AWSTemplateFormatVersion: '2010-09-09' Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. SgIngressCidr: Description: The IP address range that can be used to communicate to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. EksCtlHostInstanceType: Description: Enter t2.micro, t2.small, t2.medium, t3.micro, t3.small, t3.medium. Default is t3.small. Type: String Default: t3.small AllowedValues: - t2.micro - t2.small - t2.medium - t3.micro - t3.small - t3.medium LatestAmiId: Description: (DO NOT CHANGE) Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' AllowedValues: - /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 ClusterBaseName: Type: String Default: eks-work TargetRegion: Type: String Default: ap-southeast-1 AvailabilityZone1: Type: String Default: ap-southeast-1a AvailabilityZone2: Type: String Default: ap-southeast-1b AvailabilityZone3: Type: String Default: ap-southeast-1c VpcBlock: Type: String Default: 192.168.0.0/16 WorkerSubnet1Block: Type: String Default: 192.168.0.0/24 WorkerSubnet2Block: Type: String Default: 192.168.1.0/24 WorkerSubnet3Block: Type: String Default: 192.168.2.0/24 Resources: # VPC EksWorkVPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcBlock EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${ClusterBaseName}-VPC WorkerSubnet1: Type: AWS::EC2::Subnet Properties: AvailabilityZone: !Ref AvailabilityZone1 CidrBlock: !Ref WorkerSubnet1Block VpcId: !Ref EksWorkVPC MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${ClusterBaseName}-WorkerSubnet1 WorkerSubnet2: Type: AWS::EC2::Subnet Properties: AvailabilityZone: !Ref AvailabilityZone2 CidrBlock: !Ref WorkerSubnet2Block VpcId: !Ref EksWorkVPC MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${ClusterBaseName}-WorkerSubnet2 WorkerSubnet3: Type: AWS::EC2::Subnet Properties: AvailabilityZone: !Ref AvailabilityZone3 CidrBlock: !Ref WorkerSubnet3Block VpcId: !Ref EksWorkVPC MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${ClusterBaseName}-WorkerSubnet3 InternetGateway: Type: AWS::EC2::InternetGateway VPCGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref EksWorkVPC WorkerSubnetRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref EksWorkVPC Tags: - Key: Name Value: !Sub ${ClusterBaseName}-WorkerSubnetRouteTable WorkerSubnetRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref WorkerSubnetRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway WorkerSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref WorkerSubnet1 RouteTableId: !Ref WorkerSubnetRouteTable WorkerSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref WorkerSubnet2 RouteTableId: !Ref WorkerSubnetRouteTable WorkerSubnet3RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref WorkerSubnet3 RouteTableId: !Ref WorkerSubnetRouteTable # EKSCTL-Host EKSEC2SG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: eksctl-host Security Group VpcId: !Ref EksWorkVPC Tags: - Key: Name Value: !Sub ${ClusterBaseName}-HOST-SG SecurityGroupIngress: - IpProtocol: '-1' #FromPort: '22' #ToPort: '22' CidrIp: !Ref SgIngressCidr EKSEC2: Type: AWS::EC2::Instance Properties: InstanceType: !Ref EksCtlHostInstanceType ImageId: !Ref LatestAmiId KeyName: !Ref KeyName Tags: - Key: Name Value: !Sub ${ClusterBaseName}-host NetworkInterfaces: - DeviceIndex: 0 SubnetId: !Ref WorkerSubnet1 GroupSet: - !Ref EKSEC2SG AssociatePublicIpAddress: true PrivateIpAddress: 192.168.0.100 BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeType: gp2 VolumeSize: 20 DeleteOnTermination: true UserData: Fn::Base64: !Sub | #!/bin/bash hostnamectl --static set-hostname eksctl-host # Install tools yum -y install git tree tmux jq lynx htop # Install aws cli v2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install export PATH=/usr/local/bin:$PATH source ~/.bash_profile complete -C '/usr/local/bin/aws_completer' aws # Install eksctl curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp mv /tmp/eksctl /usr/local/bin # Install kubectl v1.21.2 curl -LO https://dl.k8s.io/release/v1.21.2/bin/linux/amd64/kubectl install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Install postgresql11 amazon-linux-extras install -y postgresql11 # Install the full Amazon Corretto 11 yum install java-11-amazon-corretto -y # Install Docker amazon-linux-extras install docker -y systemctl start docker && systemctl enable docker # Install nodejs yum install -y gcc-c++ make curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash - yum install -y nodejs # Source bash-completion for kubectl source <(kubectl completion bash) echo 'source <(kubectl completion bash)' >>~/.bashrc echo 'alias k=kubectl' >> ~/.bashrc echo 'complete -F __start_kubectl k' >>~/.bashrc # Install kubens kubectx git clone https://github.com/ahmetb/kubectx /opt/kubectx ln -s /opt/kubectx/kubens /usr/local/bin/kubens ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx # Config convenience echo 'alias vi=vim' >> /etc/profile echo "sudo su -" >> /home/ec2-user/.bashrc # Change localtime sed -i "s/UTC/Asia\/Seoul/g" /etc/sysconfig/clock ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime Outputs: VPC: Value: !Ref EksWorkVPC WorkerSubnets: Value: !Join - "," - [!Ref WorkerSubnet1, !Ref WorkerSubnet2, !Ref WorkerSubnet3] RouteTable: Value: !Ref WorkerSubnetRouteTable eksctlhost: Value: !GetAtt EKSEC2.PublicIp