![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/11\/AWS-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
An example of how you can create entities in Kubernetes<\/strong> using AWS Lambda<\/strong>.<\/p>\n The function will be in Python3<\/strong>, so we will use Kubernetes Python Client<\/a><\/p>\n More usage examples can be found here<\/a>.<\/p>\n Since AWS Lambda<\/strong> does not support this package, we will pack the "kubernetes<\/strong>" and "boto3<\/strong>" modules in our function.<\/p>\n "boto3" <\/strong>is needed to access AWS SSM<\/strong>, where kubeconfig<\/strong> will be stored<\/p><\/blockquote>\n <\/p>\n Create a directory for the lambda and go to it:<\/p>\n <\/p>\n Next you will need "virtualenv<\/strong>", if it is not there, you can install it using "pip3<\/strong>":<\/p>\n <\/p>\n Create a virtual environment and activate it:<\/p>\n <\/p>\n And install the necessary modules:<\/p>\n <\/p>\n Next, we only need the contents of this directory:<\/p>\n <\/p>\n "python3.7<\/strong>" — replace with your version of Python<\/p><\/blockquote>\n <\/p>\n It will be more convenient to look at the environment path and copy the contents to a separately created directory, no longer in a virtual environment:<\/p>\n <\/p>\n Let’s create a directory for lambda, which we will already directly download and copy our modules:<\/p>\n <\/p>\n In the AWS<\/strong> console, go to "Systems Manager<\/strong>" -> "Parameter Store<\/strong>"<\/p>\n <\/p>\n And create a parameter with the type "SecureString<\/strong>" and copy the contents of the "kubeconfig<\/strong>" file as the value. If this is an EKS<\/strong>, first create a service account so that it does not require AWS<\/strong> authorization, as in the example below:<\/span><\/p>\n Kubeconfig<\/strong> with AWS<\/strong> authorization:<\/p>\n <\/p>\n Now in the directory "~\/lambda_upload<\/strong>" create a file called "lambda_function.py<\/strong>" and paste the following text into it:<\/p>\n <\/p>\n Now all the contents of the directory can be packed into a "zip<\/strong>" archive and loaded into the Lambda<\/strong> function.<\/p>\n In a variable environment, create 2 variables in which indicate your AWS Region<\/strong> and the name of the SSM Parameter Store<\/strong> that you created earlier.<\/p>\n <\/p>\n Lambda<\/strong> functions require read permissions from SSM<\/strong>, so attach the following policy to the role that Lambda<\/strong> uses:<\/p>\n <\/p>\n After starting the function, it will create a pod named "busybox-<\/strong>" + the generated string of 8 characters. There is no pod<\/strong> status check, since this script is planned to be used for EKS Fargate<\/strong>, so as not to wait 1-2 minutes until the Fargate<\/strong> instance will running, so in any of the conditions, "Pending<\/strong>" or "Running<\/strong>", we consider that the pod was successful created.<\/p>\n","protected":false},"excerpt":{"rendered":" An example of how you can create entities in Kubernetes using AWS Lambda. The function will be in Python3, so we will use Kubernetes Python Client More usage examples can be found here. Since AWS Lambda does not support this package, we will pack the "kubernetes" and "boto3" modules in our function. "boto3" is needed … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "AWS — Lambda: kubectl"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[599,559],"tags":[543,1439,1093,551,885,1527,1529],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1963"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1963"}],"version-history":[{"count":2,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1963\/revisions"}],"predecessor-version":[{"id":1967,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1963\/revisions\/1967"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Preparation<\/h3>\n
