Test for auto-configmap and auto-drainer through CFN
This sample walks you through building a cloudformation custom resource that allows you customize your hook in AWS Lambda.
- build your own
aws-lambda-layer-kubectl
- customize your
eks-auth-hook
lambda function custom runtime with theaws-lambda-layer-kubectl
- publish your
eks-auth-hook
lambda function as a public or private SAR Application - specify the SAR Application ARN and Version in the
test-auto-cm.yaml
git clone https://github.com/aws-samples/aws-lambda-layer-kubectl.git kubectl-layer
cd kubectl-layer
make layer-build sam-layer-package sam-layer-deploy
Response
Successfully created/updated stack - eks-kubectl-layer-stack in ap-northeast-1
# print the cloudformation stack outputs
[
{
"OutputKey": "LayerVersionArn",
"OutputValue": "arn:aws:lambda:ap-northeast-1:903779448426:layer:eks-kubectl-layer:35",
"Description": "ARN for the published Layer version",
"ExportName": "LayerVersionArn-eks-kubectl-layer-stack"
}
]
[OK] Layer version deployed.
copy the OutputValue
, which represents your aws-lambda-layer-kubectl
layer version arn.
You can customize your business logic in func.d/main.sh
. Make sure you update Makefile
before moving to the next step.
cd eksAuthUpdateHook
# update the Makefile:
# `S3BUCKET`: a temp s3 bucket for assets staging, make sure you have read/write permission
# `LAMBDA_LAYER_KUBECTL_ARN`: the kubectl arn we just built and deployed
# `LAMBDA_ROLE_ARN`: the EKS amdin role arn with `aws eks describe-clusters` privileges
#
# update func.d/main.sh to customize your business logic
$ touch README.md packaged.yaml
$ chmod 777 packaged.yaml
$ make sam-package sam-publish
click the returned URL and copy the ARN of the SAR Applicaiton
e.g. arn:aws:serverlessrepo:ap-northeast-1:903779448426:applications/eks-auth-update-hook-demo
copy the version number (e.g. 1.0.0
)
As our custom SAR App is ready, we can pass the SAR ApplicatonId and SementicVersion as EksAuthUpdateApplicationId
and EksAuthUpdateApplicationSemanticVersion
in the test-auto-cm.yaml
. Behind the scene, the test-auto-cm.yaml
will pass parameters to the EksAuthUpdateHook SAR App, which passwd to the lambda function and you can customize your business logic with shell script(main.sh
) in the lambda function.