Update eks version (#87)

* Fix: Increase start timeout to 60s for controlplane components in circleCI

* Revert "Fix: Increase start timeout to 60s for controlplane components in circleCI"

This reverts commit 8f58a54.

* Add Support for Updating Nodegroup Versions

* Update AMI Parameter name to reflect the aws eks sample yaml

* Use AWS SSM instead of Hardcoding AMI ID

* HouseKeeping for the nodegroup Controller

* update ControlPlane Versions

* Dont silently hide status update errors

* moved to SSM removing hardcoded AMI's

* Minor review comments - #87

* Set default Version back to 1.12

* Update Child account Sample role to include SSM permissions

Author: Magizhchi

config/setup/aws-eks-cluster-controller-management-role.yaml

@@ -34,7 +34,10 @@ Resources:
                     "iam:*",
                     "cloudformation:*",
                     "eks:*",
-                    "sts:*"
+                    "sts:*",
+                    "ssm:GetParametersByPath",
+                    "ssm:GetParameters",
+                    "ssm:GetParameter"
                   ],
                   "Resource": "*"
                 }

pkg/apis/cluster/v1alpha1/versions.go

@@ -4,6 +4,8 @@ package v1alpha1
 var SupportedVersions = []string{
 	"1.11",
 	"1.12",
+	"1.13",
+	"1.14",
 }
 
 // DefaultVersion is the version that is used if none is supplied

pkg/controller/controlplane/cfn_template.go

@@ -5,6 +5,12 @@ var controlplaneCFNTemplate = `
 AWSTemplateFormatVersion: '2010-09-09'
 Description: 'Amazon EKS Networking + Control Plane [managed by aws-eks-cluster-controller]'
 
+Parameters:
+  EKSVersion:
+    Type: String
+    Description: EKS Version this control plane should run on
+    Default: {{ .Version }}
+
 Resources:
   VPC:
     Type: AWS::EC2::VPC
@@ -147,7 +153,7 @@ Resources:
           - !Ref 'Subnet03'
       RoleArn:
         !GetAtt ServiceRole.Arn
-      Version: '{{.Version}}'
+      Version: !Ref EKSVersion
 Outputs:
 
   SubnetIds:

pkg/controller/controlplane/controlplane_controller.go

@@ -28,6 +28,7 @@ import (
 var (
 	StatusCreateComplete = "Complete"
 	StatusCreating       = "Creating"
+	StatusUpdating       = "Updating"
 	StatusFailed         = "Failed"
 	StatusError          = "Error"
 )
@@ -198,6 +199,8 @@ func (r *ReconcileControlPlane) Reconcile(request reconcile.Request) (reconcile.
 		return reconcile.Result{}, nil
 	}
 
+	crdParameters := parseCFNParametersFromCRD(instance)
+
 	if err != nil && awsHelper.IsStackDoesNotExist(err) {
 		logger.Info("creating stack")
 
@@ -220,6 +223,26 @@ func (r *ReconcileControlPlane) Reconcile(request reconcile.Request) (reconcile.
 		return reconcile.Result{}, err
 	}
 
+	cfnParameters, err := getCFNParametersFromCFNStack(cfnSvc, stackName)
+	if err != nil {
+		r.fail(instance, "error trying to read the CFN Parameters", err, logger)
+		return reconcile.Result{}, err
+	}
+
+	if shouldUpdate(crdParameters, cfnParameters) {
+		logger.Info("Updating the control Plane")
+
+		err := r.updateControlPlaneStack(cfnSvc, stackName, instance)
+		if err != nil {
+			r.fail(instance, "error updating the controlplane cloudformation stack", err, logger)
+			return reconcile.Result{}, err
+		}
+
+		instance.Status.Status = StatusUpdating
+
+		return reconcile.Result{Requeue: true}, r.Update(context.TODO(), instance)
+	}
+
 	if awsHelper.IsPending(*stack.StackStatus) {
 		logger.Info("waiting for stack to complete", zap.String("StackStatus", *stack.StackStatus))
 		return reconcile.Result{RequeueAfter: 5 * time.Second}, nil
@@ -282,3 +305,77 @@ func (r *ReconcileControlPlane) createControlPlaneStack(cfnSvc cloudformationifa
 	return err
 
