- Create IAM Role with EKSClusterPolicy
- Create VPC with 2 public & private subnets
- Create a cluster (control plane gets created)
- Create Security group from ec2
- Create key-pair from ec2
- Create a nodegroup - another security group is created
- Based on nodegroup config, number of EC2 will be created
- Configure bastion host EC2 instance with public subnet
- Login in bastion host using public ip via ssh
ssh -i night-owl-dev-cluster.pem ec2-user@<bastion-ec2-public-ip, use pem from step 5 - configure terminal (remote) to access aws
aws configure - install kubectl inside bastion host: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html#linux_amd64_kubectl
- Create kubeconfig file for the cluster: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html |
aws eks update-kubeconfig --region ap-southeast-1 --name night-owl-dev-cluster - To make kubectl commands work, update cluster Networking > network security group
- add/update inbound rule, add https from bastion-host-scgrop
- at this point, we can run
kubectl get ...and other kubectl commands.
eksctl utils associate-iam-oidc-provider --region ap-southeast-1 --cluster owl-cluster --approve
eksctl create iamserviceaccount
--name ebs-csi-controller-sa
--namespace kube-system
--cluster owl-cluster
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
--approve
--region ap-southeast-1
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=release-1.38"
aws eks describe-addon-versions
--kubernetes-version=1.31
--addon-name=aws-ebs-csi-driver
--query='addons[].addonVersions[].addonVersion'
terraform apply -var-file="secrets.tfvars"