spacelift-worker-pool
This component provisions the WorkerPool
part of the
Kubernetes Operator for
Spacelift Worker Pools into an EKS cluster. You can
provision this component multiple times to create multiple worker pools in a single EKS cluster.
Usage
Before provisioning the eks/spacelift-worker-pool
component, the eks/spacelift-worker-pool-controller
component
must be provisioned first into an EKS cluster to enable the
Spacelift Worker Pool Kubernetes Controller. The
eks/spacelift-worker-pool-controller
component must be provisioned only once per EKS cluster.
The Spacelift worker needs to pull a Docker image from an ECR repository. It will run the Terraform commands inside the
Docker container. In the Cloud Posse reference architecture, this image is the "infra" or "infrastructure" image derived
from Geodesic. The worker service account needs permission to pull the image
from the ECR repository, and the details of where to find the image are configured in the various ecr_*
variables.
Stack Level: Regional
# stacks/catalog/eks/spacelift-worker-pool/defaults.yaml
components:
terraform:
eks/spacelift-worker-pool:
enabled: true
name: "spacelift-worker-pool"
space_name: root
# aws_config_file is the path in the Docker container to the AWS_CONFIG_FILE.
# "/etc/aws-config/aws-config-spacelift" is the usual path in the "infrastructure" image.
aws_config_file: "/etc/aws-config/aws-config-spacelift"
spacelift_api_endpoint: "https://1898andco.app.spacelift.io"
eks_component_name: "eks/cluster"
worker_pool_size: 40
kubernetes_namespace: "spacelift-worker-pool"
kubernetes_service_account_enabled: true
kubernetes_service_account_name: "spacelift-worker-pool"
keep_successful_pods: false
kubernetes_role_api_groups: [""]
kubernetes_role_resources: ["*"]
kubernetes_role_resource_names: null
kubernetes_role_verbs: ["get", "list"]
ecr_component_name: ecr
ecr_environment_name: use1
ecr_stage_name: artifacts
ecr_tenant_name: core
ecr_repo_name: infra
References
- https://docs.spacelift.io/concepts/worker-pools#kubernetes
- https://docs.spacelift.io/integrations/docker#customizing-the-runner-image
- https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs/resources/worker_pool
- https://docs.spacelift.io/concepts/worker-pools#installation
- https://github.com/spacelift-io/spacelift-helm-charts/tree/main/spacelift-workerpool-controller
- https://github.com/spacelift-io/spacelift-helm-charts/blob/main/spacelift-workerpool-controller/values.yaml
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
- https://github.com/aws/aws-cli/issues/3875
- https://github.com/boto/botocore/issues/2245
Requirements
Name | Version |
---|---|
terraform | >= 1.3.0 |
aws | >= 4.9.0 |
helm | >= 2.0 |
kubernetes | >= 2.18.1, != 2.21.0 |
spacelift | >= 0.1.2 |
Providers
Name | Version |
---|---|
aws | >= 4.9.0 |
kubernetes | >= 2.18.1, != 2.21.0 |
spacelift | >= 0.1.2 |
Modules
Name | Source | Version |
---|---|---|
account_map | cloudposse/stack-config/yaml//modules/remote-state | 1.8.0 |
ecr | cloudposse/stack-config/yaml//modules/remote-state | 1.8.0 |
eks | cloudposse/stack-config/yaml//modules/remote-state | 1.8.0 |
eks_iam_policy | cloudposse/iam-policy/aws | 2.0.1 |
eks_iam_role | cloudposse/eks-iam-role/aws | 2.1.1 |
iam_roles | ../../account-map/modules/iam-roles | n/a |
this | cloudposse/label/null | 0.25.0 |
Resources
Name | Type |
---|---|
kubernetes_manifest.spacelift_worker_pool | resource |
kubernetes_role_binding_v1.default | resource |
kubernetes_role_v1.default | resource |
kubernetes_secret.default | resource |
kubernetes_service_account_v1.default | resource |
spacelift_worker_pool.default | resource |
aws_eks_cluster_auth.eks | data source |
aws_partition.current | data source |
aws_ssm_parameter.spacelift_key_id | data source |
aws_ssm_parameter.spacelift_key_secret | data source |
spacelift_spaces.default | data source |