Skip to content

Instantly share code, notes, and snippets.

@suhas316380

suhas316380/gist:d66c0f2f27f7d8cb7dca364e673b1217

Last active October 9, 2020 22:22
Show Gist options
  • Save suhas316380/d66c0f2f27f7d8cb7dca364e673b1217 to your computer and use it in GitHub Desktop.
Save suhas316380/d66c0f2f27f7d8cb7dca364e673b1217 to your computer and use it in GitHub Desktop.
Download ZIP
Setup EKS Fargate nodes and profile with existing EKS cluster of EC2 Launch type
Raw
gistfile.md

Setup EKS Fargate nodes with existing EKS cluster of EC2 Launch type - mix and match

Sources:

bash script

#!/bin/bash 

# Initilize vars
clusterName="suhas-eks"
namespace="default"
fargateProfileName="fargate_profile"

# Clean up any previous runs
rm -f /tmp/fargate_profile.json && rm -f /tmp/trust-relationship.json

# Create a trust relationship
cat > /tmp/trust-relationship.json <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "eks-fargate-pods.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

# Create an IAM role that uses that trust relationship with the following AWS CLI command.
aws iam create-role --role-name AmazonEKSFargatePodExecutionRole --assume-role-policy-document file:///tmp/trust-relationship.json

# Attach the AmazonEKSFargatePodExecutionRolePolicy to your new role with the following command.
aws iam attach-role-policy --role-name AmazonEKSFargatePodExecutionRole --policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy

# Get podExecutionRole ARN
podExecutionRoleArn=$(aws iam get-role --role-name AmazonEKSFargatePodExecutionRole | jq .Role.Arn )
echo $podExecutionRoleArn

# Get all subnets for the cluster - Only add private Subnets - private subnet check is done by seeing if there's an "igw" in the RouteTables
# Begin block

declare -a subnet_list=$(aws eks describe-cluster --name $clusterName | jq .cluster.resourcesVpcConfig.subnetIds | sed -e "s/]/)/" -e "s/\[/(/" | tr -d '\n' | tr -d ' ' | tr ',' ' ')
declare -a private_subnets=()
for i in "${subnet_list[@]}"
do
   gateway_ids=$(aws ec2 describe-route-tables --filter Name="association.subnet-id",Values="${i}" | jq .RouteTables[].Routes[].GatewayId )
   echo "$gateway_ids" | grep -q "igw-" || private_subnets+=("${i}")
done
subnet_list=''
subnet_list=$(printf '%s\n' "${private_subnets[@]}" | jq -R . | jq -s .)
echo ${subnet_list}

# End block

# If manually want to specify the subnets, comment the above block and uncomment the below line
# subnet_list=["subnet1", "subnet2"]

cat > /tmp/fargate_profile.json <<EOF
{
    "fargateProfileName": "${fargateProfileName}",
    "clusterName": "${clusterName}",
    "podExecutionRoleArn": ${podExecutionRoleArn},
    "subnets": ${subnet_list},
    "tags": {
        "namespace": "${namespace}",
        "justAnotherTag": "test"
    },    
    "selectors": [
        {
            "namespace": "${namespace}"
        }
    ]
}
EOF

# Create the profile
aws eks create-fargate-profile --cli-input-json file:///tmp/fargate_profile.json

# Check the fargate profile status
aws eks describe-fargate-profile --cluster-name ${clusterName} --fargate-profile-name ${fargateProfileName}

## Patch coreDNS - OPTIONAL
# https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html
# kubectl patch deployment coredns -n kube-system --type json -p='[{"op": "remove", "path": "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type"}]'

# Delete fargate profile - this will delete any pods that were scheduled onto Fargate associated with this profile
# aws eks delete-fargate-profile --fargate-profile-name ${fargateProfileName} --cluster-name ${clusterName}

# Cleanup of files
rm -f /tmp/fargate_profile.json && rm -f /tmp/trust-relationship.json

# list fargate profiles
# aws eks list-fargate-profiles --cluster-name ${clusterName}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment