apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: wsi-eks-cluster
region: ap-northeast-2
version: '1.29'
secretsEncryption:
keyARN: kms_arn
cloudWatch:
clusterLogging:
enableTypes: ["*"]
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: cert-manager
namespace: cert-manager
wellKnownPolicies:
certManager: true
vpc:
securityGroup: sg_id
subnets:
public:
ap-northeast-2a: { id: public_a }
ap-northeast-2b: { id: public_b }
private:
ap-northeast-2a: { id: private_a }
ap-northeast-2b: { id: private_a }
clusterEndpoints:
publicAccess: false
privateAccess: true
managedNodeGroups:
- name: wsi-addon-nodegroup
instanceName: wsi-addon-node
instanceType: t4g.large
desiredCapacity: 2
minSize: 2
maxSize: 10
amiFamily: Bottlerocket
- name: wsi-app-nodegroup
instanceName: wsi-app-node
instanceType: m5.xlarge
desiredCapacity: 2
minSize: 2
maxSize: 10
amiFamily: Bottlerocket
fargateProfiles:
- name: wsi-app-fargate
selectors:
- namespace: wsi
labels:
wsi: order
#!/bin/bash
export public_a=`aws ec2 describe-subnets --filters "Name=tag:Name,Values=*wsi-public-a*" --query "Subnets[].SubnetId[]" --output text`
export public_b=`aws ec2 describe-subnets --filters "Name=tag:Name,Values=*wsi-public-b*" --query "Subnets[].SubnetId[]" --output text`
export private_a=`aws ec2 describe-subnets --filters "Name=tag:Name,Values=*wsi-app-a*" --query "Subnets[].SubnetId[]" --output text`
export private_b=`aws ec2 describe-subnets --filters "Name=tag:Name,Values=*wsi-app-b*" --query "Subnets[].SubnetId[]" --output text`
sg_id=$(aws ec2 describe-security-groups --query "SecurityGroups[?GroupName=='control-plan-sg'].GroupId" --output text)
keys=$(aws kms list-keys --output json)
key_ids=$(echo $keys | jq -r '.Keys[].KeyId')
for key_id in $key_ids; do
name_tag=$(aws kms list-resource-tags --key-id $key_id --query "Tags[].TagValue" --output text 2> /dev/null)
if [ "$name_tag" == "eks-kms" ]; then
kms_arn=$(aws kms describe-key --key-id $key_id --query "KeyMetadata.Arn" --output text)
fi
done
sed -i "s|public_a|$public_a|g" cluster.yaml
sed -i "s|public_b|$public_b|g" cluster.yaml
sed -i "s|private_a|$private_a|g" cluster.yaml
sed -i "s|private_b|$private_b|g" cluster.yaml
sed -i "s|sg_id|$sg_id|g" cluster.yaml
sed -i "s|kms_arn|$kms_arn|g" cluster.yaml
eksctl create cluster -f cluster.yaml
aws eks --region ap-northeast-2 update-kubeconfig --name wsi-eks-cluster
LAUNCHTEMPLATER_ID=$(aws ec2 describe-launch-templates --query "LaunchTemplates[?LaunchTemplateName=='eksctl-wsi-eks-cluster-nodegroup-wsi-app-nodegroup'].LaunchTemplateId" --output text)
aws ec2 describe-launch-template-versions --launch-template-id $LAUNCHTEMPLATER_ID --versions 1 --query "LaunchTemplateVersions[0].LaunchTemplateData" --output json > launch_template.json
sed -i 's|"HttpPutResponseHopLimit": 2|"HttpPutResponseHopLimit": 1|g' launch_template.json
sed -i 's|"HttpTokens": "required"|"HttpTokens": "optional"|g' launch_template.json
aws ec2 create-launch-template-version --launch-template-id $LAUNCHTEMPLATER_ID --launch-template-data file://launch_template.json > /dev/null
aws eks update-nodegroup-version --cluster-name wsi-eks-cluster --nodegroup-name wsi-app-nodegroup --launch-template "{\\"id\\":\\"$LAUNCHTEMPLATER_ID\\",\\"version\\":\\"2\\"}"
kubectl create ns wsi