Merge pull request #188 from dagger/example-aws-eks

Example for deploying containers to AWS EKS
2021-03-18 16:37:29 -07:00
parent fee4431d48 dd5e5684b2
commit eb6fe17df3
9 changed files with 771 additions and 54 deletions
--- a/stdlib/aws/aws.cue
+++ b/stdlib/aws/aws.cue
@@ -1,7 +1,12 @@
 package aws

-import "dagger.io/dagger"
+import (
+	"dagger.io/dagger"
+	"dagger.io/llb"
+	"dagger.io/alpine"
+)

+// Base AWS Config
 #Config: {
 	// AWS region
 	region: string
@@ -10,3 +15,17 @@ import "dagger.io/dagger"
 	// AWS secret key
 	secretKey: dagger.#Secret
 }
+
+// Re-usable aws-cli component
+#CLI: {
+	#compute: [
+		llb.#Load & {
+			from: alpine.#Image & {
+				package: bash:      "=5.1.0-r0"
+				package: jq:        "=1.6-r1"
+				package: curl:      "=7.74.0-r1"
+				package: "aws-cli": "=1.18.177-r0"
+			}
+		},
+	]
+}
--- a/stdlib/aws/cloudformation/cloudformation.cue
+++ b/stdlib/aws/cloudformation/cloudformation.cue
@@ -3,9 +3,8 @@ package cloudformation
 import (
 	"encoding/json"

-	"dagger.io/alpine"
-	"dagger.io/aws"
 	"dagger.io/llb"
+	"dagger.io/aws"
 )

 // AWS CloudFormation Stack
@@ -45,57 +44,51 @@ import (
 		}
 	}

-	outputs: {
-		[string]: string
+	outputs: [string]: string

-		#compute: [
-			llb.#Load & {
-				from: alpine.#Image & {
-					package: bash:      "=5.1.0-r0"
-					package: jq:        "=1.6-r1"
-					package: "aws-cli": "=1.18.177-r0"
+	outputs: #compute: [
+		llb.#Load & {
+			from: aws.#CLI
+		},
+		llb.#Mkdir & {
+			path: "/src"
+		},
+		for dest, content in #files {
+			llb.#WriteFile & {
+				"dest":    dest
+				"content": content
+			}
+		},
+		llb.#Exec & {
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/entrypoint.sh",
+			]
+			env: {
+				AWS_CONFIG_FILE:       "/cache/aws/config"
+				AWS_ACCESS_KEY_ID:     config.accessKey
+				AWS_SECRET_ACCESS_KEY: config.secretKey
+				AWS_DEFAULT_REGION:    config.region
+				AWS_REGION:            config.region
+				AWS_DEFAULT_OUTPUT:    "json"
+				AWS_PAGER:             ""
+				if neverUpdate {
+					NEVER_UPDATE: "true"
 				}
-			},
-			llb.#Mkdir & {
-				path: "/src"
-			},
-			for dest, content in #files {
-				llb.#WriteFile & {
-					"dest":    dest
-					"content": content
-				}
-			},
-			llb.#Exec & {
-				args: [
-					"/bin/bash",
-					"--noprofile",
-					"--norc",
-					"-eo",
-					"pipefail",
-					"/entrypoint.sh",
-				]
-				env: {
-					AWS_CONFIG_FILE:       "/cache/aws/config"
-					AWS_ACCESS_KEY_ID:     config.accessKey
-					AWS_SECRET_ACCESS_KEY: config.secretKey
-					AWS_DEFAULT_REGION:    config.region
-					AWS_REGION:            config.region
-					AWS_DEFAULT_OUTPUT:    "json"
-					AWS_PAGER:             ""
-					if neverUpdate {
-						NEVER_UPDATE: "true"
-					}
-					STACK_NAME: stackName
-					TIMEOUT:    "\(timeout)"
-					ON_FAILURE: onFailure
-				}
-				dir: "/src"
-				mount: "/cache/aws": "cache"
-			},
-			llb.#Export & {
-				source: "/outputs.json"
-				format: "json"
-			},
-		]
-	}
+				STACK_NAME: stackName
+				TIMEOUT:    "\(timeout)"
+				ON_FAILURE: onFailure
+			}
+			dir: "/src"
+			mount: "/cache/aws": "cache"
+		},
+		llb.#Export & {
+			source: "/outputs.json"
+			format: "json"
+		},
+	]
 }
--- a/stdlib/aws/eks/code.cue
+++ b/stdlib/aws/eks/code.cue
@@ -0,0 +1,26 @@
+package eks
+
+#Code: #"""
+	[ -e /cache/bin/kubectl ] || {
+	    curl -sfL https://dl.k8s.io/v1.19.9/bin/linux/amd64/kubectl -o /cache/bin/kubectl && chmod +x /cache/bin/kubectl
+	}
+
+	export KUBECONFIG=/kubeconfig
+	export PATH="$PATH:/cache/bin"
+
+	# Generate a kube configuration
+	aws eks update-kubeconfig --name "$EKS_CLUSTER"
+
+	# Figure out the kubernetes username
+	CONTEXT="$(kubectl config current-context)"
+	USER="$(kubectl config view -o json | \
+	    jq -r ".contexts[] | select(.name==\"$CONTEXT\") | .context.user")"
+
+	# Grab a kubernetes access token
+	ACCESS_TOKEN="$(aws eks get-token --cluster-name "$EKS_CLUSTER" | \
+	    jq -r .status.token)"
+
+	# Remove the user config and replace it with the token
+	kubectl config unset "users.${USER}"
+	kubectl config set-credentials "$USER" --token "$ACCESS_TOKEN"
+	"""#
--- a/stdlib/aws/eks/eks.cue
+++ b/stdlib/aws/eks/eks.cue
@@ -0,0 +1,59 @@
+package eks
+
+import (
+	"dagger.io/llb"
+	"dagger.io/aws"
+)
+
+// KubeConfig config outputs a valid kube-auth-config for kubectl client
+#KubeConfig: {
+	// AWS Config
+	config: aws.#Config
+
+	// EKS cluster name
+	clusterName: string
+
+	// kubeconfig is the generated kube configuration file
+	kubeconfig: {
+		dagger.#Secret
+
+		#compute: [
+			llb.#Load & {
+				from: aws.#CLI
+			},
+			llb.#WriteFile & {
+				dest:    "/entrypoint.sh"
+				content: #Code
+			},
+			llb.#Exec & {
+				always: true
+				args: [
+					"/bin/bash",
+					"--noprofile",
+					"--norc",
+					"-eo",
+					"pipefail",
+					"/entrypoint.sh",
+				]
+				env: {
+					AWS_CONFIG_FILE:       "/cache/aws/config"
+					AWS_ACCESS_KEY_ID:     config.accessKey
+					AWS_SECRET_ACCESS_KEY: config.secretKey
+					AWS_DEFAULT_REGION:    config.region
+					AWS_REGION:            config.region
+					AWS_DEFAULT_OUTPUT:    "json"
+					AWS_PAGER:             ""
+					EKS_CLUSTER:           clusterName
+				}
+				mount: {
+					"/cache/aws": "cache"
+					"/cache/bin": "cache"
+				}
+			},
+			llb.#Export & {
+				source: "/kubeconfig"
+				format: "string"
+			},
+		]
+	}
+}