apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: tip-wlan-main region: ap-south-1 version: "1.27" iam: withOIDC: true serviceAccounts: - metadata: name: aws-load-balancer-controller namespace: kube-system wellKnownPolicies: awsLoadBalancerController: true #- metadata: # name: ebs-csi-controller-sa # namespace: kube-system # wellKnownPolicies: # ebsCSIController: true #- metadata: # name: efs-csi-controller-sa # namespace: kube-system # wellKnownPolicies: # efsCSIController: true #- metadata: # name: external-dns # namespace: kube-system # wellKnownPolicies: # externalDNS: true #- metadata: # name: cert-manager # namespace: cert-manager # wellKnownPolicies: # certManager: true - metadata: name: cluster-autoscaler namespace: kube-system labels: {aws-usage: "cluster-ops"} wellKnownPolicies: autoScaler: true - metadata: name: autoscaler-service namespace: kube-system attachPolicy: # inline policy can be defined along with `attachPolicyARNs` Version: "2012-10-17" Statement: - Effect: Allow Action: - "autoscaling:DescribeAutoScalingGroups" - "autoscaling:DescribeAutoScalingInstances" - "autoscaling:DescribeLaunchConfigurations" - "autoscaling:DescribeTags" - "autoscaling:SetDesiredCapacity" - "autoscaling:TerminateInstanceInAutoScalingGroup" - "ec2:DescribeLaunchTemplateVersions" Resource: '*' availabilityZones: - ap-south-1a - ap-south-1b - ap-south-1c vpc: cidr: 10.10.0.0/16 clusterEndpoints: publicAccess: true privateAccess: true #managedNodeGroups: #- name: def # instanceType: c5.xlarge # amiFamily: AmazonLinux2 # #Try this next time with unsafe-sysctls: # #ami: ami-0c92ea9c7c0380b66 # #ami: ami-03a6eaae9938c858c # minSize: 3 # maxSize: 8 # volumeSize: 100 # ssh: # import public key from file # allow: true # publicKeyPath: id_rsa_tip-wlan-main.pub # # This does not work for managed node groups: # #overrideBootstrapCommand: | # # #!/bin/bash # # /etc/eks/bootstrap.sh tip-wlan-main --kubelet-extra-args "--allowed-unsafe-sysctls 'net.*'" # tags: # # EC2 tags required for cluster-autoscaler auto-discovery # k8s.io/cluster-autoscaler/enabled: "true" # k8s.io/cluster-autoscaler/tip-wlan-main: "owned" # kubernetes.io/cluster-autoscaler/enabled: "true" # kubernetes.io/cluster-autoscaler/tip-wlan-main: "owned" nodeGroups: - name: def instanceType: c5.xlarge amiFamily: AmazonLinux2 minSize: 3 maxSize: 8 desiredCapacity: 6 volumeSize: 100 ssh: # import public key from file allow: true publicKeyPath: id_rsa_tip-wlan-main.pub kubeletExtraConfig: allowedUnsafeSysctls: - "net.ipv4.tcp_keepalive_intvl" - "net.ipv4.tcp_keepalive_probes" - "net.ipv4.tcp_keepalive_time" tags: # EC2 tags required for cluster-autoscaler auto-discovery k8s.io/cluster-autoscaler/enabled: "true" k8s.io/cluster-autoscaler/tip-wlan-main: "owned" kubernetes.io/cluster-autoscaler/enabled: "true" kubernetes.io/cluster-autoscaler/tip-wlan-main: "owned" iamIdentityMappings: - arn: arn:aws:iam::289708231103:user/gha-wlan-testing username: gha-wlan-testing noDuplicateARNs: true # prevents shadowing of ARNs groups: - system:masters - arn: arn:aws:iam::289708231103:user/gha-toolsmith username: gha-toolsmith noDuplicateARNs: true groups: - system:masters - arn: arn:aws:iam::289708231103:user/gha-wlan-cloud-helm username: gha-wlan-cloud-helm noDuplicateARNs: true groups: - system:masters - arn: arn:aws:iam::289708231103:role/AWSReservedSSO_SystemAdministrator_622371b0ceece6f8 groups: - system:masters username: admin noDuplicateARNs: true # prevents shadowing of ARNs addons: - name: vpc-cni # no version is specified so it deploys the default version attachPolicyARNs: - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - name: coredns version: latest # auto discovers the latest available - name: kube-proxy version: latest #- name: aws-ebs-csi-driver # wellKnownPolicies: # add IAM and service account # ebsCSIController: true