apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: ws-cluster
region: ap-northeast-2
version: '1.32'
# secretsEncryption:
# keyARN: kms_arn
cloudWatch:
clusterLogging:
enableTypes: ["*"]
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
vpc:
securityGroup: sg_id # HTTPS
subnets:
public:
ap-northeast-2a: { id: public_a }
ap-northeast-2b: { id: public_b }
private:
ap-northeast-2a: { id: private_a }
ap-northeast-2b: { id: private_a }
clusterEndpoints:
publicAccess: false
privateAccess: true
managedNodeGroups:
- name: ws-addon-nodegroup
instanceName: ws-addon-node
instanceType: c5.large
desiredCapacity: 2
minSize: 2
maxSize: 10
amiFamily: Bottlerocket
privateNetworking: true
- name: wsi-app-nodegroup
instanceName: ws-app-node
instanceType: c5.large
desiredCapacity: 2
minSize: 2
maxSize: 10
amiFamily: Bottlerocket
privateNetworking: true
public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=ws-pub-a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
public_c=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=ws-pub-c" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=ws-priv--a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_c=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=ws-priv-c" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
sed -i "s|public_a|$public_a|g" cluster.yaml
sed -i "s|public_c|$public_c|g" cluster.yaml
sed -i "s|private_a|$private_a|g" cluster.yaml
sed -i "s|private_c|$private_c|g" cluster.yaml
eksctl create cluster -f cluster.yaml