Joakim Hansson joakimhew
🐐
joakimhew
/ medium_full_example_annotate_nodes.sh
Created
October 15, 2021 16:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| for kind in daemonSet clusterRole clusterRoleBinding serviceAccount; do | |
| echo "setting annotations and labels on $kind/aws-node" | |
| kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-name=aws-vpc-cni | |
| kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-namespace=kube-system | |
| kubectl -n kube-system label --overwrite $kind aws-node app.kubernetes.io/managed-by=Helm | |
| done |
joakimhew
/ medium_full_example
Last active
November 27, 2023 14:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################################## | |
| # # | |
| # Create a new subnet in az-1a and associate it with the az-1a route table # | |
| # # | |
| ######################################################################################## | |
| resource "aws_subnet" "extra_az_1a" { | |
| vpc_id = var.eks_vpc_id | |
| cidr_block = "100.64.0.0/19" | |
| availability_zone = "eu-west-1a" |
joakimhew
/ medium_eks_cluster.tf
Last active
October 20, 2021 11:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module "eks" { | |
| source = "terraform-aws-modules/eks/aws" | |
| version = "v17.20.0" | |
| cluster_name = "dev-cluster" | |
| cluster_version = "1.20" | |
| subnets = ["10.24.56.128/26", "10.24.56.192/27", "10.24.56.224/27"] | |
| vpc_id = var.eks_vpc_id | |
| cluster_endpoint_private_access = true // In this example, we only want to allow access to the Kubernetes API from within our enterprise network | |
| cluster_create_endpoint_private_access_sg_rule = true | |
| cluster_endpoint_private_access_cidrs = ["10.0.0.0/8"] // Your enterprise CIDR range that should be allowed access to the k8s API |
joakimhew
/ medium_cycle_nodes.tf
Last active
October 15, 2021 16:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "null_resource" "cycle_nodes" { | |
| triggers = { | |
| "sha256" = filesha256("./cycle-nodes.sh") | |
| } | |
| provisioner "local-exec" { | |
| command = <<EOH | |
| chmod 0755 cycle-nodes.sh | |
| ./cycle-nodes.sh -c dev-cluster | |
| EOH |
joakimhew
/ medium_cycle_nodes.sh
Created
October 15, 2021 15:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| usage() { echo "Usage: $0 [-c <cluster-name>] [-a <assume-role>]" 1>&2; exit 1; } | |
| while getopts ":c:a:" o; do | |
| case "${o}" in | |
| c) | |
| CLUSTER=${OPTARG} | |
| ;; | |
| a) | |
| ASSUME_ROLE_ARN=${OPTARG} |
joakimhew
/ medium_example_eniconfig.yaml
Created
October 15, 2021 15:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: crd.k8s.amazonaws.com/v1alpha1 | |
| kind: ENIConfig | |
| metadata: | |
| name: group1-pod-netconfig | |
| spec: | |
| subnet: subnet-04f960ffc8be6865c | |
| securityGroups: | |
| - sg-070d03008bda531ad | |
| - sg-06e5cab8e5d6f16ef |
joakimhew
/ medium_annotate_nodes.tf
Created
October 15, 2021 14:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "null_resource" "annotate_nodes" { | |
| triggers = { | |
| "sha256" = filesha256("./annotate-nodes.sh") | |
| } | |
| provisioner "local-exec" { | |
| command = <<EOH | |
| chmod 0755 annotate-nodes.sh | |
| ./annotate-nodes.sh | |
| EOH |
joakimhew
/ medium_annotate_nodes.sh
Created
October 15, 2021 14:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| for kind in daemonSet clusterRole clusterRoleBinding serviceAccount; do | |
| echo "setting annotations and labels on $kind/aws-node" | |
| kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-name=aws-vpc-cni | |
| kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-namespace=kube-system | |
| kubectl -n kube-system label --overwrite $kind aws-node app.kubernetes.io/managed-by=Helm | |
| done |
joakimhew
/ medium_aws_vpc_cni_helm.tf
Last active
October 15, 2021 16:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "helm_release" "this" { | |
| name = "aws-vpc-cni" | |
| namespace = "kube-system" | |
| repository = "https://aws.github.io/eks-charts" | |
| chart = "aws-vpc-cni" | |
| values = [ | |
| <<EOT | |
| crd: |
joakimhew
/ medium_subnets.tf
Last active
October 15, 2021 14:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################################## | |
| # # | |
| # Create a new subnet in az-1a and associate it with the az-1a route table # | |
| # # | |
| ######################################################################################## | |
| resource "aws_subnet" "extra_az_1a" { | |
| vpc_id = var.eks_vpc_id | |
| cidr_block = "100.64.0.0/19" | |
| availability_zone = "eu-west-1a" |