kalugin66/windmill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update cloudformation template to use latest cli/images + fix cl… (#8417)

Browse Source 
* fix: update cloudformation template to use latest cli/images + fix cleanup script

* fix: narrow SG cleanup to k8s-created groups + add CLI install error handling

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Alexander Petric
2026-03-17 16:12:04 -04:00
committed by GitHub
parent c4c524fade
commit 9f10b44c18
1 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
examples/deploy/aws-eks-cloudformation/quicklaunch.yaml
View File

@@ -58,38 +58,10 @@ Parameters:
- false - false
Description: Enable Windmill Enterprise features (requires license key) Description: Enable Windmill Enterprise features (requires license key)
Mappings: LatestAmiId:
RegionMap: Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
us-east-1: Default: /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64
AMI: ami-0cff7528ff583bf9a Description: Latest Amazon Linux 2023 AMI (automatically resolved via SSM)
us-east-2:
AMI: ami-0cd3c7f72edd5b06d
us-west-1:
AMI: ami-0d9858aa3c6322f73
us-west-2:
AMI: ami-098e42ae54c764c35
ca-central-1:
AMI: ami-00f881f027a6d74a0
eu-west-1:
AMI: ami-04dd4500af104442f
eu-west-2:
AMI: ami-0eb260c4d5475b901
eu-west-3:
AMI: ami-05e8e20cef0eaa9d0
eu-central-1:
AMI: ami-0bad4a5e987bdebde
ap-northeast-1:
AMI: ami-0b7546e839d7ace12
ap-northeast-2:
AMI: ami-0fd0765afb77bcca7
ap-southeast-1:
AMI: ami-0c802847a7dd848c0
ap-southeast-2:
AMI: ami-07620139298af599e
ap-south-1:
AMI: ami-0851b76e8b1bce90b
sa-east-1:
AMI: ami-054a31f1b3bf90920
Resources: Resources:
VPC: VPC:
@@ -345,7 +317,7 @@ Resources:
- EKSNodeGroup - EKSNodeGroup
- WindmillDB - WindmillDB
Properties: Properties:
ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI] ImageId: !Ref LatestAmiId
InstanceType: t3.micro InstanceType: t3.micro
IamInstanceProfile: !Ref WindmillInstallerInstanceProfile IamInstanceProfile: !Ref WindmillInstallerInstanceProfile
SubnetId: !Ref PublicSubnet1 SubnetId: !Ref PublicSubnet1
@@ -358,7 +330,15 @@ Resources:
# Install required tools # Install required tools
yum update -y yum update -y
yum install -y aws-cli jq postgresql15 aws-cfn-bootstrap yum install -y jq postgresql15 aws-cfn-bootstrap unzip
# Install AWS CLI v2 (yum aws-cli package is v1 and outdated)
echo "Installing AWS CLI v2..."
if ! (curl -sf "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip -q awscliv2.zip && ./aws/install); then
echo "ERROR: Failed to install AWS CLI v2"
exit 1
fi
rm -rf aws awscliv2.zip
# Set up logging directory with correct permissions # Set up logging directory with correct permissions
mkdir -p /var/log/windmill-installer mkdir -p /var/log/windmill-installer
@@ -602,6 +582,8 @@ Resources:
ZipFile: | ZipFile: |
const { ElasticLoadBalancingClient, DescribeLoadBalancersCommand, const { ElasticLoadBalancingClient, DescribeLoadBalancersCommand,
DeleteLoadBalancerCommand } = require('@aws-sdk/client-elastic-load-balancing'); DeleteLoadBalancerCommand } = require('@aws-sdk/client-elastic-load-balancing');
const { EC2Client, DescribeSecurityGroupsCommand,
DeleteSecurityGroupCommand } = require('@aws-sdk/client-ec2');
const response = require('cfn-response'); const response = require('cfn-response');
exports.handler = async (event, context) => { exports.handler = async (event, context) => {
@@ -611,6 +593,7 @@ Resources:
try { try {
const elb = new ElasticLoadBalancingClient(); const elb = new ElasticLoadBalancingClient();
const ec2 = new EC2Client();
const vpcId = event.ResourceProperties.VpcId; const vpcId = event.ResourceProperties.VpcId;
// Find and delete Classic Load Balancers in the VPC // Find and delete Classic Load Balancers in the VPC
@@ -628,14 +611,29 @@ Resources:
} }
if (deleted) { if (deleted) {
// Wait for deletion to complete
console.log('Waiting 30 seconds for load balancer deletion to complete...'); console.log('Waiting 30 seconds for load balancer deletion to complete...');
await new Promise(r => setTimeout(r, 30000)); await new Promise(r => setTimeout(r, 30000));
} }
// Delete Kubernetes-created security groups (e.g. k8s-elb-*)
const sgResponse = await ec2.send(new DescribeSecurityGroupsCommand({
Filters: [{ Name: 'vpc-id', Values: [vpcId] }]
}));
for (const sg of sgResponse.SecurityGroups || []) {
if (sg.GroupName !== 'default' && (sg.GroupName.startsWith('k8s-') || (sg.Tags || []).some(t => t.Key.startsWith('kubernetes.io/')))) {
console.log(`Deleting security group: ${sg.GroupId} (${sg.GroupName})`);
try {
await ec2.send(new DeleteSecurityGroupCommand({ GroupId: sg.GroupId }));
} catch (e) {
console.log(`Could not delete ${sg.GroupId}: ${e.message}`);
}
}
}
return response.send(event, context, response.SUCCESS); return response.send(event, context, response.SUCCESS);
} catch (error) { } catch (error) {
console.error('Error deleting load balancers:', error); console.error('Error during VPC cleanup:', error);
return response.send(event, context, response.FAILED, {error: error.message}); return response.send(event, context, response.FAILED, {error: error.message});
} }
}; };
@@ -662,6 +660,8 @@ Resources:
- ec2:DescribeAddresses - ec2:DescribeAddresses
- ec2:DisassociateAddress - ec2:DisassociateAddress
- ec2:DescribeNetworkInterfaces - ec2:DescribeNetworkInterfaces
- ec2:DescribeSecurityGroups
- ec2:DeleteSecurityGroup
- elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeLoadBalancers
- elasticloadbalancing:DeleteLoadBalancer - elasticloadbalancing:DeleteLoadBalancer
- elasticloadbalancingv2:DescribeLoadBalancers - elasticloadbalancingv2:DescribeLoadBalancers