create file cluster-role-trust-policy.json
`aws cloudformation create-stack
--region ap-southeast-1
--stack-name test-php-web
--template-url https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml
--profile few_orm
aws iam create-role
--role-name TestPHPWebRole
--assume-role-policy-document file://"cluster-role-trust-policy.json"
--profile few_orm
aws iam attach-role-policy
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
--role-name TestPHPWebRole
--profile few_orm`
rm ~/.kube/config aws eks update-kubeconfig \ --region ap-southeast-1 \ --name test-php-web \ --profile few_orm
create file cni-role-trust-policy.json
edit config account id
aws iam create-role \ --role-name TestPHPWebCNIRole \ --assume-role-policy-document file://"cni-role-trust-policy.json" \ --profile few_orm aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \ --role-name TestPHPWebCNIRole \ --profile few_orm aws eks update-addon \ --cluster-name test-php-web \ --addon-name vpc-cni \ --service-account-role-arn arn:aws:iam::[MY-ARN]:role/TestPHPWebCNIRole \ --profile few_orm \ --region ap-southeast-1 create file node-role-trust-policy.json aws iam create-role \ --role-name TestPHPWebNodeRole \ --assume-role-policy-document file://"node-role-trust-policy.json" \ --profile few_orm aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \ --role-name TestPHPWebNodeRole \ --profile few_orm aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \ --role-name TestPHPWebNodeRole \ --profile few_orm
go to cluster > Configuration > Compute > Add Node Group
- create node
- choose instant type
- allow ssh to access node
aws eks update-cluster-config --region ap-southeast-1 --name test-php-web --resources-vpc-config endpointPublicAccess=true,publicAccessCidrs="0.0.0.0/0",endpointPrivateAccess=true --profile few_orm
aws eks describe-update --region ap-southeast-1 --name test-php-web --update-id a6ff0b7a-8461-461d-8bfb-1dfbd91e1c59 --profile few_orm
kubectl get pods --all-namespaces -o wide``
kubectl create namespace test-php-web
kubectl apply -f deploy-php-nginx.yml
kubectl get all -n test-php-web
kubectl -n test-php-web describe service test-php-web-service
kubectl -n test-php-web describe deployment test-php-web-deployment
kubectl -n test-php-web describe pod test-php-web-deployment-96ddcf945-mqp6b kubectl -n test-php-web describe pod test-php-web-deployment-96ddcf945-nfkkh kubectl -n test-php-web describe pod test-php-web-deployment-96ddcf945-wqfqg
kubectl exec -it test-php-web-deployment-96ddcf945-mqp6b -n test-php-web -- /bin/bash
kubectl delete namespace test-php-web
eksctl create cluster --name=myweb --nodes=2 --node-type=t2.micro --region ap-southeast-1 --with-oidc --ssh-access --ssh-public-key ifew_orm_macbook --managed --profile few_orm
kubectl get nodes
kubectl create namespace myweb
kubectl apply -f eks-myweb-secret.yml
kubectl get secrets -n myweb
kubectl describe secrets/myweb-secret -n myweb
get data in Secret
kubectl get secret myweb-secret -n myweb -o jsonpath='{.data}'
decoding data for readable
echo 'cGFzczEyMzQ=' | base64 --decode
kubectl apply -f eks-myweb-deploy.yml
kubectl get all -n myweb
kubectl apply -f eks-myweb-service.yml
kubectl get services -n myweb
Edit new image version in eks-myweb-deploy.yml
kubectl apply -f eks-myweb-deploy.yml
apply secret again and restart pod for get new environment
kubectl apply -f eks-myweb-secret.yml
kubectl -n myweb rollout restart deployment myweb-deployment