cluster.yaml

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: code4ro-prod
  region: eu-central-1
  version: "1.29"
  tags:
    app: code4ro-k8s-prod
    env: production
    karpenter.sh/discovery: code4ro-k8s-prod
vpc:
  publicAccessCIDRs: ["82.79.70.195/16"]
  clusterEndpoints:
    publicAccess: true
    privateAccess: true

iamIdentityMappings:
  - arn: arn:aws:iam::172019762325:role/AWSReservedSSO_AdministratorAccess_bd5b1d6f35734daa
    groups:
      - system:bootstrappers
      - system:nodes
    username: admin
    noDuplicateARNs: true # prevents shadowing of ARNs

karpenter:
  version: "v0.35.4"
  createServiceAccount: true
  withSpotInterruptionQueue: true # adds all required policies and rules for supporting Spot Interruption Queue, default is false

iam:
  withOIDC: true
  serviceAccounts:
    - metadata:
        name: aws-load-balancer-controller
        namespace: aws-load-balancer
      wellKnownPolicies:
        awsLoadBalancerController: true
    - metadata:
        name: ebs-csi-controller-sa
        namespace: kube-system
      wellKnownPolicies:
        ebsCSIController: true
      roleName: AmazonEKS_EBS_CSI_Driver
      roleOnly: true

addons:
  - name: aws-ebs-csi-driver
    serviceAccountRoleARN: arn:aws:iam::172019762325:role/AmazonEKS_EBS_CSI_Driver

managedNodeGroups:
  - name: nodegroup
    instanceType: t3a.medium
    availabilityZones: ["eu-central-1a"]
    iam:
      attachPolicyARNs:
        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
        - arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess
        - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy # we need only this for viewing logs in Cloudwatch, the rest are there because we need the default https://eksctl.io/usage/iam-policies/#attaching-policies-by-arn
      withAddonPolicies:
        awsLoadBalancerController: true
        cloudWatch: true
        ebs: true
    desiredCapacity: 2
    minSize: 1
    maxSize: 3
    volumeSize: 20
    tags:
      nodegroup-role: worker
      app: code4ro-k8s-prod
      env: prod