README

Warning

• Confirmed AWS CDK v0.24.1.

• Problematic security group.

• Problematic policy.

• Subnet is restricted to public.

• Add tags of instance using Userdata.

• There are a lot of fixed values.

• Perhaps the EBS volume is as follows.

  • Instance Size Small: 1GB

  • Instance Size Medium: 20GB

  • Instance Size Large: 20GB

• Many more.

Install

• git clone https://github.com/high-u/cdk-eks.git

• cd cdk-eks

• npm install -prefix ./cluster

• npm install -prefix ./nodegroup

Build

• npm run build -prefix ./cluster

• npm run build -prefix ./nodegroup

Initialize

• cp cdk-default.json cdk.json

• Edit "cdk.json".

  • Input "clusterStackName", "nodeGroupStackName", "clusterName", and "vpcName". (Require)

  • Input "keyPairName" if necessary.

  • Check AMI. https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html

Deploy

• aws configure get region

  • Region: https://docs.aws.amazon.com/general/latest/gr/rande.html

• cdk -a ./cluster/bin/cluster.js deploy

• cdk -a ./nodegroup/bin/nodegroup.js deploy

• Options not asked for yes / no.

  • --require-approval never

Update kubernetes config

• [[ $(cat cdk.json) =~ (\"clusterName\": \")([^\"]+) ]] && CDK_CLUSTER_NAME=${BASH_REMATCH[2]}

• echo ${CDK_CLUSTER_NAME}

• aws eks update-kubeconfig --name ${CDK_CLUSTER_NAME}

Adding nodes to the cluster

Add

• curl -O https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-12-10/aws-auth-cm.yaml

• [[ $(cat cdk.json) =~ (\"nodeGroupStackName\": \")([^\"]+) ]] && CDK_STACK_NAME=${BASH_REMATCH[2]}

• echo ${CDK_STACK_NAME}

• CDK_NODE_ROLE=$(aws cloudformation describe-stacks --stack-name ${CDK_STACK_NAME} --output text | grep -o arn:aws:iam[a-zA-Z0-9:\/\-]*)

• echo ${CDK_NODE_ROLE}

• sed -ie "s|<ARN of instance role (not instance profile)>|${CDK_NODE_ROLE}|" aws-auth-cm.yaml

• kubectl apply -f aws-auth-cm.yaml

Check

• kubectl get nodes --watch

• kubectl get pods -n kube-system

Check 2

Install dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f ./yaml/kube-clusterrolebinding.yml
kubectl apply -f ./yaml/kube-service-account.yml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
kubectl proxy

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Destroy

• cdk -a ./nodegroup/bin/nodegroup.js destroy

• cdk -a ./cluster/bin/cluster.js destroy

Reference commands

• npm run build compile typescript to js

• npm run watch watch for changes and compile

• cdk deploy deploy this stack to your default AWS account/region

• cdk diff compare deployed stack with current state

• cdk synth emits the synthesized CloudFormation template

Reference files

• https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-12-10/aws-auth-cm.yaml

• https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-12-10/amazon-eks-nodegroup.yaml