eksctl create iamserviceaccount \\
    --name dynamodb-pull-sa \\
    --region=ap-northeast-2 \\
    --cluster wsi-cluster \\
    --namespace=skills \\
    --attach-policy-arn "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" \\
    --override-existing-serviceaccounts \\
    --approve

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wsi-order-deployment
  namespace: skills
  labels:
    app: order
spec:
  replicas: 2
  selector:
    matchLabels:
      app: order
  template:
    metadata:
      labels:
        app: order
        wsi: skills
    spec:
      serviceAccount: dynamodb-pull-sa
      containers:
      - name: order-cnt
        image: IMAGE
        ports:
        - containerPort: 8080
        env:
        - name: AWS_REGION
          valueFrom:
            secretKeyRef:
              name: db-credentials
              key: REGION
      nodeSelector:
        wsi/node: app

IMAGE_URL=$(aws ecr describe-repositories --repository-name wsi-order-ecr --query "repositories[].repositoryUri" --output text)
IMAGE_TAG=$(aws ecr describe-images --repository-name wsi-order-ecr --query "imageDetails[].imageTags" --output text)
IMAGE="$IMAGE_URL:$IMAGE_TAG"

sed -i "s|IMAGE|$IMAGE|g" deployment.yaml

kubectl apply -f deployment.yaml

apiVersion: v1
kind: Service
metadata:
  name: wsi-order-service
  namespace: skills
spec:
  selector:
    app: order
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 8080

kubectl apply -f service.yaml