taloscdk

package module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2021 License: MIT Imports: 10 Imported by: 0

README

taloscdk

AWS CDK constructs in Go for deploying Talos-based Kubernetes clusters.

For more examples on utilizing the constructs, check out the /examples directory.

Goal

The goal of this construct library is to simplify the deployment of Kubernetes clusters running Talos, and supporting the needed policies to successfully run the aws-controller-manager for creating AWS loadbalancers via Kubernetes manifests.

Using the Constructs

To use the constructs in your own stacks, run:

go get github.com/steveyackey/taloscdk

Requirements

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadConfig 

func LoadConfig(fileName string) (*string, error)

LoadAndTransformMachineConfig takes a Talos cluster config file and replaces the endpoint with the correct hostname or IP based on what CDK generates. To get started, you can try running `talosctl gen config talos https://talos.cluster:6443` and use the controlplane.yaml as the filename

func NewControlPlaneIAMPolicyDocument 

func NewControlPlaneIAMPolicyDocument(scope constructs.Construct, id *string) awsiam.PolicyDocument

func NewControlPlaneIAMRole 

func NewControlPlaneIAMRole(scope constructs.Construct, id *string) awsiam.Role

NewControlPlaneIAMRole returns a new awsiam.Role with minimum permissions to utilize the aws-controller-manager for creating ELBs from your cluster. Returns a role with an inline policy created via taloscdk.NewControlPlaneIAMPolicyDocument()

func NewSecurityGroup 

func NewSecurityGroup(scope constructs.Construct, id *string, props *SecurityGroupProps) awsec2.SecurityGroup

NewSecurityGroup returns a security group that enables ingress to 6443, 50000, 50001, as well as all internal traffic within the security group. Requires a Vpc in the *SecurityGroupProps

func NewWorkerASG 

func NewWorkerASG(scope constructs.Construct, id *string, props *WorkerASGProps) awsautoscaling.AutoScalingGroup

func NewWorkerIAMPolicyDocument 

func NewWorkerIAMPolicyDocument(scope constructs.Construct, id *string) awsiam.PolicyDocument

func NewWorkerIAMRole 

func NewWorkerIAMRole(scope constructs.Construct, id *string) awsiam.Role

NewWorkerIAMRole returns a new awsiam.Role with minimum permissions to utilize the aws-controller-manager for creating ELBs from your cluster. Returns a role with an inline policy created via taloscdk.NewWorkerIAMPolicyDocument()

func TagSubnets 

func TagSubnets(vpc awsec2.IVpc)

TagSubnets is used to tag all subnets within a vpc with the appropriate ELB role. It is used to determine which subnets in a VPC can be used within an ELB. Ref: https://github.com/aws/aws-cdk/blob/6f2384ddc180e944c9564a543351b8df2f75c1a7/packages/%40aws-cdk/aws-eks/lib/cluster.ts#L1499-L1513

func TransformConfig 

func TransformConfig(config *string, initialEndpoint string, replacementEndpoint string) *string

TransformConfig replaces an initialEndpoint with a replacementEndpoint

Types

type ControlPlane 

type ControlPlane struct {
	constructs.Construct
	SecurityGroup awsec2.SecurityGroup
	Vpc           awsec2.IVpc
	ASG           awsautoscaling.AutoScalingGroup
	NLB           awselbv2.NetworkLoadBalancer
	IAMRole       awsiam.Role
}

func NewControlPlane 

func NewControlPlane(scope constructs.Construct, id *string, props *ControlPlaneProps) ControlPlane

NewControlPlane creates a new NLB and control plane backed by an autoscaling group

type ControlPlaneProps 

type ControlPlaneProps struct {
	// ClusterName is used for tagging all resources with kubernetes.io/cluster/<name>=owned
	// Default: talos
	ClusterName *string

	// MachineImageName is used for searching AMI by name and supports * wildcard.
	// Be sure to select an arch that matches your instance type.
	// It's typically easiest to use a wildcard for the region so that it works cross-region.
	// Format: talos-<Version>-<AWSRegion>-<arch>
	// Default: talos-v0.11.2-*-amd64
	MachineImageName *string

