A lambda that add tags to the auto scaling groups of each k8s node.
You have to specify the cluster, the pools and the tags for each pool, or specify them in the common tags if you want the same tag for each node you want to process.
Our pipelines publish every new release to the docker hub, but in order to call it from a lambda, you have to push it to your AWS account private ECR.
Example (take into account that you can tag it with the name you want):
docker pull ydata/aws-asg-tags-lambda:1.0.0
docker tag ydata/aws-asg-tags-lambda:1.0.0 <your private ECR>/aws-asg-tags-lambda:1.0.0
docker push <your private ECR>/aws-asg-tags-lambda:1.0.0The execution role is necessary to connect to the EKS and EC2 for the auto scaling groups
ASGTagLambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join
- '-'
- 'role'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
Policies:
- PolicyName: !Join
- '-'
- 'lambda-asg-tag'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- eks:*
- autoscaling:CreateOrUpdateTags
Resource: '*'The declaration of the lambda function, which will be used by the invoke
ASGTagLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Role: !GetAtt ASGTagLambdaExecutionRole.Arn
PackageType: Image
Code:
ImageUri: !Ref EcrImageUri
Architectures:
- x86_64
MemorySize: 1024
Timeout: 300The lambda invokation
ASGTagLambdaInvoke:
Type: AWS::CloudFormation::CustomResource
DependsOn: ASGTagLambdaFunction
Version: "1.0"
Properties:
ServiceToken: !GetAtt ASGTagLambdaFunction.Arn
StackID: !Ref AWS::StackId
AccountID: !Ref AWS::AccountId
Region: !Ref AWS::Region
ClusterName: "the EKS cluster name" #!Ref EKSCluster
CommonTags:
- Name: "ENVIRONMENT"
Value: "dev"
PropagateAtLaunch: true
NodePools:
- Name: "system-nodepool" #!GetAtt YourNodeGroup.NodegroupName
Tags:
- Name: 'k8s.io/cluster-autoscaler/node-template/taint/TAINT'
Value: 'TAINT_VALUE:TAINT_EFFECT'
PropagateAtLaunch: true
- Name: 'k8s.io/cluster-autoscaler/node-template/label/LABEL'
Value: 'LABEL_VALUE'
PropagateAtLaunch: true
- Name: "another-pool"
Both CommonTags and Tags of each NodePool are optional, but if you don't specify CommonTags neither Tags for each NodePool, it will not do anything.
Check the following examples for other valid combinations
An example with only CommonTags
EKSASGTagLambdaInvoke:
Type: AWS::CloudFormation::CustomResource
DependsOn: EKSASGTagLambdaFunction
Version: "1.0"
Properties:
ServiceToken: !GetAtt EKSASGTagLambdaFunction.Arn
StackID: !Ref AWS::StackId
AccountID: !Ref AWS::AccountId
Region: !Ref AWS::Region
ClusterName: "the EKS cluster name"
CommonTags:
- Name: "ENVIRONMENT"
Value: "prod"
PropagateAtLaunch: true
NodePools:
- Name: "system-nodepool"
- Name: "applications-nodepool"An example with only Tags for the NodePool
EKSASGTagLambdaInvoke:
Type: AWS::CloudFormation::CustomResource
DependsOn: EKSASGTagLambdaFunction
Version: "1.0"
Properties:
ServiceToken: !GetAtt EKSASGTagLambdaFunction.Arn
StackID: !Ref AWS::StackId
AccountID: !Ref AWS::AccountId
Region: !Ref AWS::Region
ClusterName: "the EKS cluster name"
NodePools:
- Name: "system-nodepool"
Tags:
- Name: 'k8s.io/cluster-autoscaler/node-template/taint/TAINT'
Value: 'TAINT_VALUE:NoSchedule'
PropagateAtLaunch: true
- Name: 'k8s.io/cluster-autoscaler/node-template/label/LABEL'
Value: 'LABEL_VALUE'
PropagateAtLaunch: true
- Name: "application-nodepool"
Tags:
- Name: 'k8s.io/cluster-autoscaler/node-template/taint/TAINT'
Value: 'TAINT_VALUE:NoSchedule'
PropagateAtLaunch: true
- Name: 'k8s.io/cluster-autoscaler/node-template/label/LABEL'
Value: 'LABEL_VALUE'
PropagateAtLaunch: true- Add generic context
- Tests
- Better Documentation
- Support other methods of invocation
With ❤️ from YData Development team