cat < vpc-workflow.yaml apiVersion: ec2.services.k8s.aws/v1alpha1 kind: VPC metadata: name: tutorial-vpc spec: cidrBlocks: - 10.0.0.0/16 enableDNSSupport: true enableDNSHostnames: true tags: - key: name value: vpc-tutorial --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: InternetGateway metadata: name: tutorial-igw spec: vpcRef: from: name: tutorial-vpc --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: NATGateway metadata: name: tutorial-natgateway1 spec: subnetRef: from: name: tutorial-public-subnet1 allocationRef: from: name: tutorial-eip1 --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: ElasticIPAddress metadata: name: tutorial-eip1 spec: tags: - key: name value: eip-tutorial --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: RouteTable metadata: name: tutorial-public-route-table spec: vpcRef: from: name: tutorial-vpc routes: - destinationCIDRBlock: 0.0.0.0/0 gatewayRef: from: name: tutorial-igw --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: RouteTable metadata: name: tutorial-private-route-table-az1 spec: vpcRef: from: name: tutorial-vpc routes: - destinationCIDRBlock: 0.0.0.0/0 natGatewayRef: from: name: tutorial-natgateway1 --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: Subnet metadata: name: tutorial-public-subnet1 spec: availabilityZone: ap-northeast-2a cidrBlock: 10.0.0.0/20 mapPublicIPOnLaunch: true vpcRef: from: name: tutorial-vpc routeTableRefs: - from: name: tutorial-public-route-table --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: Subnet metadata: name: tutorial-private-subnet1 spec: availabilityZone: ap-northeast-2a cidrBlock: 10.0.128.0/20 vpcRef: from: name: tutorial-vpc routeTableRefs: - from: name: tutorial-private-route-table-az1 --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: SecurityGroup metadata: name: tutorial-security-group spec: description: "ack security group" name: tutorial-sg vpcRef: from: name: tutorial-vpc ingressRules: - ipProtocol: tcp fromPort: 22 toPort: 22 ipRanges: - cidrIP: "0.0.0.0/0" description: "ingress" EOF