From c82d702edbac8cccb7f846ec43b490094c852208 Mon Sep 17 00:00:00 2001
From: Edward Viaene <ward@in4it.io>
Date: Thu, 9 Jan 2020 21:07:19 +0100
Subject: [PATCH] eks

---
 eks/README.md                | 19 +++++++++++++++++++
 eks/amazonlinux-nonroot.yaml | 22 ++++++++++++++++++++++
 eks/amazonlinux.yaml         | 19 +++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 eks/README.md
 create mode 100644 eks/amazonlinux-nonroot.yaml
 create mode 100644 eks/amazonlinux.yaml

diff --git a/eks/README.md b/eks/README.md
new file mode 100644
index 0000000..6da1247
--- /dev/null
+++ b/eks/README.md
@@ -0,0 +1,19 @@
+# Setup EKS
+```
+eksctl create cluster --name=cluster-2 --nodes=2 --region=eu-west-1 --managed
+```
+
+# Setup IAM Roles for Service Accounts
+
+Enable IAM Roles for Service Accounts on the EKS cluster
+
+```
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2 --approve
+```
+
+Create new IAM Role using eksctl
+```
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess --approve
+```
diff --git a/eks/amazonlinux-nonroot.yaml b/eks/amazonlinux-nonroot.yaml
new file mode 100644
index 0000000..df03852
--- /dev/null
+++ b/eks/amazonlinux-nonroot.yaml
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]
diff --git a/eks/amazonlinux.yaml b/eks/amazonlinux.yaml
new file mode 100644
index 0000000..9537245
--- /dev/null
+++ b/eks/amazonlinux.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]