Skip to content

Instantly share code, notes, and snippets.

@mvlsqz

mvlsqz/deploy.sh

Last active September 26, 2025 03:00
Show Gist options
  • Save mvlsqz/04b8ba81e74a044275f4a9833695de23 to your computer and use it in GitHub Desktop.
Save mvlsqz/04b8ba81e74a044275f4a9833695de23 to your computer and use it in GitHub Desktop.
Download ZIP
Create EKS with cdk
Raw
deploy.sh
#!/bin/bash
cdk deploy --context --context adminUsersArns='["arn:aws:iam::049965557416:user/k8sadmin"]'
Raw
eks-stack.ts
import { Stack, StackProps } from 'aws-cdk-lib'
import { Construct } from 'constructs'
import { KubectlV30Layer } from '@aws-cdk/lambda-layer-kubectl-v30'
import { InstanceType, Vpc } from "aws-cdk-lib/aws-ec2";
import {
ManagedPolicy,
Role,
ServicePrincipal,
User,
} from "aws-cdk-lib/aws-iam";
import {
Cluster,
ClusterLoggingTypes,
FargateProfile,
IpFamily,
KubernetesVersion,
NodegroupAmiType,
CfnAddon,
} from 'aws-cdk-lib/aws-eks'
// Cluster version
const clusterVersion = KubernetesVersion.V1_33
// Cluster logging configuration
const clusterLogging = [
ClusterLoggingTypes.AUDIT,
]
// Cluster instances options
const instanceTypes = [
new InstanceType('t3.small'),
]
export interface EksSTackProps extends StackProps {
adminUsersArns: string[]
};
export class EksStack extends Stack {
constructor(scope: Construct, id: string, props: EksSTackProps) {
super(scope, id, props);
// Let's create a VPC for our EKS Cluster
const vpc = new Vpc(this, 'EksDemo1Vpc')
// This will create a cluster without default capacity
const cluster = new Cluster(this, 'EksDemo1', {
vpc: vpc,
defaultCapacity: 0,
version: clusterVersion,
kubectlLayer: new KubectlV30Layer(this, 'kubectl'),
ipFamily: IpFamily.IP_V4,
clusterLogging: clusterLogging,
})
cluster.addNodegroupCapacity('EksDemo1NodeGroup', {
amiType: NodegroupAmiType.AL2023_X86_64_STANDARD,
instanceTypes: instanceTypes,
desiredSize: 2,
minSize: 2,
maxSize: 3,
diskSize: 20,
nodeRole: new Role(this, 'EksDemo1NodeGroupRole', {
roleName: 'EksDemo1NodeGroupRole',
assumedBy: new ServicePrincipal('ec2.amazonaws.com'),
managedPolicies: [
"AmazonEKSWorkerNodePolicy",
"AmazonEC2ContainerRegistryReadOnly",
"AmazonEKS_CNI_Policy",
].map((policy) => ManagedPolicy.fromAwsManagedPolicyName(policy))
})
});
props.adminUsersArns?.forEach(userArn => {
const adminUser = User.fromUserArn(this, 'AdminUser', userArn);
cluster.awsAuth.addUserMapping(adminUser, { groups: ['system:masters'] });
})
const serviceAccount = cluster.addServiceAccount('EksDemo1SA', {
name: 'eks-demo-1-sa',
namespace: 'default',
});
serviceAccount.role.addManagedPolicy(
ManagedPolicy.fromAwsManagedPolicyName('AmazonS3ReadOnlyAccess')
);
new FargateProfile(this, 'EksDemo1FargateProfile', {
cluster: cluster,
selectors: [{ namespace: 'default' }, { namespace: 'kube-system' }],
});
const addManagedAddon = (id: string, addonName: string) => {
new CfnAddon(this, id, {
addonName,
clusterName: cluster.clusterName,
})
};
addManagedAddon("addonKubeProxy", "kube-proxy");
addManagedAddon("addonCoreDns", "coredns");
addManagedAddon("addonVpcCni", "vpc-cni");
addManagedAddon("addonEksPodIdentityAgent", "eks-pod-identity-agent");
addManagedAddon("addonMetricsServer", "metrics-server");
}
}
Raw
eks.ts
#!/usr/bin/env node
import { App } from 'aws-cdk-lib';
import { FundationsStack } from '../lib/fundations-stack';
import { EksStack } from '../lib/eks-stack';
const app = new App();
const adminUsersArns = app.node.tryGetContext('adminUsersArns') || [];
new EksStack(app, 'EksStack', {
adminUsersArns: adminUsersArns,
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment