NDD d-nishi

## ingressController-iam-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "acm:DescribeCertificate",
        "acm:ListCertificates",
        "acm:GetCertificate"
      ],

## index.ts
import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Step 1: Parse and export configuration variables for the AKS stack.
const config = new pulumi.Config();
export const password = config.require("password");
export const location = config.get("location") || "East US";
export const failoverLocation = config.get("failoverLocation") || "East US 2";

## gist:1dbd24a4f2321ba3e72b4ea0a4cc679f
echo "Updating Pulumi Stack"

# Download dependencies and build
npm install
npm run build

# Update the stack
pulumi stack select acme/website-production
pulumi update --yes

## buildspec.yml
version: 0.2

phases:
  install:
    commands:
      # pulumi
      - curl -L https://get.pulumi.com/ | bash -s -- --version 0.16.2
      - export PATH=$PATH:$HOME/.pulumi/bin
  build:
    commands:

## put-service-role.json
{
	"Version": "2012-10-17",
	"Statement": [{
			"Sid": "CloudWatchLogsPolicy",
			"Effect": "Allow",
			"Action": [
				"logs:CreateLogGroup",
				"logs:CreateLogStream",
				"logs:PutLogEvents"
			],

## create-service-role.json
{
	"Version": "2012-10-17",
	"Statement": [{
		"Effect": "Allow",
		"Principal": {
			"Service": "codebuild.amazonaws.com"
		},
		"Action": [
			"sts:AssumeRole",
                	"ssm:GetParameters",

## index.ts
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

/*
 * 1) Single step deployment of three IAM Roles
 */

function createIAMRole(name: string): aws.iam.Role {

## index.ts
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

/*
 * 1) Single step deployment three IAM Roles
 */

// Administrator AWS IAM clusterAdminRole with full access to all AWS resources

## external cloud-controller-manager-aws
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cloud-controller-manager
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:

## ingress-tls-secret.yaml
apiVersion: v1
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
kind: Secret
metadata:
  name: testsecret
  namespace: default
type: Opaque
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"acm:DescribeCertificate",
	"acm:ListCertificates",
	"acm:GetCertificate"
	],
	import * as azure from "@pulumi/azure";
	import * as pulumi from "@pulumi/pulumi";
	import * as k8s from "@pulumi/kubernetes";
	import * as azuread from "@pulumi/azuread";

	// Step 1: Parse and export configuration variables for the AKS stack.
	const config = new pulumi.Config();
	export const password = config.require("password");
	export const location = config.get("location") \|\| "East US";
	export const failoverLocation = config.get("failoverLocation") \|\| "East US 2";
	echo "Updating Pulumi Stack"

	# Download dependencies and build
	npm install
	npm run build

	# Update the stack
	pulumi stack select acme/website-production
	pulumi update --yes
	version: 0.2

	phases:
	install:
	commands:
	# pulumi
	- curl -L https://get.pulumi.com/ \| bash -s -- --version 0.16.2
	- export PATH=$PATH:$HOME/.pulumi/bin
	build:
	commands:
	{
	"Version": "2012-10-17",
	"Statement": [{
	"Sid": "CloudWatchLogsPolicy",
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents"
	],
	import * as aws from "@pulumi/aws";
	import * as awsx from "@pulumi/awsx";
	import * as eks from "@pulumi/eks";
	import * as k8s from "@pulumi/kubernetes";

	/*
	* 1) Single step deployment of three IAM Roles
	*/

	function createIAMRole(name: string): aws.iam.Role {
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: cloud-controller-manager
	namespace: kube-system
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	apiVersion: v1
	data:
	tls.crt: base64 encoded cert
	tls.key: base64 encoded key
	kind: Secret
	metadata:
	name: testsecret
	namespace: default
	type: Opaque