EKS Lambda Sample
This code repository aims to be a reference sample for implementing AWS Lambda function to interact with Amazon Elastic Container Services for Kubernetes (EKS) using Kubernetes API. Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS availability zones to eliminate a single point of failure. Amazon EKS is certified Kubernetes conformant so you can use existing tooling and plugins from partners and the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible and can be easily migrated to Amazon EKS.
Having a AWS Lambda function that integrates with Amazon EKS would allow event-driven triggers to manage and modify deployments and other controls within the Amazon EKS cluster.
While this is just a sample that list the pods running within the Amazon EKS cluster, you can modify the code to meet your needs.
Prequisites
This sample requires the go compiler and dep to build. Refer to this Getting Started
Guide and installing
dep for detailed instructions.
List of Samples
- listpods - Most basic example of using this utility to list pods running in an Amazon EKS cluster.
- codepipeline - Demonstration of Continuous Deployment using AWS CodePipeline to deploy an application to an Amazon EKS cluster.
- drainer - Amazon EKS node drainer with AWS Lambda that respond to Spot Termination signal from AWS CloudWatch events and perform taint-based eviction on the terminating node.
Configuring RBAC
You would also need to give the Lambda execution role permissions in Amazon EKS cluster. Refer to this User Guide for detailed instructions.
- Edit the
aws-authConfigMap of your cluster.
$ kubectl -n kube-system edit configmap/aws-auth
- Add your Lambda execution role to the config
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
- rolearn: arn:aws:iam::<AWS Account ID>:role/<your lambda execution role>
username: admin
groups:
- system:masters
For your Lambda execution role, you will need permissions to describe EKS cluster. Add the following statement to the IAM role.
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster"
],
"Resource": "*"
}
You may want to be more restrictive by specifying only the arn of your EKS cluster for resource field.
Once these are configured, you can test your function. Good luck!