Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS refresh, added IRSA section #2766

Merged
merged 2 commits into from
Jun 22, 2022
Merged

AWS refresh, added IRSA section #2766

merged 2 commits into from
Jun 22, 2022

Conversation

darkn3rd
Copy link
Contributor

@darkn3rd darkn3rd commented May 22, 2022
edited

Description

This is an update of AWS that has not been refreshed since Kubernetes 1.13 (before 2019). This adds IRSA section and brings content with verified steps on par with similar guides for AKS and GKE. This guide is oriented around EKS, as 95% of clusters are likely on this platform, the managed K8S solution for AWS.

Some of the changes include:

  • orient documentation around EKS clusters, with eksctl (officially supported by AWS) as method to bring up a reference cluster for docs and testing.
  • added snippets to create cluster with eksctl (officially support) for consistency with GKE guide.
  • put kiam (project no longer supported) and kube2iam as a note under IRSA.
  • folded "Create IAM Role" and "EC2 Instance Role" into sections under "Permissions to modify DNS zone". This makes the guide consistent to Azure and GKE (in PR) guides.
  • use color syntax highlighting - change code blocks from console to shell with output separated in a separate code block. for more readability.
  • remove fsGroup leads to errors after Kubernetes 1.13.
  • update externaldns version referenced from v0.7.6 to v0.11.0
  • place ingress demo after service demo, as this made more sense and is consistent with other tutorials
  • updated ingress/service demos/samples with fixes, added verification steps, explanations
  • updated steps, explanations, throughout guide

Not changed:

  • update links to code references to use versioned, as master is no longer valid line number at time of release.

Checklist

  • Unit tests updated
  • End user documentation updated

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels May 22, 2022
@darkn3rd
Copy link
Contributor Author

darkn3rd commented Jun 9, 2022
edited

Anyone? I ran this update tutorial on new account using free tier.

@njuettner
@seanmalloy

@darkn3rd
Copy link
Contributor Author

Any chance to look at this? I verified the steps on a new account using free tier as much as possible for a short lived EKS cluster. This bring AWS (EKS or other + Route53) close to GKE (Google) and AKS (Azure) documentation, and especially important is IRSA update, which is the only secure path recommended for AWS.

@njuettner
@seanmalloy

@seanmalloy
Copy link
Member

I'll try to review soon.

/kind documentation

@k8s-ci-robot k8s-ci-robot added the kind/documentation Categorizes issue or PR as related to documentation. label Jun 21, 2022
@seanmalloy
Copy link
Member

/lgtm
/assign @njuettner @Raffo

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 22, 2022
njuettner
njuettner approved these changes Jun 22, 2022
View reviewed changes
Copy link
Member

@njuettner njuettner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: darkn3rd, njuettner

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2022
@k8s-ci-robot k8s-ci-robot merged commit 81f2c9b into kubernetes-sigs:master Jun 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njuettner njuettner njuettner approved these changes

@seanmalloy seanmalloy Awaiting requested review from seanmalloy

Assignees

@Raffo Raffo

@seanmalloy seanmalloy

@njuettner njuettner

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@darkn3rd @seanmalloy @k8s-ci-robot @njuettner @Raffo