CA
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: <EKS_Cluster_Name>
version: "<EKS_Version>"
region: <Region>
cloudWatch:
clusterLogging:
enableTypes: ["*"]
iamIdentityMappings:
- arn: arn:aws:iam::<Account ID>:role/<Role name>
groups:
- system:masters
username: admin
noDuplicateARNs: true
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
- metadata:
name: cluster-autoscaler
namespace: kube-system
labels: {aws-usage: "cluster-ops"}
wellKnownPolicies:
autoScaler: true
- metadata:
name: autoscaler-service
namespace: kube-system
attachPolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "autoscaling:DescribeAutoScalingGroups"
- "autoscaling:DescribeAutoScalingInstances"
- "autoscaling:DescribeLaunchConfigurations"
- "autoscaling:DescribeTags"
- "autoscaling:SetDesiredCapacity"
- "autoscaling:TerminateInstanceInAutoScalingGroup"
- "ec2:DescribeLaunchTemplateVersions"
Resource: '*'
vpc:
subnets:
public:
<Region>a: { id: public_a }
<Region>b: { id: public_b }
<Region>c: { id: public_c }
private:
<Region>a: { id: private_a }
<Region>b: { id: private_b }
<Region>c: { id: private_c }
managedNodeGroups:
- name: <Worker Node Group name>
labels: { <key>: <value> }
instanceName: <Instance name>
instanceType: <Instance Type>
desiredCapacity: 2
minSize: 2
maxSize: 20
privateNetworking: true
amiFamily: Bottlerocket
iam:
attachPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
tags:
k8s.io/cluster-autoscaler/enabled: "true"
k8s.io/cluster-autoscaler/<EKS_Cluster_Name>: "owned"
Karpenter
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: <EKS_Cluster_Name>
version: "<EKS_Version>"
region: <Region>
tags:
karpenter.sh/discovery: <EKS_Cluster_Name>
cloudWatch:
clusterLogging:
enableTypes: ["*"]
iamIdentityMappings:
- arn: arn:aws:iam::<Account ID>:role/<Role name>
groups:
- system:masters
username: admin
noDuplicateARNs: true
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
karpenter:
version: '0.35.2'
createServiceAccount: true
vpc:
subnets:
public:
<Region>a: { id: public_a }
<Region>b: { id: public_b }
<Region>c: { id: public_c }
private:
<Region>a: { id: private_a }
<Region>b: { id: private_b }
<Region>c: { id: private_c }
managedNodeGroups:
- name: <Worker Node Group name>
labels: { <key>: <value> }
instanceName: <Instance name>
instanceType: <Instance Type>
desiredCapacity: 2
minSize: 2
maxSize: 20
privateNetworking: true
amiFamily: Bottlerocket
iam:
attachPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
apiVersion: karpenter.sh/v1alpha5
kind: Provisioner
metadata:
name: apps
spec:
requirements:
- key: karpenter.k8s.aws/instance-size
operator: NotIn
values: [nano, micro, small] # Instance Size
- key: "node.kubernetes.io/instance-type"
operator: In
values: ["c5.large"] # Instance Type
- key: "kubernetes.io/arch"
operator: In
values: ["amd64"]
- key: "karpenter.sh/capacity-type"
operator: In
values: ["on-demand"] # ["on-demand", "spot"]
- key: "topology.kubernetes.io/zone" # AZ
operator: In
values: ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]
providerRef:
name: apps-provider
taints:
- key: dedicated
value: app
effect: NoSchedule
ttlSecondsAfterEmpty: 300
# ttlSecondsUntilExpired: 2592000 # 30 Days = 60 * 60 * 24 * 30 Seconds;
---
apiVersion: karpenter.k8s.aws/v1alpha1
kind: AWSNodeTemplate
metadata:
name: apps-provider
spec:
amiFamily: Bottlerocket
subnetSelector: # required
karpenter.sh/discovery: skills-cluster
securityGroupSelector: # required, when not using launchTemplate
karpenter.sh/discovery: skills-cluster
blockDeviceMappings:
- deviceName: /dev/xvda
ebs:
volumeType: gp3
volumeSize: 20Gi
deleteOnTermination: true
# userData: ""
metadataOptions:
httpEndpoint: enabled
httpProtocolIPv6: disabled
httpPutResponseHopLimit: 2
httpTokens: required