VERSION:1.0.6
Published 5 months ago by @cto.ai
cto.ai/
k8s

CTO Banner

K8s Op

An Op that facilitates the management of Kubernetes clusters.

The Op currently supports public clusters managed with:

This op has been built and tested only with EKS and GKE clusters; we cannot guarantee the op will work for any custom/vanilla Kubernetes cluster.

Requirements

Ops Platform

Running this op requires you to have access to the Ops Platform. Please review the documentation for detailed instructions on how to install the Ops CLI and/or Ops Slack application.

Existing K8s Cluster & AWS/GCP Credentials

❗️ Please consider running this op on a test cluster before running it on production clusters.

  • An existing public EKS or GKE Kubernetes cluster.
  • AWS or GCP credentials set up as secrets in your Ops team.

Before running the op, please set the cloud specific credentials as secrets, following the instructions below. In order for the op to automatically retrieve these secrets, please reference the details below for the exact key names you should use when storing them. If the auto-match fails, the op users will be prompted to select an option from the available list of secrets every time they run the op.

AWS

AWS_ACCOUNT_NUMBER

Please refer to this URL for instructions on how to find your AWS Account Number. Once identified, run the following command to save it as a secret in your Ops team:

ops secrets:set -k AWS_ACCOUNT_NUMBER -v <VALUE>
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

This op is built to support EKS clusters leveraging AWS IAM authenticator. To use this op, we recommend you create a dedicated machine user with programmatic access enabled. The user should be configured with the correct RBAC to list and create resources in the cluster. Ask a cluster admin to run kubectl edit configmap -n kube-system aws-auth and add the user's details under mapUsers. Additionally, the following predefined permissions policy might be required for all of the features in this op to function as expected:

  • AmazonEKSClusterPolicy

Please refer to this URL for instructions and best practices on how to generate these access keys. Once ready, run the following commands to save them as secrets in your Ops team, replacing <value> with your value:

ops secrets:set -k AWS_ACCESS_KEY_ID -v <value>
ops secrets:set -k AWS_SECRET_ACCESS_KEY -v <value>

GCP

GOOGLE_APPLICATION_CREDENTIALS

The following predefined roles are required for all of the features in this op to function as expected:

  • Compute Viewer
  • Kubernetes Engine Admin
  • Service Account User

Please refer to this URL for instructions on how to create a service account with the above mentioned permissions. Once created, you will need to create a private key for the respective service account and download it to your computer (JSON). When ready, run the following command to save the credentials as a secret in your Ops team, replacing <key_file> with the full path to your credentials JSON file:

ops secrets:set -k GOOGLE_APPLICATION_CREDENTIALS -v "$(cat <key_file> | tr -d '\n')"

Usage

CLI

ops run k8s

Slack

/ops run k8s

Features

Configure cluster

Allows the user to save the cluster configuration (kubeconfig content) under a specific name in the Op team secrets.

List resources

List pods/deployments under a specific namespace or across all namespaces.

K8s Op - List resources

Install and uninstall K8s tools that will help manage and monitor your Kubernetes cluster

K8s Op - Install K8s tools K8s Op - Uninstall K8s tools

Deploy applications to an existing cluster or update existing deployments

K8s Op - Deploy application

Create a Kubernetes resource from YAML

K8s Op - Create resources from YAML

K8s Op Walkthrough - Watch video

K8s Op Walkthrough - Watch video

Local Development

If you would like to interact with the cluster directly from your machine to debug/test things as you use the op or add additional features, you should consider the following:

[k8s-creds]
aws_access_key_id = xxxxxx
aws_secret_access_key = xxxxxx

Cloud Providers

Manager/Deployer

  • Listing resources
    • Main logic - src/utils/manager.ts
    • Pod and deployment info retrieval logic - src/utils/cluster-resources.ts
  • Installing/Uninstalling resources
    • Main logic - src/utils/manager.ts and src/utils/cluster-resources.ts
  • Deploying application
    • Main logic - src/utils/deploy.ts
    • K8s configs for deployments - src/utils/configs.ts
  • Logic shared by both parts of the application
    • Welcome message - src/utils/welcome-message.ts
    • Confirmation message - src/utils/confirm-message.ts
    • Kubeconfig set up - src/utils/kubeconfig.ts
    • Logging - src/utils/track.ts
    • Various helper functions - src/utils/helpers.ts

Contributing

See the Contributing Docs for more information.

Contributors


Carmen Chow


Ruxandra Fediuc


Vincent Tan

License

MIT