setup.ps1

<#
	THIS FILE IS AUTOMATICALLY GENERATED, DO NOT EDIT!
	
	This script is based on the logic from the "Amazon EKS Optimized Windows AMI"
	EC2 ImageBuilder component, with modifications to use containerd 1.7.0.
	
	The original ImageBuilder component logic is Copyright Amazon.com, Inc. or
	its affiliates, and is licensed under the MIT License.
#>

# Halt execution if we encounter an error
$ErrorActionPreference = 'Stop'


# Applies in-place patches to a file
function PatchFile
{
	Param (
		$File,
		$Patches
	)
	
	$patched = Get-Content -Path $File -Raw
	$Patches.GetEnumerator() | ForEach-Object {
		$patched = $patched.Replace($_.Key, $_.Value)
	}
	Set-Content -Path $File -Value $patched -NoNewline
}


# Constants
$KubernetesPath = "$env:ProgramFiles\Kubernetes"
$KubernetesDownload = "https://amazon-eks.s3.amazonaws.com/1.26.2/2023-03-17/bin/windows/amd64"
$ContainerdPath = "$env:ProgramFiles\containerd"
$EKSPath = "$env:ProgramFiles\Amazon\EKS"
$DomainlessGmsaPath = "$EKSPath\gmsa-plugin"
$CNIPath = "$EKSPath\cni"
$CSIProxyPath = "$EKSPath\bin"
$EKSLogsPath = "$env:ProgramData\Amazon\EKS\logs"
$TempRoot = "C:\TempEKSArtifactDir"
$TempPath = "$TempRoot\EKS-Artifacts"

# Create each of our directories
foreach ($dir in @($ContainerdPath, $KubernetesPath, $EKSPath, $CNIPath, $CSIProxyPath, $EKSLogsPath, $DomainlessGmsaPath, $TempRoot)) {
	New-Item -Path $dir -ItemType Directory -Force | Out-Null
}

# Install the NVIDIA GPU drivers
$driverBucket = 'ec2-windows-nvidia-drivers'
$driver = Get-S3Object -BucketName $driverBucket -KeyPrefix 'latest' -Region 'us-east-1' | Where-Object {$_.Key.Contains('server2022')}
Copy-S3Object -BucketName $driverBucket -Key $driver.Key -LocalFile "$TempRoot\driver.exe" -Region 'us-east-1'
Start-Process -FilePath "$TempRoot\driver.exe" -ArgumentList @('-s', '-noreboot') -NoNewWindow -Wait

# Download the Kubernetes components
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile("$KubernetesDownload/kubelet.exe", "$KubernetesPath\kubelet.exe")
$webClient.DownloadFile("$KubernetesDownload/kube-proxy.exe", "$KubernetesPath\kube-proxy.exe")
$webClient.DownloadFile("$KubernetesDownload/aws-iam-authenticator.exe", "$EKSPath\aws-iam-authenticator.exe")

# Download the EKS artifacts archive
$webClient.DownloadFile("https://ec2imagebuilder-managed-resources-us-east-1-prod.s3.amazonaws.com/components/eks-optimized-ami-windows/1.26.0/EKS-Artifacts.zip", "C:\EKS-Artifacts.zip")

# Extract the EKS artifacts archive
Expand-Archive -Path "C:\EKS-Artifacts.zip" -DestinationPath $TempRoot
Remove-Item -Path "C:\EKS-Artifacts.zip" -Force

