eks

eks/README.md

@@ -0,0 +1,19 @@
+# Setup EKS
+```
+eksctl create cluster --name=cluster-2 --nodes=2 --region=eu-west-1 --managed
+```
+
+# Setup IAM Roles for Service Accounts
+
+Enable IAM Roles for Service Accounts on the EKS cluster
+
+```
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2
+eksctl utils associate-iam-oidc-provider --cluster=cluster-2 --approve
+```
+
+Create new IAM Role using eksctl
+```
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+eksctl create iamserviceaccount --cluster=cluster-2 --name=myserviceaccount --namespace=default --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess --approve
+```

eks/amazonlinux-nonroot.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]

eks/amazonlinux.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amazonlinux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: amazonlinux
+  template:
+    metadata:
+      labels:
+        app: amazonlinux
+    spec:
+      serviceAccount: myserviceaccount
+      containers:
+      - name: amazonlinux
+        image: amazonlinux:2
+        command: ["sleep", "infinity"]