Last active
May 16, 2021 17:43
-
-
Save jpadams/9de54c2399bb8fda1809aada35f00de2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CLUSTER_NAME=<your cluster name> | |
| AWS_REGION=<your region> | |
| #https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html | |
| cat << EOF > ./trust-relationship.json | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "eks-fargate-pods.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| } | |
| EOF | |
| aws iam create-role --role-name AmazonEKSFargatePodExecutionRole --assume-role-policy-document file://trust-relationship.json | |
| aws iam attach-role-policy --role-name AmazonEKSFargatePodExecutionRole --policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy | |
| eksctl create cluster --name $CLUSTER_NAME --version 1.14 --fargate | |
| #https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html | |
| #Confirming that correct 'elb' tags in place | |
| #aws eks describe-cluster --name $CLUSTER_NAME | |
| #aws eks describe-cluster --name $CLUSTER_NAME | jq '.cluster.resourcesVpcConfig.subnetIds[]' | xargs aws ec2 describe-subnets --subnet-ids | |
| #aws eks describe-cluster --name $CLUSTER_NAME | jq '.cluster.resourcesVpcConfig.subnetIds[]' | xargs aws ec2 describe-subnets --subnet-ids | grep elb -B2 -A1 | |
| AWS_VPC_ID=$(aws eks describe-cluster --name $CLUSTER_NAME | jq -r '.cluster.resourcesVpcConfig.vpcId') | |
| echo "AWS VPC ID: $AWS_VPC_ID" | |
| curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/iam-policy.json | |
| POLICY_EXISTING=$(aws iam list-policies | jq -r '.[][] | select(.PolicyName=="ALBIngressControllerIAMPolicy") | .Arn') | |
| if [ $POLICY_EXISTING ] | |
| then | |
| POLICY_ARN=$POLICY_EXISTING; | |
| else | |
| POLICY_ARN=$(aws iam create-policy --policy-name ALBIngressControllerIAMPolicy --policy-document file://iam-policy.json | jq -r '.Policy.Arn') | |
| fi | |
| echo "POLICY ARN: $POLICY_ARN" | |
| ROLE_NAME=$(kubectl -n kube-system describe configmap aws-auth | grep rolearn | cut -d'/' -f2) | |
| echo "ROLE NAME: $ROLE_NAME" | |
| aws iam attach-role-policy \ | |
| --policy-arn $POLICY_ARN \ | |
| --role-name $ROLE_NAME | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/alb-ingress-controller.yaml | |
| kubectl get deployment.apps/alb-ingress-controller -n kube-system -o json | jq '.spec.template.spec.containers[0].args += ["--cluster-name='$CLUSTER_NAME'", "--aws-vpc-id='$AWS_VPC_ID'", "--aws-region='$AWS_REGION'"]' | kubectl apply -f - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment