Cluster | Notion

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: skills-eks-cluster
  version: "1.29"
  region: ap-northeast-2

cloudWatch:
  clusterLogging:
    enableTypes: ["*"]

secretsEncryption:
  keyARN: kms_arn

iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: aws-load-balancer-controller
      namespace: kube-system
    wellKnownPolicies:
      awsLoadBalancerController: true
  - metadata:
      name: cert-manager
      namespace: cert-manager
    wellKnownPolicies:
      certManager: true

vpc:
  securityGroup: sg_id
  subnets:
    private:
      ap-northeast-2a: { id: private_a }
      ap-northeast-2b: { id: private_b }
  clusterEndpoints:
    publicAccess: false
    privateAccess: true
      
managedNodeGroups:
  - name: skills-eks-addon-nodegroup
    labels: { skills: addon }
    instanceName: skills-eks-addon-node
    instanceType: t3.large
    desiredCapacity: 2
    minSize: 2
    maxSize: 20
    privateNetworking: true

  - name: skills-eks-app-nodegroup
    labels: { skills: app }
    instanceName: skills-eks-app-node
    instanceType: t3.large
    desiredCapacity: 2
    minSize: 2
    maxSize: 20
    privateNetworking: true
 
fargateProfiles:
  - name: coredns-profile
    selectors:
      - namespace: kube-system

#!/bin/bash
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-app-a" --query "Subnets[].SubnetId[]" --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-app-b" --query "Subnets[].SubnetId[]" --output text)
sg_id=$(aws ec2 describe-security-groups --query "SecurityGroups[?GroupName=='skills-EKS-ControlPlan-SG'].GroupId" --output text)
keys=$(aws kms list-keys --output json)
key_ids=$(echo $keys | jq -r '.Keys[].KeyId')
for key_id in $key_ids; do
    name_tag=$(aws kms list-resource-tags --key-id $key_id --query "Tags[].TagValue" --output text 2> /dev/null)
    if [ "$name_tag" == "eks-kms" ]; then
        kms_arn=$(aws kms describe-key --key-id $key_id --query "KeyMetadata.Arn" --output text)
    fi
done

sed -i "s|private_a|$private_a|g" cluster.yaml
sed -i "s|private_b|$private_b|g" cluster.yaml
sed -i "s|sg_id|$sg_id|g" cluster.yaml
sed -i "s|kms_arn|$kms_arn|g" cluster.yaml

eksctl create cluster -f cluster.yaml

aws eks --region ap-northeast-2 update-kubeconfig --name skills-eks-cluster

kubectl create ns app

kubectl patch deployment coredns -n kube-system --type=json -p='[{"op": "remove", "path": "/spec/template/metadata/annotations", "value": "eks.amazonaws.com/compute-type"}]'
kubectl rollout restart -n kube-system deployment coredns