eksctl, kubectl, helm install

# cluster.yaml

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: ncsc-eks-cluster
  version: "1.31"
  region: ap-northeast-2

vpc:
  subnets:
    private:
      private-a: { id: ncsc-app-subnet-a_id }
      private-b: { id: ncsc-app-subnet-b_id }

iamIdentityMappings:
  - arn: arn:aws:iam::<account_id>:user/admin
    groups:
      - system:masters
    username: root-admin
    noDuplicateARNs: true

iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: aws-load-balancer-controller
      namespace: kube-system
    wellKnownPolicies:
      awsLoadBalancerController: true

managedNodeGroups:
  - name: ncsc-app-ng
    labels: { app: nga }
    instanceType: t3.medium
    instanceName: ncsc-app-node
    desiredCapacity: 2
    minSize: 2
    maxSize: 20
    amiFamily: Bottlerocket
    privateNetworking: true
    volumeType: gp2
    volumeEncrypted: true
    iam:
      withAddonPolicies:
        imageBuilder: true
        awsLoadBalancerController: true
        autoScaler: true

cloudWatch:
  clusterLogging:
    enableTypes: ["audit"]

# eksctl install
curl --silent --location "<https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$>(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/bin/
eksctl version

# kubectl install
curl -O <https://s3.us-west-2.amazonaws.com/amazon-eks/1.31.0/2024-09-12/bin/linux/amd64/kubectl>
chmod +x ./kubectl
sudo mv ./kubectl /usr/bin/
sudo ln -s /usr/bin/kubectl /usr/local/bin/k
k version --client

# helm install
curl <https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3> | bash

create cluster

mkdir manifest
cd manifest
eksctl create cluster -f cluster.yaml