\r\nmkdir lambda\r\ncd lambda\r\n<\/pre>\n
\r\npip3 install virtualenv\r\n<\/pre>\n
\r\npython3 -m virtualenv .\r\nsource bin\/activate\r\n<\/pre>\n
\r\npip3 install kubernetes\r\npip3 install boto3\r\n<\/pre>\n
\r\n$VIRTUAL_ENV\/lib\/python3.7\/site-packages\r\n<\/pre>\n
\r\necho $VIRTUAL_ENV\/lib\/python3.7\/site-packages\r\n\/private\/tmp\/lambda\/lib\/python3.7\/site-packages\r\n<\/pre>\n
\r\nmkdir ~\/lambda_upload\r\ncp -R \/private\/tmp\/lambda\/lib\/python3.7\/site-packages\/. ~\/lambda_upload\/\r\n<\/pre>\n
SSM Parameter Store<\/h3>\n
![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-22-at-21.27.20.png\")
<\/p>\n\r\n...\r\n user:\r\n exec:\r\n apiVersion: client.authentication.k8s.io\/v1alpha1\r\n args:\r\n - --region\r\n - eu-central-1\r\n - eks\r\n - get-token\r\n - --cluster-name\r\n - artem-services-stage-eks\r\n command: aws\r\n<\/pre>\n
Function<\/h3>\n
lambda_function.py:<\/h3>\n
\r\nimport os\r\nimport time\r\nimport random\r\nimport string\r\nimport boto3\r\n\r\nfrom kubernetes import config\r\nfrom kubernetes.client import Configuration\r\nfrom kubernetes.client.api import core_v1_api\r\nfrom kubernetes.client.rest import ApiException\r\nfrom kubernetes.stream import stream\r\n\r\n# Get Kubeconfig from SSM\r\ndef get_kube_config():\r\n awsRegion = os.environ['AWS_REGION']\r\n ssmParameter = os.environ['SSM']\r\n\r\n ssm = boto3.client('ssm', region_name=awsRegion)\r\n parameter = ssm.get_parameter(Name=ssmParameter, WithDecryption=True)\r\n\r\n kubeconfig = open( '\/tmp\/kubeconfig.yaml', 'w' )\r\n kubeconfig.write(parameter['Parameter']['Value'])\r\n kubeconfig.close()\r\n\r\n# Generate random string for unique name of Pod\r\ndef randomString(stringLength=8):\r\n letters = string.ascii_lowercase + string.digits\r\n return ''.join(random.choice(letters) for i in range(stringLength))\r\n\r\ndef exec_commands(api_instance):\r\n name = "busybox-" + randomString()\r\n namespace = "default"\r\n resp = None\r\n\r\n print("Creating pod...")\r\n\r\n pod_manifest = {\r\n 'apiVersion': 'v1',\r\n 'kind': 'Pod',\r\n 'metadata': {\r\n 'name': name\r\n },\r\n 'spec': {\r\n 'containers': [{\r\n 'image': 'busybox',\r\n 'name': 'busybox',\r\n "args": [\r\n "\/bin\/sh",\r\n "-c",\r\n "while true;do date;sleep 5; done"\r\n ]\r\n }]\r\n }\r\n }\r\n resp = api_instance.create_namespaced_pod(body=pod_manifest, namespace=namespace)\r\n\r\n while True:\r\n resp = api_instance.read_namespaced_pod(name=name, namespace=namespace)\r\n if resp.status.phase == 'Pending' or resp.status.phase == 'Running':\r\n print("Done. Pod " + name + " was created.")\r\n break\r\n time.sleep(1)\r\n\r\ndef main(event, context):\r\n get_kube_config()\r\n\r\n config.load_kube_config(config_file="\/tmp\/kubeconfig.yaml")\r\n c = Configuration()\r\n c.assert_hostname = False\r\n Configuration.set_default(c)\r\n core_v1 = core_v1_api.CoreV1Api()\r\n\r\n exec_commands(core_v1)\r\n\r\n\r\nif __name__ == '__main__':\r\n main()\r\n<\/pre>\n![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-22-at-21.42.26.png\")
<\/p>\narn:aws:iam::aws:policy\/AmazonSSMReadOnlyAccess<\/pre>\n