• EKS Distro Docs

• tooling

• https://eksctl.io/ - The official cli for EKS

• eksctl releases - use asdf-vm to install

• Config file schema

• After create get kube config file with:

  
  eksctl utils write-kubeconfig --cluster=$CLUSTER
  
  aws eks update-kubeconfig \
  --region us-west-2 --name x-prod-us-west-2 \
  --kubeconfig ~/.kube/x-prod-us-west-2.config

• eksctl examples - weaveworks

• eksctl example configs from devops-nirvana

• https://github.com/DevOps-Nirvana/EKSCTL-Example-Configurations

• addons

• Addons - main site

• Update Addons

• Networking Addons

• Convert from self-managed to EKS managed

  • Look at LENS applications to see what is loaded

  • Use kubectl delete -f <url>. can ask chatGPT to find url

  • Then eksctl create addon -f <eksctl config file>

  • Some notes on EBS driver uninstall

• Advanced Configuration

• https://github.com/aws/eks-charts - addons in the form of Helm Charts. Add to config might be better?

• 3rd party

  • Marketplace List

  • IBM Kubecost

eksctl utils describe-addon-versions --cluster $CLUSTER |grep AddonName

• Users Guide to AutoMode

curl -s https://oidc.eks..../.well-known/openid-configuration|jq

• https://github.com/aws/eks-charts - mainly tied to aws paid services

• https://github.com/awslabs/eks-node-viewer

• https://github.com/clowdhaus/eksup - EKS update helper docs

• https://github.com/FairwindsOps/pluto - upgrade help

• Convert alb to nlb to save?

• https://github.com/aws/amazon-vpc-cni-k8s

  • CustomResources

• Ingress

  • https://kubernetes.github.io/ingress-nginx/

  • StackSimplify ALB tutorial

  • https://github.com/kubernetes-sigs/aws-load-balancer-controller
    • TargetGroup
    • Annotations
    • ArtifactHub ALB
    • AWS Load Balancer Controller

  • load-balancing

  • Installation

  • https://github.com/revsys/django-health-check

  • ArtifactHub ingress-nginx

• Convert control-plane access to private

  aws eks update-cluster-config \
    --region us-west-2 \
    --name my-cluster \
    --resources-vpc-config endpointPublicAccess=false,endpointPrivateAccess=true,securityGroupIds=sg-allowed
  
  aws eks update-cluster-config \
    --name my-cluster \
    --resources-vpc-config publicAccessCidrs=203.0.113.0/24

  • Use IP of a bastion

  • See my AI trail

• Certs

  • eks getting cert from ACM

• ebs-csi-controller

  • https://github.com/kubernetes-sigs/aws-ebs-csi-driver

  • install

  # att last two lines to deployment
  tolerations:
          - key: CriticalAddonsOnly
            operator: Exists
          - operator: Exists
            effect: NoExecute
            tolerationSeconds: 300
          - operator: Exists
            effect: NoSchedule

• https://github.com/kubernetes-sigs/aws-efs-csi-driver

• https://github.com/kubernetes-csi/external-snapshotter

• Users guide on storage

• StackSimplify notes on EBS

• eks sso
  • another article
  • teleport tutorial for sso

• EKS Pods Identities (not used)

  • Cannot use because of EFS and others?

  • See Pod Id Restrictions

• IAM Roles for service accounts (IRSA)

  • irsa in eks

  • irsa setup

  • aws eks irsa guide

  • cert-manager setup using irsa

  • eks workshop irsa

  • irsa write up in eks-anywhere

  • Assume IAM Role from ServiceAccount

  • Using IAM Service Account Instead Of Instance Profile For EKS Pods

  • Supported SDKs

  • enable

  • enable principal access

  • workshop

  • aws-iam

  • article

  • eksctl Manage IAM Users and Roles

  • fine grained role

  • eksctl create iamserviceaccount uses CloudFormation

  • eksctl.io IAM to Service Accounts

• List ClusterRoleBindinds

  • from eks best practices

  kubectl get ClusterRoleBinding -o json

• Pod Security Standards

• last access log

• How to assume an AWS IAM role from a Service Account in EKS with Terraform

• https://github.com/jtblin/kube2iam - IAM with annotations

• https://github.com/kubernetes-sigs/aws-iam-authenticator

• https://github.com/keikoproj/aws-auth

  kubectl krew install aws-auth

• https://github.com/princespaghetti/actionhero

  • sidecar to check policies

• RBAC

  • RBAC Explained

  • Limiting Access

• Scanners

  • Qualys Connector

• Troubleshooting

  • last accessed info

• https://github.com/external-secrets/external-secrets

• https://github.com/external-secrets/kubernetes-external-secrets - Deprecated

• aws-iam-authenticator

aws eks get-token --cluster-name xxx

# get kubeconfig
aws --region us-west-2 eks update-kubeconfig --name clustername

• Getting Started

• Karpenter Monitoring

• Nodeless EKS with Karpenter

• AWS Workshop on Karpenter

• EKS Immersion Workshop

• https://github.com/aws/eks-anywhere - Getting Started — Self managed / edge EKS

• https://github.com/aws-quickstart/cdk-eks-blueprints

• https://github.com/aws-samples/cdk-eks-blueprints-patterns

• Using CDK8S

  • https://cdk8s.io/

  • https://github.com/datreeio/datree-cdk8s

  • https://github.com/vumdao/cdk8s-example

  • https://github.com/vumdao

• Terraform

  • EKS module

  • EKS blueprints for Terraform

  • https://github.com/terraform-aws-modules/terraform-aws-eks

  • EKS Blueprints For Terraform

  • EKS Blueprints for terraform github

aws eks update-kubeconfig --name $CLUSTER
aws eks list-nodegroups --cluster-name $CLUSTER

• Features we have enabled

  • AWS LoadBalancer

  • VPC CNI

  • CoreDNS

• Zero Downtime Upgrade

• Understanding EKS version lifecycle

  • Release Notes Extended

• Best Practices - Upgrades

• Update Cluster

• Zero Downtime Upgrade

• EKS addons Advanced Config

• https://github.com/FairwindsOps/pluto - tool to help with k8s objects upgrade

• https://github.com/clowdhaus/eksup

  • Example

  • Docs

• EBS CSI Driver

  • Tutorial from StackSimplify

• 2023-01-12 Current v1.18.9-eks-d1db3c

• https://github.com/marcincuber/eks - See Marcincuber on Medium upgrade notes here

• See links in email: Update

• eksupgrade - script not so sure

• nginx canary

• Video - Code

• Cred Provider

• storage

• https://www.eksworkshop.com/ — https://github.com/aws-samples/eks-workshop

• https://learnk8s.io/

• Troubleshooting IAM

• eks-cluster-connection

• server-unauthorized-error

• Too Expensive

• Example of fargate setup

• https://repost.aws/knowledge-center/eks-alb-ingress-controller-fargate