/
integ.eks-cluster.ts
121 lines (100 loc) · 3.97 KB
/
integ.eks-cluster.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import * as ec2 from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
import { App, CfnOutput, Duration } from '@aws-cdk/core';
import * as eks from '../lib';
import * as hello from './hello-k8s';
import { TestStack } from './util';
class EksClusterStack extends TestStack {
constructor(scope: App, id: string) {
super(scope, id);
// allow all account users to assume this role in order to admin the cluster
const mastersRole = new iam.Role(this, 'AdminRole', {
assumedBy: new iam.AccountRootPrincipal(),
});
// just need one nat gateway to simplify the test
const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 3, natGateways: 1 });
// create the cluster with a default nodegroup capacity
const cluster = new eks.Cluster(this, 'Cluster', {
vpc,
mastersRole,
defaultCapacity: 2,
version: '1.16',
});
// fargate profile for resources in the "default" namespace
cluster.addFargateProfile('default', {
selectors: [{ namespace: 'default' }],
});
// add some capacity to the cluster. The IAM instance role will
// automatically be mapped via aws-auth to allow nodes to join the cluster.
cluster.addCapacity('Nodes', {
instanceType: new ec2.InstanceType('t2.medium'),
minCapacity: 3,
});
// add bottlerocket nodes
cluster.addCapacity('BottlerocketNodes', {
instanceType: new ec2.InstanceType('t3.small'),
minCapacity: 2,
machineImageType: eks.MachineImageType.BOTTLEROCKET,
});
// spot instances (up to 10)
cluster.addCapacity('spot', {
spotPrice: '0.1094',
instanceType: new ec2.InstanceType('t3.large'),
maxCapacity: 10,
bootstrapOptions: {
kubeletExtraArgs: '--node-labels foo=bar,goo=far',
awsApiRetryAttempts: 5,
},
});
// inference instances
cluster.addCapacity('InferenceInstances', {
instanceType: new ec2.InstanceType('inf1.2xlarge'),
minCapacity: 1,
});
// add a extra nodegroup
cluster.addNodegroup('extra-ng', {
instanceType: new ec2.InstanceType('t3.small'),
minSize: 1,
// reusing the default capacity nodegroup instance role when available
nodeRole: cluster.defaultCapacity ? cluster.defaultCapacity.role : undefined,
});
// apply a kubernetes manifest
cluster.addResource('HelloApp', ...hello.resources);
// deploy the Kubernetes dashboard through a helm chart
cluster.addChart('dashboard', {
chart: 'kubernetes-dashboard',
repository: 'https://kubernetes.github.io/dashboard/',
});
// deploy an nginx ingress in a namespace
const nginxNamespace = cluster.addResource('nginx-namespace', {
apiVersion: 'v1',
kind: 'Namespace',
metadata: {
name: 'nginx',
},
});
const nginxIngress = cluster.addChart('nginx-ingress', {
chart: 'nginx-ingress',
repository: 'https://helm.nginx.com/stable',
namespace: 'nginx',
wait: true,
createNamespace: false,
timeout: Duration.minutes(15),
});
// make sure namespace is deployed before the chart
nginxIngress.node.addDependency(nginxNamespace);
// add a service account connected to a IAM role
cluster.addServiceAccount('MyServiceAccount');
new CfnOutput(this, 'ClusterEndpoint', { value: cluster.clusterEndpoint });
new CfnOutput(this, 'ClusterArn', { value: cluster.clusterArn });
new CfnOutput(this, 'ClusterCertificateAuthorityData', { value: cluster.clusterCertificateAuthorityData });
new CfnOutput(this, 'ClusterSecurityGroupId', { value: cluster.clusterSecurityGroupId });
new CfnOutput(this, 'ClusterEncryptionConfigKeyArn', { value: cluster.clusterEncryptionConfigKeyArn });
new CfnOutput(this, 'ClusterName', { value: cluster.clusterName });
}
}
const app = new App();
// since the EKS optimized AMI is hard-coded here based on the region,
// we need to actually pass in a specific region.
new EksClusterStack(app, 'aws-cdk-eks-cluster-test');
app.synth();