# Move the EKS files into place
Move-Item -Path "$TempPath\ctr.exe" -Destination "$ContainerdPath\ctr.exe" -Force
Move-Item -Path "$TempPath\containerd.exe" -Destination "$ContainerdPath\containerd.exe" -Force
Move-Item -Path "$TempPath\containerd-shim-runhcs-v1.exe" -Destination "$ContainerdPath\containerd-shim-runhcs-v1.exe" -Force
Move-Item -Path "$TempPath\Start-EKSBootstrap.ps1" -Destination "$EKSPath\Start-EKSBootstrap.ps1" -Force
Move-Item -Path "$TempPath\EKS-StartupTask.ps1" -Destination "$EKSPath\EKS-StartupTask.ps1" -Force
Move-Item -Path "$TempPath\vpc-shared-eni.exe" -Destination "$CNIPath\vpc-shared-eni.exe" -Force
Move-Item -Path "$TempPath\csi-proxy.exe" -Destination "$CSIProxyPath\csi-proxy.exe" -Force

# Install the Windows Containers feature
# (Note: this is actually a no-op here, since we install the feature beforehand in startup.ps1)
Install-WindowsFeature -Name Containers

# -------

# TEMPORARY UNTIL EKS ADDS SUPPORT FOR CONTAINERD v1.7.0:
# Download and extract the containerd 1.7.0 release build
$containerdTarball = "$TempPath\containerd-1.7.0.tar.gz"
$containerdFiles = "$TempPath\containerd-1.7.0"
$webClient.DownloadFile('https://github.com/containerd/containerd/releases/download/v1.7.0/containerd-1.7.0-windows-amd64.tar.gz', $containerdTarball)
New-Item -Path "$containerdFiles" -ItemType Directory -Force | Out-Null
tar.exe -xvzf "$containerdTarball" -C "$containerdFiles"

# Move the containerd files into place
Move-Item -Path "$containerdFiles\bin\containerd.exe" -Destination "$ContainerdPath\containerd.exe" -Force
Move-Item -Path "$containerdFiles\bin\containerd-shim-runhcs-v1.exe" -Destination "$ContainerdPath\containerd-shim-runhcs-v1.exe" -Force
Move-Item -Path "$containerdFiles\bin\ctr.exe" -Destination "$ContainerdPath\ctr.exe" -Force

# Clean up the containerd intermediate files
Remove-Item -Path "$containerdFiles" -Recurse -Force
Remove-Item -Path "$containerdTarball" -Force

# -------

# Patch the containerd setup script to configure a log file (rather than just discarding log output) and to use the upstream pause
# container image rather than the EKS version, since the latter appears to cause errors when attempting to create Windows Pods
PatchFile -File "$TempPath\Add-ContainerdRuntime.ps1" -Patches @{
	"containerd --register-service" = "containerd --register-service --log-file 'C:\ProgramData\containerd\root\output.log'";
	"amazonaws.com/eks/pause-windows:latest" = "registry.k8s.io/pause:3.9"
}

# Add the full Windows Server 2022 base image and the pause image to the list of images to pre-pull
$baseLayersFile = "$TempPath\eks.baselayers.config"
$baseLayers = Get-Content -Path $baseLayersFile -Raw | ConvertFrom-Json
$baseLayers.2022 += "mcr.microsoft.com/windows/server:ltsc2022"
$baseLayers.2022 += "registry.k8s.io/pause:3.9"
$patchedJson = ConvertTo-Json -Depth 100 -InputObject $baseLayers
Set-Content -Path $baseLayersFile -Value $patchedJson -NoNewline

# Register containerd as the EKS container runtime
Push-Location $TempPath
& .\Add-ContainerdRuntime.ps1 -Path "$ContainerdPath"
Pop-Location

# Perform EKS worker node setup
Push-Location $TempPath
& .\create-windows-pause-image.ps1 -ContainerRuntime containerd
& .\Get-EKSBaseLayers.ps1 -ConfigFile eks.baselayers.config -ContainerRuntime containerd
& .\Add-CSIProxy.ps1 -Path "$CSIProxyPath" -LogPath "$EKSLogsPath"
& .\EKS-WindowsServiceHost.ps1
& .\Install-EKSWorkerNode.ps1
Pop-Location


# Perform cleanup
Remove-Item -Path "$TempRoot" -Recurse -Force