basic eks cluster creation

Author: drewmalin

go.mod

@@ -10,6 +10,8 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.31.8
 	github.com/aws/aws-sdk-go-v2/credentials v1.18.12
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.2
+	github.com/aws/aws-sdk-go-v2/service/eks v1.73.3
+	github.com/aws/aws-sdk-go-v2/service/iam v1.47.5
 	github.com/bojanz/currency v1.3.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cenkalti/backoff/v4 v4.3.0
@@ -20,6 +22,7 @@ require (
 	github.com/nebius/gosdk v0.0.0-20250826102719-940ad1dfb5de
 	github.com/stretchr/testify v1.11.0
 	golang.org/x/crypto v0.41.0
+	google.golang.org/grpc v1.75.0
 )
 
 require (
@@ -48,7 +51,6 @@ require (
 	golang.org/x/sys v0.35.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect
-	google.golang.org/grpc v1.75.0 // indirect
 	google.golang.org/protobuf v1.36.8 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -20,6 +20,10 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.2 h1:6TssXFfLHcwUS5E3MdYKkCFeOrYVBlDhJjs5kRJp0ic=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.2/go.mod h1:MXJiLJZtMqb2dVXgEIn35d5+7MqLd4r8noLen881kpk=
+github.com/aws/aws-sdk-go-v2/service/eks v1.73.3 h1:V6MAr82kSLdj3/tN4UcPtlXDbvkNcAxsIvq59CNe704=
+github.com/aws/aws-sdk-go-v2/service/eks v1.73.3/go.mod h1:FeDTTHze8jWVCZBiMkUYxJ/TQdOpTf9zbJjf0RI0ajo=
+github.com/aws/aws-sdk-go-v2/service/iam v1.47.5 h1:o2gRl9x3A/Sp6q4oHinnrS+2AC9Ud8DaG4JL9ygMACk=
+github.com/aws/aws-sdk-go-v2/service/iam v1.47.5/go.mod h1:0y7wFmnEg9xTZxjmr2gHQ4xOHpCfrt70lFWTOAkrij4=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.7 h1:mLgc5QIgOy26qyh5bvW+nDoAppxgn3J2WV3m9ewq7+8=

v1/kubernetes.go

@@ -62,6 +62,7 @@ const (
 
 type CreateClusterArgs struct {
 	Name              string
+	RefID             string
 	VPCID             string
 	SubnetIDs         []string
 	KubernetesVersion string

