ekscli
A simple and flexible command-line tool for AWS EKS management
- Free software: MIT license
- Documentation: https://ekscli.readthedocs.io.
Prerequisites
- Available AWS credentials (configured as boto3)
- Heptio authenticator binary (Section
To install heptio-authenticator-aws for Amazon EKS
in AWS EKS User Guide) - [Optional] kubectl (1.10 and later) for kubernetes cluster operations
Quick Start
Installation
As easy as the standard python way by using pip.
$ pip install ekscli
Optionally, after installation, command-completion can be achieved with:
$ eval "$(_EKS_COMPLETE=source eks)"
Use ECKCLI
Note: AWS fees will be charged in your account for the AWS resources created by ekscli.
ekscli
with almost everything default.kubectl
configuration file (KUBECONFIG
or $HOME/.kube/config
).$ eks create cluster --name=dev
# EKS cluster name can be set as an environment variable
$ export EKS_CLUSTER_NAME=dev
$ eks create cluster
To create the EKS cluster's control plane (master) only:
$ eks create cluster --name=dev --cp-only
To create the EKS cluster's control plane (master) with existing subnets of a VPC, a predefined IAM role, an existing EC2 KeyPair etc.:
$ eks create cluster --name=dev --cp-only \
--subnets=subnet-1234567,subnet-abcdef1 \
--cp-role eks-default-role \
--region us-west-2 \
--kubconfig ./dev.conf \
--heptio-auth /tmp/heptio-auth-aws \
--keyname dev \
--node-sg-ingress port=22,cidr=10.0.0.0/8 \
--tags Env=dev,Project=eks-poc
The simplest way to create a node group
$ eks create node-group --name=dev --node-name=workers
To create a node group with more options
$ eks create node-group --name=dev --node-name=another \
--node-role=eks-worker-s3 \
--node-subnets=subnet-1234567 \
--node-min=1 \
--node-max=10
--node-sg-ingress port=22,cidr=10.0.0.0/8 \
--node-sg-ingress protocol=tcp,from=8080,to=8088,cidr=0.0.0.0/0 \
--region us-west-2 \
--kubconfig ./dev.conf \
--heptio-auth /tmp/heptio-auth-aws \
--keyname dev \
--tags Env=dev,Project=eks-poc
To help bootstrapping kubelet agent
# on EC2 worker instances, after copying kubelet, cni, heptio-aws-authenticator executables
$ eks bootstrap -o node-labels=gpu=enable,role=node \
-o feature-gates=RotateKubeletServerCertificate=true,CRIContainerLogRotation=true
$ systemctl daemon-reload
$ systemctl enable kubelet.service
To display files created by ekscli boostrap locally rather than on EC2 instances
# on local machine
$ eks bootstrap --dry-run -n poc -r us-east-1 -m 32 -i 127.0.0.1 \
-o node-labels=gpu=enable,role=node \
-o feature-gates=RotateKubeletServerCertificate=true,CRIContainerLogRotation=true
To use ekscli boostrap as oneshot systemd unit
[Unit]
Description=Configures Kubelet for EKS worker nodes
Before=kubelet.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/ekscli bootstrap
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
Features
- Simple and concise command line interface
- Flexible configuration
- Plain vanilla EKS cluster without unrequired resources running Kubernetes clusters
- EKS resources managed by AWS CloudFormation
- Command line auto-completion supported for Bash and Zsh
- Prepare necessary configuration for kubelet with self cluster discovery and additional options on worker nodes
Roadmap
- Output cluster information to different formats: yaml, json
- Update the cluster and node groups
- Create from templatable configuration files