Skip to content
This repository has been archived by the owner on Aug 29, 2024. It is now read-only.

Commit

Permalink
tweaking for ipv6/nodeadm
Browse files Browse the repository at this point in the history
  • Loading branch information
@adonm
adonm committed Aug 22, 2024
1 parent 0e3a976 commit 71a03e2
Showing 1 changed file with 131 additions and 29 deletions.
160 changes: 131 additions & 29 deletions rancher_setup/aws-eks.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: EKS cluster with simplified VPC, i4i.xlarge instances, standard support, and mixed instance policy
Description: EKS cluster with IPv6 VPC, i4i.xlarge instances, standard support, mixed instance policy, 600 pods per node, and Longhorn S3 backup bucket

Resources:
VPC:
Expand All @@ -8,60 +8,117 @@ Resources:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-VPC

VPCCidrBlock:
Type: AWS::EC2::VPCCidrBlock
Properties:
VpcId: !Ref VPC
AmazonProvidedIpv6CidrBlock: true

InternetGateway:
Type: AWS::EC2::InternetGateway

IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway

PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Select [ 0, !Cidr [ !GetAtt VPC.CidrBlock, 3, 12 ] ]
AvailabilityZone: !Select [0, !GetAZs ""]
CidrBlock: 10.0.0.0/18
MapPublicIpOnLaunch: true
AssignIpv6AddressOnCreation: true
Ipv6CidrBlock:
Fn::Select:
- 0
- Fn::Cidr:
- Fn::Select:
- 0
- Fn::GetAtt:
- VPC
- Ipv6CidrBlocks
- 3
- 64

PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Select [ 1, !Cidr [ !GetAtt VPC.CidrBlock, 3, 12 ] ]
AvailabilityZone: !Select [1, !GetAZs ""]
CidrBlock: 10.0.64.0/18
MapPublicIpOnLaunch: true
AssignIpv6AddressOnCreation: true
Ipv6CidrBlock:
Fn::Select:
- 1
- Fn::Cidr:
- Fn::Select:
- 0
- Fn::GetAtt:
- VPC
- Ipv6CidrBlocks
- 3
- 64

PublicSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: !Select [ 2, !Cidr [ !GetAtt VPC.CidrBlock, 3, 12 ] ]
AvailabilityZone: !Select [2, !GetAZs ""]
CidrBlock: 10.0.128.0/18
MapPublicIpOnLaunch: true
AssignIpv6AddressOnCreation: true
Ipv6CidrBlock:
Fn::Select:
- 2
- Fn::Cidr:
- Fn::Select:
- 0
- Fn::GetAtt:
- VPC
- Ipv6CidrBlocks
- 3
- 64

PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC

PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway

PublicRouteIPv6:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationIpv6CidrBlock: ::/0
GatewayId: !Ref InternetGateway

PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable

PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable

PublicSubnet3RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
Expand Down Expand Up @@ -91,6 +148,8 @@ Resources:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
- !Ref PublicSubnet3
KubernetesNetworkConfig:
IpFamily: ipv6
UpgradePolicy:
SupportType: STANDARD

Expand All @@ -114,21 +173,30 @@ Resources:
Properties:
LaunchTemplateData:
InstanceType: i4i.xlarge
ImageId: '{{resolve:ssm:/aws/service/eks/optimized-ami/1.30/amazon-linux-2023/x86_64/standard/recommended/image_id}}'
UserData:
Fn::Base64:
!Sub |
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==BOUNDARY=="

--==BOUNDARY==
Content-Type: text/x-shellscript; charset="us-ascii"

#!/bin/bash
/bin/setup-local-disks raid0
yum update -y
yum install -y iscsi-initiator-utils

--==BOUNDARY==--
!Sub
- |
---
apiVersion: node.eks.aws/v1alpha1
kind: NodeConfig
spec:
cluster:
name: ${ClusterName}
apiServerEndpoint: ${ApiServerEndpoint}
certificateAuthority: ${CertificateAuthority}
cidr: ${ClusterCidr}
kubelet:
config:
maxPods: 600
instance:
localStorage:
strategy: RAID0
- ClusterName: !Ref EKSCluster
ApiServerEndpoint: !GetAtt EKSCluster.Endpoint
CertificateAuthority: !GetAtt EKSCluster.CertificateAuthorityData
ClusterCidr: !GetAtt EKSCluster.KubernetesNetworkConfig.ServiceIpv6Cidr

SpotNodeGroup:
Type: AWS::EKS::Nodegroup
Expand Down Expand Up @@ -166,13 +234,47 @@ Resources:
Id: !Ref NodeLaunchTemplate
Version: !GetAtt NodeLaunchTemplate.LatestVersionNumber

LonghornBackupBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub ${AWS::StackName}-longhorn-backups
VersioningConfiguration:
Status: Enabled
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true

LonghornBackupRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: LonghornBackupS3Access
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:ListBucket
- s3:DeleteObject
Resource:
- !Sub arn:aws:s3:::${LonghornBackupBucket}
- !Sub arn:aws:s3:::${LonghornBackupBucket}/*

Outputs:
VPCId:
Description: ID of the created VPC
Value: !Ref VPC
EKSClusterName:
Description: Name of the EKS cluster
EKSCluster:
Description: EKS Cluster
Value: !Ref EKSCluster
EKSClusterEndpoint:
Description: Endpoint for the EKS cluster
Value: !GetAtt EKSCluster.Endpoint
LonghornBackupRoleARN:
Description: ARN of IAM role for Longhorn S3 backup access
Value: !GetAtt LonghornBackupRole.Arn

0 comments on commit 71a03e2

Please sign in to comment.