v1/providers/aws/kubernetes.go

@@ -0,0 +1,208 @@
+package v1
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/eks"
+	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
+	"github.com/aws/aws-sdk-go-v2/service/iam"
+	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
+
+	v1 "github.com/brevdev/cloud/v1"
+)
+
+var _ v1.CloudMaintainKubernetes = &AWSClient{}
+
+func (c *AWSClient) CreateCluster(ctx context.Context, args v1.CreateClusterArgs) (*v1.Cluster, error) {
+	// Create the AWS client in the specified region
+	awsClient := awsClient{
+		eksClient: eks.NewFromConfig(c.awsConfig, func(o *eks.Options) {
+			o.Region = args.Location
+		}),
+		iamClient: iam.NewFromConfig(c.awsConfig, func(o *iam.Options) {
+			o.Region = args.Location
+		}),
+	}
+
+	// Create the cluster
+	awsCluster, err := createEKSCluster(ctx, awsClient, args)
+	if err != nil {
+		return nil, err
+	}
+
+	return &v1.Cluster{
+		RefID:  args.RefID,
+		Name:   *awsCluster.Name,
+		Status: v1.ClusterStatusAvailable,
+		// NodeGroups: args.NodeGroups,
+	}, nil
+}
+
+func createEKSCluster(ctx context.Context, awsClient awsClient, args v1.CreateClusterArgs) (*ekstypes.Cluster, error) {
+	serviceRoleARN, err := getOrCreateServiceRoleARN(ctx, awsClient, args)
+	if err != nil {
+		return nil, err
+	}
+
+	eksCluster, err := createCluster(ctx, awsClient, args, serviceRoleARN)
+	if err != nil {
+		return nil, err
+	}
+
+	err = installEKSAddons(ctx, awsClient, eksCluster)
+	if err != nil {
+		return nil, err
+	}
+
+	return eksCluster, nil
+}
+
+func getOrCreateServiceRoleARN(ctx context.Context, awsClient awsClient, args v1.CreateClusterArgs) (string, error) {
+	serviceRoleName := fmt.Sprintf("%s-service-role", args.RefID)
+
+	// Get and return the role if it exists
+	serviceRole, err := awsClient.iamClient.GetRole(ctx, &iam.GetRoleInput{
+		RoleName: aws.String(serviceRoleName),
+	})
+	if err == nil {
+		return *serviceRole.Role.Arn, nil
+	} else {
+		// The error may be a NoSuchEntityException. If it is, we should ignore the error and create the role.
+		var noSuchEntityError *iamtypes.NoSuchEntityException
+		if !errors.As(err, &noSuchEntityError) {
+			// The error is not a no such entity error, so we return the error
+			return "", err
+		}
+	}
+
+	// Create the role
+	input := &iam.CreateRoleInput{
+		RoleName:    aws.String(serviceRoleName),
+		Description: aws.String("Role for EKS cluster"),
+		AssumeRolePolicyDocument: aws.String(`{
+		"Version": "2012-10-17",
+		"Statement": [
+			{
+				"Effect": "Allow",
+				"Principal": {
+					"Service": "eks.amazonaws.com"
+				},
+				"Action": "sts:AssumeRole"
+			}
+		]
+	}`),
+		Tags: []iamtypes.Tag{
+			{
+				Key:   aws.String(tagBrevRefID),
+				Value: aws.String(args.RefID),
+			},
+			{
+				Key:   aws.String("CreatedBy"),
+				Value: aws.String(tagBrevCloudSDK),
+			},
+		},
+	}
+	output, err := awsClient.iamClient.CreateRole(ctx, input)
+	if err != nil {
+		return "", err
+	}
+
+	// Attach the AmazonEKSClusterPolicy to the role
+	_, err = awsClient.iamClient.AttachRolePolicy(ctx, &iam.AttachRolePolicyInput{
+		RoleName:  aws.String(serviceRoleName),
+		PolicyArn: aws.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
+	})
+	if err != nil {
+		return "", err
+	}
+
+	return *output.Role.Arn, nil
+}
+
+func createCluster(ctx context.Context, awsClient awsClient, args v1.CreateClusterArgs, serviceRoleARN string) (*ekstypes.Cluster, error) {
+	tags := map[string]string{
+		"Name":       args.Name,
+		tagBrevRefID: args.RefID,
+		"CreatedBy":  tagBrevCloudSDK,
+	}
+
+	input := &eks.CreateClusterInput{
+		Name:    aws.String(args.Name),
+		Version: aws.String(args.KubernetesVersion),
+		RoleArn: aws.String(serviceRoleARN),
+		ResourcesVpcConfig: &ekstypes.VpcConfigRequest{
+			SubnetIds: args.SubnetIDs,
+		},
+		Tags: tags,
+	}
+
+	output, err := awsClient.eksClient.CreateCluster(ctx, input)
+	if err != nil {
+		return nil, err
+	}
+
+	// Wait for the cluster to be active
+	w := eks.NewClusterActiveWaiter(awsClient.eksClient, func(o *eks.ClusterActiveWaiterOptions) {
+		o.MaxDelay = 30 * time.Second
+		o.MinDelay = 10 * time.Second
+	})
+	err = w.Wait(ctx, &eks.DescribeClusterInput{
+		Name: output.Cluster.Name,
+	}, 10*time.Minute)
+	if err != nil {
+		return nil, err
+	}
+
+	return output.Cluster, nil
+}
+
+func installEKSAddons(ctx context.Context, awsClient awsClient, eksCluster *ekstypes.Cluster) error {
+	err := installEKSAddon(ctx, awsClient, eksCluster, "vpc-cni")
+	if err != nil {
+		return err
+	}
+
+	err = installEKSAddon(ctx, awsClient, eksCluster, "eks-pod-identity-agent")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func installEKSAddon(ctx context.Context, awsClient awsClient, eksCluster *ekstypes.Cluster, addonName string) error {
+	_, err := awsClient.eksClient.CreateAddon(ctx, &eks.CreateAddonInput{
+		ClusterName: eksCluster.Name,
+		AddonName:   aws.String(addonName),
+	})
+	if err != nil {
+		return err
+	}
+
+	// Wait for the addon to be created
+	w := eks.NewAddonActiveWaiter(awsClient.eksClient, func(o *eks.AddonActiveWaiterOptions) {
+		o.MaxDelay = 30 * time.Second
+		o.MinDelay = 10 * time.Second
+	})
+	err = w.Wait(ctx, &eks.DescribeAddonInput{
+		ClusterName: eksCluster.Name,
+		AddonName:   aws.String(addonName),
+	}, 10*time.Minute)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *AWSClient) GetCluster(ctx context.Context, args v1.GetClusterArgs) (*v1.Cluster, error) {
+	return nil, nil
+}
+
+func (c *AWSClient) DeleteCluster(ctx context.Context, args v1.DeleteClusterArgs) error {
+	return nil
+}