOptions *kubectl.KubectlOptions,
      ) error

        ConfigureKubectlForEks adds a new context to the kubeconfig located at the given path that can authenticate with the EKS cluster referenced by the given ARN.

        func GetAsgByName

        func GetAsgByName(svc *autoscaling.AutoScaling, asgName string) (*autoscaling.Group, error)

          GetAsgByName will lookup an AutoScalingGroup that matches the given name. This will return an error if it can not find any ASG that matches the given name.

          func RollOutDeployment

          func RollOutDeployment(
          	region string,
          	eksAsgName string,
          	kubectlOptions *kubectl.KubectlOptions,
          	drainTimeout time.Duration,
          	deleteLocalData bool,
          	maxRetries int,
          	sleepBetweenRetries time.Duration,
          ) error

            RollOutDeployment will perform a zero downtime roll out of the current launch configuration associated with the provided ASG in the provided EKS cluster. This is accomplished by: 1. Double the desired capacity of the Auto Scaling Group that powers the EKS Cluster. This will launch new EKS

            workers with the new launch configuration.

            2. Wait for the new nodes to be ready for Pod scheduling in Kubernetes. 3. Cordon the old nodes so that no new Pods will be scheduled there. 4. Drain the pods scheduled on the old EKS workers (using the equivalent of "kubectl drain"), so that they will be

            rescheduled on the new EKS workers.

            5. Wait for all the pods to migrate off of the old EKS workers. 6. Set the desired capacity down to the original value and remove the old EKS workers from the ASG. TODO feature request: Break up into stages/checkpoints, and store state along the way so that command can pick up from a stage if something bad happens.

            func ScheduleCoredns

            func ScheduleCoredns(
            	kubectlOptions *kubectl.KubectlOptions,
            	clusterName string,
            	fargateProfileArn string,
            	corednsAnnotation CorednsAnnotation,
            ) error

              ScheduleCoredns adds or removes the compute-type annotation from the coredns deployment resource. When adding, it is set to ec2, when removing, it enables coredns for fargate nodes.

              func SyncClusterComponents

              func SyncClusterComponents(
              	eksClusterArn string,
              	shouldWait bool,
              	waitTimeout string,
              ) error

                SyncClusterComponents will perform the steps described in There are three core applications on an EKS cluster:

                - kube-proxy
                - coredns
                - VPC CNI Plugin

                Each of these is managed in Kubernetes as DaemonSet, Deployment, and DaemonSet respectively. This command will use the k8s API and kubectl command under the hood to patch the manifests to deploy the expected version based on what the current Kubernetes version is of the cluster. As such, this command should be run every time the Kubernetes version is updated on the EKS cluster.

                func VerifyCluster

                func VerifyCluster(
                	eksClusterArn string,
                	waitForCluster bool,
                	waitMaxRetries int,
                	waitSleepBetweenRetries time.Duration,
                ) error

                  VerifyCluster verifies that the cluster exists, and that the Kubernetes api server is up and accepting traffic. If waitForCluster is true, this command will wait for each stage to reach the true state.


                  type CoreComponentUnexpectedConfigurationErr

                  type CoreComponentUnexpectedConfigurationErr struct {
                  	// contains filtered or unexported fields

                    CoreComponentUnexpectedConfigurationErr error is returned when the EKS core components are in an unexpected configuration, such as a different number of containers.

                    func (CoreComponentUnexpectedConfigurationErr) Error

                    type CorednsAnnotation

                    type CorednsAnnotation string
                    const (
                    	Fargate CorednsAnnotation = "fargate"
                    	EC2     CorednsAnnotation = "ec2"

                    type CouldNotMeetASGCapacityError

                    type CouldNotMeetASGCapacityError struct {
                    	// contains filtered or unexported fields

                      CouldNotMeetASGCapacityError represents an error related to waiting for ASG to reach desired capacity

                      func NewCouldNotMeetASGCapacityError

                      func NewCouldNotMeetASGCapacityError(asgName string, message string) CouldNotMeetASGCapacityError

                      func (CouldNotMeetASGCapacityError) Error

                      type EKSClusterNotReady

                      type EKSClusterNotReady struct {
                      	// contains filtered or unexported fields

                        EKSClusterNotReady is returned when the EKS cluster is detected to not be in the ready state

                        func (EKSClusterNotReady) Error

                        func (err EKSClusterNotReady) Error() string

                        type EKSClusterReadyTimeoutError

                        type EKSClusterReadyTimeoutError struct {
                        	// contains filtered or unexported fields

                          EKSClusterReadyTimeoutError is returned when we time out waiting for an EKS cluster to be ready.