 }
+
+func (r *ReconcileControlPlane) updateControlPlaneStack(cfnSvc cloudformationiface.CloudFormationAPI, stackName string, instance *clusterv1alpha1.ControlPlane) error {
+	network, err := instance.GetNetwork()
+	if err != nil {
+		return err
+	}
+
+	body, err := awsHelper.GetCFNTemplateBody(controlplaneCFNTemplate, controlPlaneTemplateInput{
+		ClusterName: instance.Spec.ClusterName,
+		Version:     instance.GetVersion(),
+		Network:     network,
+	})
+	if err != nil {
+		return err
+	}
+
+	_, err = cfnSvc.UpdateStack(&cloudformation.UpdateStackInput{
+		TemplateBody: aws.String(body),
+		StackName:    aws.String(stackName),
+		Capabilities: []*string{aws.String("CAPABILITY_IAM")},
+		Tags: []*cloudformation.Tag{
+			{
+				Key:   aws.String("ClusterName"),
+				Value: aws.String(instance.Spec.ClusterName),
+			},
+		},
+	})
+	return err
+
+}
+
+func parseCFNParametersFromCRD(cp *clusterv1alpha1.ControlPlane) []*cloudformation.Parameter {
+	var params []*cloudformation.Parameter
+
+	if cp.Spec.Version != nil {
+		params = append(params, &cloudformation.Parameter{
+			ParameterKey:   aws.String("EKSVersion"),
+			ParameterValue: aws.String(cp.GetVersion()),
+		})
+	}
+
+	return params
+}
+
+func getCFNParametersFromCFNStack(cfnSvc cloudformationiface.CloudFormationAPI, stackName string) ([]*cloudformation.Parameter, error) {
+
+	output, err := cfnSvc.DescribeStacks(&cloudformation.DescribeStacksInput{
+		StackName: aws.String(stackName),
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(output.Stacks) != 1 {
+		return nil, fmt.Errorf("Error while describing the stacks, got %d stacks for the name : %s", len(output.Stacks), stackName)
+	}
+
+	return output.Stacks[0].Parameters, nil
+}
+
+func shouldUpdate(crdParams []*cloudformation.Parameter, cfnParams []*cloudformation.Parameter) bool {
+	cfnParamMap := make(map[string]string)
+	for _, param := range cfnParams {
+		cfnParamMap[*param.ParameterKey] = *param.ParameterValue
+	}
+
+	for _, param := range crdParams {
+		if cfnParamMap[*param.ParameterKey] != *param.ParameterValue {
+			return true
+		}
+	}
+	return false
+}

pkg/controller/nodegroup/ami.go

@@ -99,6 +99,11 @@ Parameters:
     Type: String
     Default: {{ .NodeInstanceName }}
 
+  NodeImageIdSSMParam:
+    Type: "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>"
+    Default: {{ .NodeImageIdSSMParam }}
+    Description: AWS Systems Manager Parameter Store parameter of the AMI ID for the worker node instances.
+
 Resources:
 
   NodeInstanceProfile:
@@ -237,7 +242,7 @@ Resources:
     Properties:
       AssociatePublicIpAddress: 'true'
       IamInstanceProfile: !Ref NodeInstanceProfile
-      ImageId: {{ .AMI }}
+      ImageId: !Ref NodeImageIdSSMParam
       InstanceType: !Ref NodeInstanceType
       # KeyName: !Ref KeyName
       SecurityGroups:

pkg/controller/nodegroup/ami_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strconv"
+	"strings"
 	"time"
 
 	clusterv1alpha1 "github.com/awslabs/aws-eks-cluster-controller/pkg/apis/cluster/v1alpha1"
@@ -198,7 +199,7 @@ func (r *ReconcileNodeGroup) Reconcile(request reconcile.Request) (reconcile.Res
 		}
 	}
 
-	crdParameters := parseCFNParameterFromCRD(instance.Spec)
+	crdParameters := parseCFNParametersFromCRD(instance)
 
 	stack, err := awsHelper.DescribeStack(cfnSvc, stackName)
 	if err != nil && awsHelper.IsStackDoesNotExist(err) {
@@ -237,11 +238,8 @@ func (r *ReconcileNodeGroup) Reconcile(request reconcile.Request) (reconcile.Res
 			return reconcile.Result{}, err
 		}
 		instance.Status.Status = StatusUpdating
-		err = r.Update(context.TODO(), instance)
-		if err != nil {
-			return reconcile.Result{}, err
-		}
-		return reconcile.Result{Requeue: true}, nil
+
+		return reconcile.Result{Requeue: true}, r.Update(context.TODO(), instance)
 	}
 