	// MachineImageAMI is used to get the image from an AMI.
	// Talos AMIs can be found in the docs: https://www.talos.dev/docs/v0.11/cloud-platforms/aws/ (sub v0.11 for current version)
	// Example: {"us-east-1": jsii.String("ami-0fdb2f5cb915076a3")}  (us-east-1 amd64 v0.11 image)
	// Defaults to using MachineImageName
	MachineImageAMI *map[string]*string

	// TalosNodeConfig is a *string of the controlplane.yaml or join.yaml you've generated with
	// `talosctl gen config <clusterName> <endpoint>`
	// To load a node config use taloscdk.LoadConfig("<yourConfig>")
	//
	// Example:
	// config, err := taloscdk.LoadConfig("cluster-config/controlplane.yaml")
	// if err != nil {
	// 	panic("Could not load talos config")
	// }
	// TalosNodeConfig is required
	TalosNodeConfig *string

	// TransformConfig sets whether or not to change the endpoint in our TalosNodeConfig to
	// the OverwriteValue
	// Default: jsii.Bool(true)
	TransformConfig *bool

	// EndpointToOverwrite  is the <endpoint> you used when running `talosctl gen config <clusterName> https://<endpoint>:6443`
	// This will overwrite the <endpoint> in your config, while keeping https:// and the port (:6443).
	// For example: in https://talos.cluster:6443, if you overwrite "talos.cluster", it would become https://YourOverwriteValue:6443
	// By default, the OverwriteValue does not include protocl or port.
	EndpointToOverwrite *string

	// OverwriteValue to replace EndpointToOverwrite
	// Default: NLB DNS name.
	OverwriteValue *string

	// InstanceType is used to determine the size/arch of the instance.
	// Default: t3.small (amd64). Meets min specs: https://www.talos.dev/docs/v0.11/introduction/system-requirements/
	InstanceType awsec2.InstanceType

	// SecurityGroup for the instance.
	// To create a security group to use with multiple images, you can use:
	// taloscdk.NewSecutiyGroup()
	// Default: Generates a new security group, opening ports: 6443, 50000, 50001 to the any peer
	SecurityGroup awsec2.SecurityGroup

	// Vpc selects the AWS VPC to deploy your instance into.
	// Default for NewSingleNode(): Default VPC
	Vpc awsec2.IVpc

	// Subnets to allow the instance to be deployed into
	// Default: &awsec2.SubnetSelection{SubnetType: awsec2.SubnetType_PUBLIC}
	SubnetSelection *awsec2.SubnetSelection

	// MinInstances to use with the autoscaling group
	// Default: jsii.Number(1)
	MinInstances *float64

	// MaxInstances to use with the autoscaling group
	// Default: jsii.Number(1)
	MaxInstances *float64

	// IAMRole used when launching the instance.
	// If planning to create AWS load balancers, it's best to use
	// taloscdk.NewControlPlaneIAMRole() or taloscdk.NewWorkerIAMRole()
	// Default: NewControlPlaneIAMRole()
	IAMRole awsiam.Role

	// DesiredCapacity of the autoscaling group
	// Best practice: leave it nil. If you set a value, it will always reset the number of
	// nodes to this number each time you run `cdk deploy`
	// Default: nil
	DesiredCapacity *float64 // leave nil if using any autoscaling features, otherwise it will be replaced each `cdk deploy`

	// InternetFacingNLB determines whether or not the control plane NLB should be
	// created in public subnets (or left in the private subnets)
	// Default: jsii.Bool(true)
	InternetFacingNLB *bool
}

type SecurityGroupProps 

type SecurityGroupProps struct {
	// Required.
	Vpc awsec2.IVpc

	// AllowTrafficFrom is the peer to allow ingress to the Kubernetes and Talos APIs.
	// Default: awsec2.Peer_AnyIpv4
	AllowTrafficFrom awsec2.IPeer
}

type SingleNode 

type SingleNode struct {
	constructs.Construct
	// SecurityGroup used or created by NewSingleNode()
	SecurityGroup awsec2.SecurityGroup

