-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds pipeline for aws-nuke #399
Open
ashishranjan738
wants to merge
1
commit into
awslabs:main
Choose a base branch
from
ashishranjan738:aws-nuke
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Cleanup old aws resources | ||
|
|
||
| Here is how users can clean up old aws resources periodically. | ||
|
|
||
| The general method is to use a CronJob to trigger a Task that deletes old aws resources that are not protected by aws-nuke config. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| * A Kubernetes cluster with Tekton Pipelines installed | ||
| * Several old aws resources you wish to delete | ||
|
|
||
| ## Scheduling the cleanup job | ||
|
|
||
| You'll need to install all the files in this directory to run the cleanup task. | ||
|
|
||
|
|
||
| * [cleanup-template.yaml](cleanup-template.yaml): this creates the TriggerTemplate that spawns the TaskRun that does the deleting. It uses the `aws-nuke` CLI to do the deleting. | ||
|
|
||
| * [binding.yaml](binding.yaml): this creates the TriggerBinding that is used to pass parameters to the TaskRun. There are two parameters that are passed by this. | ||
| - `aws-nuke-s3-config-path`: this holds the aws-nuke config s3 path. The config holds the resources that needs to be retained by the sweeper job. For instructions on building a aws-nuke config, refer to this https://github.com/rebuy-de/aws-nuke | ||
| - `aws-account-alias`: aws-nuke requires account alias for confirmation before deleting. Here is how the account alias can be setup. https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-alias.html | ||
|
|
||
| * [eventlistener.yaml](eventlistener.yaml): this creates the sink that receives the incoming event that triggers the creation of the cleanup job. | ||
|
|
||
| * [cronjob.yaml](cronjob.yaml): this is used to run the cleanup job on a schedule. The schedule for the job running can be set in the `.spec.schedule` field using [crontab format](https://crontab.guru/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| apiVersion: triggers.tekton.dev/v1alpha1 | ||
| kind: TriggerBinding | ||
| metadata: | ||
| name: aws-account-cleanup | ||
| namespace: tekton-pipelines | ||
| spec: | ||
| params: | ||
| - name: aws-nuke-s3-config-path | ||
| value: <Replace this with s3 path of config> | ||
| - name: aws-account-alias | ||
| value: <Replace this with account alias> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| apiVersion: triggers.tekton.dev/v1alpha1 | ||
| kind: TriggerTemplate | ||
| metadata: | ||
| name: aws-account-cleanup | ||
| namespace: tekton-pipelines | ||
| spec: | ||
| params: | ||
| - name: aws-nuke-s3-config-path | ||
| description: S3 path for the aws nuke's config file. | ||
| - name: aws-account-alias | ||
| description: aws account alias for the account to be sweeped. | ||
| resourcetemplates: | ||
| - apiVersion: tekton.dev/v1beta1 | ||
| kind: TaskRun | ||
| metadata: | ||
| name: aws-account-cleanup-runs-$(uid) | ||
| spec: | ||
| serviceAccountName: tekton-pipelines-executor | ||
| taskSpec: | ||
| description: | | ||
| Sweeps down an aws account for leftover resources, based on the config provided | ||
| workspaces: | ||
| - name: config | ||
| params: | ||
| - name: aws-nuke-s3-config-path | ||
| description: S3 path for the aws nuke's config file. i.e s3://dev-eks-rnshis/aws-nuke.yaml | ||
| - name: aws-account-alias | ||
| description: aws account alias for the account to be sweeped. | ||
| steps: | ||
| - name: download-config | ||
| image: amazon/aws-cli | ||
| script: | | ||
| aws s3 cp $(params.aws-nuke-s3-config-path) $(workspaces.config.path)/config.yaml | ||
| - name: sweep-aws-account | ||
| image: quay.io/rebuy/aws-nuke:v2.22.1 | ||
| script: | | ||
| # TODO: Add --no-dry-run to start deleting the resources | ||
| echo "$(params.aws-account-alias)" | aws-nuke -c $(workspaces.config.path)/config.yaml | ||
| params: | ||
| - name: aws-nuke-s3-config-path | ||
| value: $(tt.params.aws-nuke-s3-config-path) | ||
| - name: aws-account-alias | ||
| value: $(tt.params.aws-account-alias) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| apiVersion: batch/v1beta1 | ||
| kind: CronJob | ||
| metadata: | ||
| name: aws-account-cleanup | ||
| namespace: tekton-pipelines | ||
| spec: | ||
| schedule: "0 0 */30 * *" # Triggers in every 30 days | ||
| jobTemplate: | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: curl | ||
| image: curlimages/curl | ||
| args: ["curl", "-X", "POST", "--data", "{}", "el-aws-account-cleanup.tekton-pipelines.svc.cluster.local:8080"] | ||
| restartPolicy: Never |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| --- | ||
| apiVersion: triggers.tekton.dev/v1alpha1 | ||
| kind: EventListener | ||
| metadata: | ||
| name: aws-account-cleanup | ||
| namespace: tekton-pipelines | ||
| spec: | ||
| serviceAccountName: tekton-triggers | ||
| triggers: | ||
| - name: cron | ||
| bindings: | ||
| - ref: aws-account-cleanup | ||
| template: | ||
| ref: aws-account-cleanup |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's move this to internal ?
Because Flux will automatically apply this file and when it can't file this value, the job will start failing.