Service Artem is running…

An example of how you can create entities in Kubernetes using AWS Lambda.

The function will be in Python3, so we will use Kubernetes Python Client

More usage examples can be found here.

Since AWS Lambda does not support this package, we will pack the “kubernetes” and “boto3” modules in our function.

“boto3” is needed to access AWS SSM, where kubeconfig will be stored

 

Preparation

Create a directory for the lambda and go to it:

mkdir lambda
cd lambda

 

Next you will need “virtualenv“, if it is not there, you can install it using “pip3“:

pip3 install virtualenv

 

Create a virtual environment and activate it:

python3 -m virtualenv .
source bin/activate

 

And install the necessary modules:

pip3 install kubernetes
pip3 install boto3

 

Next, we only need the contents of this directory:

$VIRTUAL_ENV/lib/python3.7/site-packages

 

“python3.7” – replace with your version of Python

 

It will be more convenient to look at the environment path and copy the contents to a separately created directory, no longer in a virtual environment:

echo $VIRTUAL_ENV/lib/python3.7/site-packages
/private/tmp/lambda/lib/python3.7/site-packages

 

Let’s create a directory for lambda, which we will already directly download and copy our modules:

mkdir ~/lambda_upload
cp -R /private/tmp/lambda/lib/python3.7/site-packages/. ~/lambda_upload/

 

SSM Parameter Store

In the AWS console, go to “Systems Manager” -> “Parameter Store”

 

And create a parameter with the type “SecureString” and copy the contents of the “kubeconfig” file as the value. If this is an EKS, first create a service account so that it does not require AWS authorization, as in the example below:

Kubeconfig with AWS authorization:

...
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - --region
      - eu-central-1
      - eks
      - get-token
      - --cluster-name
      - artem-services-stage-eks
      command: aws

 

Function

Now in the directory “~/lambda_upload” create a file called “lambda_function.py” and paste the following text into it:

lambda_function.py:

import os
import time
import random
import string
import boto3

from kubernetes import config
from kubernetes.client import Configuration
from kubernetes.client.api import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream

# Get Kubeconfig from SSM
def get_kube_config():
    awsRegion = os.environ['AWS_REGION']
    ssmParameter = os.environ['SSM']

    ssm = boto3.client('ssm', region_name=awsRegion)
    parameter = ssm.get_parameter(Name=ssmParameter, WithDecryption=True)

    kubeconfig = open( '/tmp/kubeconfig.yaml', 'w' )
    kubeconfig.write(parameter['Parameter']['Value'])
    kubeconfig.close()

# Generate random string for unique name of Pod
def randomString(stringLength=8):
    letters = string.ascii_lowercase + string.digits
    return ''.join(random.choice(letters) for i in range(stringLength))

def exec_commands(api_instance):
    name = "busybox-" + randomString()
    namespace = "default"
    resp = None

    print("Creating pod...")

    pod_manifest = {
        'apiVersion': 'v1',
        'kind': 'Pod',
        'metadata': {
            'name': name
        },
        'spec': {
            'containers': [{
                'image': 'busybox',
                'name': 'busybox',
                "args": [
                    "/bin/sh",
                    "-c",
                    "while true;do date;sleep 5; done"
                ]
            }]
        }
    }
    resp = api_instance.create_namespaced_pod(body=pod_manifest, namespace=namespace)

    while True:
        resp = api_instance.read_namespaced_pod(name=name, namespace=namespace)
        if resp.status.phase == 'Pending' or resp.status.phase == 'Running':
            print("Done. Pod " + name + " was created.")
            break
        time.sleep(1)

def main(event, context):
    get_kube_config()

    config.load_kube_config(config_file="/tmp/kubeconfig.yaml")
    c = Configuration()
    c.assert_hostname = False
    Configuration.set_default(c)
    core_v1 = core_v1_api.CoreV1Api()

    exec_commands(core_v1)


if __name__ == '__main__':
    main()

 

Now all the contents of the directory can be packed into a “zip” archive and loaded into the Lambda function.

In a variable environment, create 2 variables in which indicate your AWS Region and the name of the SSM Parameter Store that you created earlier.

 

Lambda functions require read permissions from SSM, so attach the following policy to the role that Lambda uses:

arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess

 

After starting the function, it will create a pod named “busybox-” + the generated string of 8 characters. There is no pod status check, since this script is planned to be used for EKS Fargate, so as not to wait 1-2 minutes until the Fargate instance will running, so in any of the conditions, “Pending” or “Running“, we consider that the pod was successful created.