	// VPC of the node
	Vpc awsec2.IVpc

	// EIP (if allocated/assigned)
	EIP awsec2.CfnEIP
}

func NewSingleNode 

func NewSingleNode(scope constructs.Construct, id *string, props *SingleNodeProps) SingleNode

NewSingleNode creates a new EC2 instance that runs Talos. Required SingleNodeProps: 

TalosNodeConfig, EndpointToOverwrite (if TransformConfig==true)

func (*SingleNode) GetEIPAddress 

func (s *SingleNode) GetEIPAddress() *string

type SingleNodeProps 

type SingleNodeProps struct {
	// ClusterName is used for tagging all resources with kubernetes.io/cluster/<name>=owned
	// Default: talos
	ClusterName *string

	// NodeName is used for naming your EC2 instances
	// Default: jsii.String("talos")
	NodeName *string

	// MachineImageName is used for searching AMI by name and supports * wildcard.
	// Be sure to select an arch that matches your instance type.
	// It's typically easiest to use a wildcard for the region so that it works cross-region.
	// Format: talos-<Version>-<AWSRegion>-<arch>
	// Default: talos-v0.11.2-*-amd64
	MachineImageName *string

	// MachineImageAMI is used to get the image from an AMI.
	// Talos AMIs can be found in the docs: https://www.talos.dev/docs/v0.11/cloud-platforms/aws/ (sub v0.11 for current version)
	// Example: {"us-east-1": jsii.String("ami-0fdb2f5cb915076a3")}  (us-east-1 amd64 v0.11 image)
	// Defaults to using MachineImageName
	MachineImageAMI *map[string]*string

	// TalosNodeConfig is a *string of the controlplane.yaml or join.yaml you've generated with
	// `talosctl gen config <clusterName> <endpoint>`
	// To load a node config use taloscdk.LoadConfig("<yourConfig>")
	//
	// Example:
	// config, err := taloscdk.LoadConfig("cluster-config/controlplane.yaml")
	// if err != nil {
	// 	panic("Could not load talos config")
	// }
	// TalosNodeConfig is required
	TalosNodeConfig *string

	// TransformConfig sets whether or not to change the endpoint in our TalosNodeConfig to
	// the OverwriteValue
	// Default: jsii.Bool(true)
	TransformConfig *bool

	// EndpointToOverwrite  is the <endpoint> you used when running `talosctl gen config <clusterName> https://<endpoint>:6443`
	// This will overwrite the <endpoint> in your config, while keeping https:// and the port (:6443).
	// For example: in https://talos.cluster:6443, if you overwrite "talos.cluster", it would become https://YourOverwriteValue:6443
	// By default, the OverwriteValue does not include protocl or port.
	EndpointToOverwrite *string

	// OverwriteValue to replace EndpointToOverwrite
	// Default: EIP. Can use GetEIPAddress() to get from another node.
	OverwriteValue *string

	// InstanceType is used to determine the size/arch of the instance.
	// Default: t3.small (amd64). Meets min specs: https://www.talos.dev/docs/v0.11/introduction/system-requirements/
	InstanceType awsec2.InstanceType

	// SecurityGroup for the instance.
	// To create a security group to use with multiple images, you can use:
	// taloscdk.NewSecutiyGroup()
	// Default: Generates a new security group, opening ports: 6443, 50000, 50001 to the any peer
	SecurityGroup awsec2.SecurityGroup

	// Vpc selects the AWS VPC to deploy your instance into.
	// Default for NewSingleNode(): Default VPC
	Vpc awsec2.IVpc

	// Subnets to allow the instance to be deployed into
	// Default: &awsec2.SubnetSelection{SubnetType: awsec2.SubnetType_PUBLIC}
	SubnetSelection *awsec2.SubnetSelection

	// CreateEIP enables an ElasticIP to be created and allocated to your instance.
	// This is generally used as the cluster endpoint in a single node cluster.
	// Default: jsii.Bool("true")
	CreateEIP *bool

