eks

2026-02-14 09:39:54 +00:00 · 2020-01-09 21:07:19 +01:00
parent c72b2e7e87
commit c82d702edb
3 changed files with 60 additions and 0 deletions
--- a/eks/README.md
+++ b/eks/README.md
@@ -0,0 +1,19 @@
+# Setup EKS
+```
+eksctl create cluster --name=cluster-2 --nodes=2 --region=eu-west-1 --managed
+```
+
+# Setup IAM Roles for Service Accounts
+
+Enable IAM Roles for Service Accounts on the EKS cluster
+
+```
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2 --approve
+```
+
+Create new IAM Role using eksctl
+```
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess --approve
+```
--- a/eks/amazonlinux-nonroot.yaml
+++ b/eks/amazonlinux-nonroot.yaml
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]
--- a/eks/amazonlinux.yaml
+++ b/eks/amazonlinux.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]