Last active
August 30, 2020 17:40
-
-
Save fincd-aws/208394e387eef07521f85bb285ef1e3c to your computer and use it in GitHub Desktop.
Revisions
-
fincd-aws revised this gist
Aug 30, 2020 . 1 changed file with 1 addition and 20 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -54,23 +54,4 @@ MetadataOptions: HttpPutResponseHopLimit: 2 HttpEndpoint: enabled HttpTokens: optional -
Aug 30, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,76 @@ NodeLaunchTemplate: Type: 'AWS::EC2::LaunchTemplate' Properties: LaunchTemplateData: BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: DeleteOnTermination: true VolumeSize: !Ref NodeVolumeSize VolumeType: gp2 IamInstanceProfile: Arn: !GetAtt NodeInstanceProfile.Arn ImageId: !If - HasNodeImageId - Ref: NodeImageId - Ref: NodeImageIdSSMParam InstanceType: !Ref NodeInstanceType KeyName: !Ref KeyName SecurityGroupIds: !Ref NodeSecurityGroups UserData: !Base64 'Fn::Sub': > <powershell> [string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS" [string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1' [string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName" [string]$cfn_signal = "$env:ProgramFiles\Amazon\cfn-bootstrap\cfn-signal.exe" ## disable realtime scanning # Set-MpPreference -DisableRealtimeMonitoring $true ## disable all of Windows Defender #reg.exe ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender' /t REG_DWORD /v DisableAntiSpyware /d 1 ## remove Windows Defender Uninstall-WindowsFeature -Name Windows-Defender # enable kube-proxy alpha DSR network mode (Get-Content $EKSBootstrapScriptFile).replace('"--proxy-mode=kernelspace",', '"--proxy-mode=kernelspace", "--feature-gates WinDSR=true", "--enable-dsr",') | Set-Content $EKSBootstrapScriptFile & $EKSBootstrapScriptFile -EKSClusterName ${ClusterName} ${BootstrapArguments} 3>&1 4>&1 5>&1 6>&1 $LastError = if ($?) { 0 } else { $Error[0].Exception.HResult } & $cfn_signal --exit-code=$LastError ` --stack="${AWS::StackName}" ` --resource="NodeGroup" ` --region=${AWS::Region} </powershell> MetadataOptions: HttpPutResponseHopLimit: 2 HttpEndpoint: enabled HttpTokens: !If - IMDSv1Disabled - required - optional ## remove Windows Defender Uninstall-WindowsFeature -Name Windows-Defender # enable kube-proxy alpha DSR network mode (Get-Content $EKSBootstrapScriptFile).replace('"--proxy-mode=kernelspace",', '"--proxy-mode=kernelspace", "--feature-gates WinDSR=true", "--enable-dsr",') | Set-Content $EKSBootstrapScriptFile & $EKSBootstrapScriptFile -EKSClusterName ${ClusterName} ${BootstrapArguments} 3>&1 4>&1 5>&1 6>&1 $LastError = if ($?) { 0 } else { $Error[0].Exception.HResult } & $cfn_signal --exit-code=$LastError ` --stack="${AWS::StackName}" ` --resource="NodeGroup" ` --region=${AWS::Region} </powershell>