	// IAMRole used when launching the instance.
	// If planning to create AWS load balancers, it's best to use
	// taloscdk.NewControlPlaneIAMRole() or taloscdk.NewWorkerIAMRole()
	// Default: NewControlPlaneIAMRole()
	IAMRole awsiam.Role
}

type WorkerASGProps 

type WorkerASGProps struct {
	// ClusterName is used for tagging all resources with kubernetes.io/cluster/<name>=owned
	// Default: talos
	ClusterName *string

	// MachineImageName is used for searching AMI by name and supports * wildcard.
	// Be sure to select an arch that matches your instance type.
	// It's typically easiest to use a wildcard for the region so that it works cross-region.
	// Format: talos-<Version>-<AWSRegion>-<arch>
	// Default: talos-v0.11.2-*-amd64
	MachineImageName *string

	// MachineImageAMI is used to get the image from an AMI.
	// Talos AMIs can be found in the docs: https://www.talos.dev/docs/v0.11/cloud-platforms/aws/ (sub v0.11 for current version)
	// Example: {"us-east-1": jsii.String("ami-0fdb2f5cb915076a3")}  (us-east-1 amd64 v0.11 image)
	// Defaults to using MachineImageName
	MachineImageAMI *map[string]*string

	// TalosNodeConfig is a *string of the controlplane.yaml or join.yaml you've generated with
	// `talosctl gen config <clusterName> <endpoint>`
	// To load a node config use taloscdk.LoadConfig("<yourConfig>")
	//
	// Example:
	// config, err := taloscdk.LoadConfig("cluster-config/controlplane.yaml")
	// if err != nil {
	// 	panic("Could not load talos config")
	// }
	// TalosNodeConfig is required
	TalosNodeConfig *string

	// TransformConfig sets whether or not to change the endpoint in our TalosNodeConfig to
	// the OverwriteValue
	// Default: jsii.Bool(true)
	TransformConfig *bool

	// EndpointToOverwrite  is the <endpoint> you used when running `talosctl gen config <clusterName> https://<endpoint>:6443`
	// This will overwrite the <endpoint> in your config, while keeping https:// and the port (:6443).
	// For example: in https://talos.cluster:6443, if you overwrite "talos.cluster", it would become https://YourOverwriteValue:6443
	// By default, the OverwriteValue does not include protocl or port.
	EndpointToOverwrite *string

	// OverwriteValue to replace EndpointToOverwrite
	// Default: NLB DNS name.
	OverwriteValue *string

	// InstanceType is used to determine the size/arch of the instance.
	// Default: t3.small (amd64). Meets min specs: https://www.talos.dev/docs/v0.11/introduction/system-requirements/
	InstanceType awsec2.InstanceType

	// SecurityGroup for the instance.
	// To create a security group to use with multiple images, you can use:
	// taloscdk.NewSecutiyGroup()
	// Default: Generates a new security group, opening ports: 6443, 50000, 50001 to the any peer
	SecurityGroup awsec2.SecurityGroup

	// Vpc selects the AWS VPC to deploy your instance into.
	// Vpc is required and stack will panic if not given.
	// awsec2.NewVpc(), awsec2.Vpc_FromLookup() will return a usable VPC
	Vpc awsec2.IVpc

	// Subnets to allow the instance to be deployed into
	// Default: &awsec2.SubnetSelection{SubnetType: awsec2.SubnetType_PUBLIC}
	SubnetSelection *awsec2.SubnetSelection

	// MinInstances to use with the autoscaling group
	// Default: jsii.Number(1)
	MinInstances *float64

	// MaxInstances to use with the autoscaling group
	// Default: jsii.Number(1)
	MaxInstances *float64

	// IAMRole used when launching the instance.
	// If planning to create AWS load balancers, it's best to use
	// taloscdk.NewControlPlaneIAMRole() or taloscdk.NewWorkerIAMRole()
	// Default: NewWorkerIAMRole()
	IAMRole awsiam.Role

	// DesiredCapacity of the autoscaling group
	// Best practice: leave it nil. If you set a value, it will always reset the number of
	// nodes to this number each time you run `cdk deploy`
	// Default: nil
	DesiredCapacity *float64 // leave nil if using any autoscaling features, otherwise it will be replaced each `cdk deploy`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.