                          func (EKSClusterReadyTimeoutError) Error

                          func (err EKSClusterReadyTimeoutError) Error() string

                          type LookupError

                          type LookupError struct {
                          	// contains filtered or unexported fields

                            LookupError represents an error related to looking up data on an object.

                            func NewLookupError

                            func NewLookupError(objectType string, objectId string, objectProperty string) LookupError

                              NewLookupError constructs a new LookupError object that can be used to return an error related to a look up error.

                              func (LookupError) Error

                              func (err LookupError) Error() string

                              type MultipleLookupErrors

                              type MultipleLookupErrors struct {
                              	// contains filtered or unexported fields

                                MultipleLookupErrors represents multiple errors found while looking up a resource

                                func NewMultipleLookupErrors

                                func NewMultipleLookupErrors() MultipleLookupErrors

                                func (MultipleLookupErrors) AddError

                                func (err MultipleLookupErrors) AddError(newErr error)

                                func (MultipleLookupErrors) Error

                                func (err MultipleLookupErrors) Error() string

                                func (MultipleLookupErrors) IsEmpty

                                func (err MultipleLookupErrors) IsEmpty() bool

                                type MultipleTerminateInstanceErrors

                                type MultipleTerminateInstanceErrors struct {
                                	// contains filtered or unexported fields

                                  MultipleTerminateInstanceErrors represents multiple errors found while terminating instances

                                  func NewMultipleTerminateInstanceErrors

                                  func NewMultipleTerminateInstanceErrors() MultipleTerminateInstanceErrors

                                  func (MultipleTerminateInstanceErrors) AddError

                                  func (err MultipleTerminateInstanceErrors) AddError(newErr error)

                                  func (MultipleTerminateInstanceErrors) Error

                                  func (MultipleTerminateInstanceErrors) IsEmpty

                                  func (err MultipleTerminateInstanceErrors) IsEmpty() bool

                                  type NetworkInterfaceDeletedTimeoutError

                                  type NetworkInterfaceDeletedTimeoutError struct {
                                  	// contains filtered or unexported fields

                                    NetworkInterfaceDeletedTimeoutError is returned when we time out waiting for a network interface to be deleted.

                                    func (NetworkInterfaceDeletedTimeoutError) Error

                                    type NetworkInterfaceDetachedTimeoutError

                                    type NetworkInterfaceDetachedTimeoutError struct {
                                    	// contains filtered or unexported fields

                                      NetworkInterfaceDetachedTimeoutError is returned when we time out waiting for a network interface to be detached.

                                      func (NetworkInterfaceDetachedTimeoutError) Error

                                      type NoPeerCertificatesError

                                      type NoPeerCertificatesError struct {
                                      	URL string

                                        NoPeerCertificatesError is returned when we couldn't find any TLS peer certificates for the provided URL.

                                        func (NoPeerCertificatesError) Error

                                        func (err NoPeerCertificatesError) Error() string

                                        type PartialOIDCConfig

                                        type PartialOIDCConfig struct {
                                        	JwksURI string `json:"jwks_uri"`

                                        type Thumbprint

                                        type Thumbprint struct {
                                        	Thumbprint string `json:"thumbprint"`

                                        func GetOIDCThumbprint

                                        func GetOIDCThumbprint(issuerURL string) (*Thumbprint, error)

                                          GetOIDCThumbprint will retrieve the thumbprint of the root CA for the OIDC Provider identified by the issuer URL. This is done by first looking up the domain where the keys are provided, and then looking up the TLS certificate chain for that domain.

                                          type UnsupportedEKSVersion

                                          type UnsupportedEKSVersion struct {
                                          	// contains filtered or unexported fields

                                            UnsupportedEKSVersion is returned when the Kubernetes version of the EKS cluster is not supported.

                                            func (UnsupportedEKSVersion) Error

                                            func (err UnsupportedEKSVersion) Error() string