 	logger.Info("Found Stack", zap.String("StackStatus", *stack.StackStatus))
@@ -276,7 +274,7 @@ func (r *ReconcileNodeGroup) fail(instance *clusterv1alpha1.NodeGroup, msg strin
 type nodeGroupTemplateInput struct {
 	ClusterName           string
 	ControlPlaneStackName string
-	AMI                   string
+	NodeImageIdSSMParam   string
 	NodeInstanceName      string
 	IAMPolicies           []clusterv1alpha1.Policy
 }
@@ -286,7 +284,7 @@ func (r *ReconcileNodeGroup) createNodeGroupStack(cfnSvc cloudformationiface.Clo
 	templateBody, err := awsHelper.GetCFNTemplateBody(nodeGroupCFNTemplate, nodeGroupTemplateInput{
 		ClusterName:           eks.Spec.ControlPlane.ClusterName,
 		ControlPlaneStackName: eks.GetControlPlaneStackName(),
-		AMI:                   GetAMI(nodegroup.GetVersion(), eks.Spec.Region),
+		NodeImageIdSSMParam:   getSSMParamKey(nodegroup.GetVersion()),
 		NodeInstanceName:      nodegroup.Name,
 		IAMPolicies:           nodegroup.Spec.IAMPolicies,
 	})
@@ -316,7 +314,7 @@ func (r *ReconcileNodeGroup) updateNodeGroupStack(cfnSvc cloudformationiface.Clo
 	templateBody, err := awsHelper.GetCFNTemplateBody(nodeGroupCFNTemplate, nodeGroupTemplateInput{
 		ClusterName:           eks.Spec.ControlPlane.ClusterName,
 		ControlPlaneStackName: eks.GetControlPlaneStackName(),
-		AMI:                   GetAMI(nodegroup.GetVersion(), eks.Spec.Region),
+		NodeImageIdSSMParam:   getSSMParamKey(nodegroup.GetVersion()),
 		NodeInstanceName:      nodegroup.Name,
 		IAMPolicies:           nodegroup.Spec.IAMPolicies,
 	})
@@ -341,31 +339,37 @@ func (r *ReconcileNodeGroup) updateNodeGroupStack(cfnSvc cloudformationiface.Clo
 	return err
 }
 
-func parseCFNParameterFromCRD(ngSpec clusterv1alpha1.NodeGroupSpec) []*cloudformation.Parameter {
-	if ngSpec.Instance == nil {
-		return nil
-	}
+func parseCFNParametersFromCRD(ng *clusterv1alpha1.NodeGroup) []*cloudformation.Parameter {
 
 	var parameter []*cloudformation.Parameter
 
-	if ngSpec.Instance.InstanceType != nil {
-		parameter = append(parameter, &cloudformation.Parameter{
-			ParameterKey:   aws.String("NodeInstanceType"),
-			ParameterValue: ngSpec.Instance.InstanceType,
-		})
-	}
+	if ng.Spec.Instance != nil {
+		if ng.Spec.Instance.InstanceType != nil {
+			parameter = append(parameter, &cloudformation.Parameter{
+				ParameterKey:   aws.String("NodeInstanceType"),
+				ParameterValue: ng.Spec.Instance.InstanceType,
+			})
+		}
 
-	if ngSpec.Instance.MaxInstanceCount != nil {
-		parameter = append(parameter, &cloudformation.Parameter{
-			ParameterKey:   aws.String("NodeAutoScalingGroupMaxSize"),
-			ParameterValue: aws.String(strconv.Itoa(*ngSpec.Instance.MaxInstanceCount)),
-		})
+		if ng.Spec.Instance.MaxInstanceCount != nil {
+			parameter = append(parameter, &cloudformation.Parameter{
+				ParameterKey:   aws.String("NodeAutoScalingGroupMaxSize"),
+				ParameterValue: aws.String(strconv.Itoa(*ng.Spec.Instance.MaxInstanceCount)),
+			})
+		}
+
+		if ng.Spec.Instance.EBSVolumeSize != nil {
+			parameter = append(parameter, &cloudformation.Parameter{
+				ParameterKey:   aws.String("NodeVolumeSize"),
+				ParameterValue: aws.String(strconv.Itoa(*ng.Spec.Instance.EBSVolumeSize)),
+			})
+		}
 	}
 
-	if ngSpec.Instance.EBSVolumeSize != nil {
+	if ng.Spec.Version != nil {
 		parameter = append(parameter, &cloudformation.Parameter{
-			ParameterKey:   aws.String("NodeVolumeSize"),
-			ParameterValue: aws.String(strconv.Itoa(*ngSpec.Instance.EBSVolumeSize)),
+			ParameterKey:   aws.String("NodeImageIdSSMParam"),
+			ParameterValue: aws.String(getSSMParamKey(ng.GetVersion())),
 		})
 	}
 
@@ -402,3 +406,9 @@ func shouldUpdate(crdParams []*cloudformation.Parameter, cfnParams []*cloudforma
 	}
 	return false
 }
+
+func getSSMParamKey(version string) string {
+	eksOptimizedAMIKey := "/aws/service/eks/optimized-ami/<EKS_VERSION>/amazon-linux-2/recommended/image_id"
+
+	return strings.Replace(eksOptimizedAMIKey, "<EKS_VERSION>", version, -1)
+}