- AWS CLI Installed (>= v2.7)
- AWS CLI Profile called
terraformconfigured kubectlinstalled
terraform init
terraform plan -out /path/to/some/file.out
terraform apply "/path/to/some/file.out"This can take up to twenty minutes. Setting up the cluster and node groups takes a long time.
# Update config with cluster information
aws eks --region us-east-1 update-kubeconfig --name MyAwesomeCluster --profile terraform
# Check you can connect
kubectl get services
# Deploy Nginx App
kubectl apply -f k8s/app.yaml
# Check deployment worked
kubectl get pods
kubectl get servicesIf the deployment was successful, you should eventually see a DNS name for both load balancers.
It may take up to five minutes for the load balancers to become active and to eventually see the "Welcome to nginx!" page
A group eks-devs will be created with a member named john. You need to go into the console and create Access/Secret keys for john.
Then configure a profile named john in the AWS CLI.
aws configure --profile john
aws sts assume-role --role-arn arn:aws:iam::1234567890:role/eks-admin --role-session-name john-session --profile john# Create roles and bindings
kubectl apply -f k8s/readers-group.yaml
kubectl edit -n kube-system configmap/aws-authAdd the following item under mapRoles, using your own role's ARN.
- rolearn: arn:aws:iam::1234567890:role/eks-admin
username: eks-admin
groups:
- system:mastersThen edit your .aws/config file to add a profile so you can assume the role
[profile eks-admin]
role_arn = arn:aws:iam::1234567890:role/eks-admin
source_profile = john
Then update the context
aws eks update-kubeconfig --region us-east-1 --name MyAwesomeCluster --profile eks-adminConfirm the eks-admin role is being used with
kubectl config view --minifyConfirm that you have admin permissions and can execute all actions with this command. The output should be yes.
kubectl auth can-i "*" "*"