feat(posts): add runme

ruzickap · ruzickap · commit b85ae0439ff0 · 2023-08-28T09:20:21.000+02:00
diff --git a/_posts/2023/2023-08-03-cilium-amazon-eks.md b/_posts/2023/2023-08-03-cilium-amazon-eks.md
@@ -7,6 +7,8 @@ categories: [Kubernetes, Amazon EKS, Cilium]
 tags: [Amazon EKS, k8s, kubernetes, karpenter, eksctl, cert-manager, external-dns, podinfo, cilium, prometheus, sso, oauth2-proxy, metrics-server]
 image:
   path: https://raw.githubusercontent.com/cncf/artwork/ac38e11ed57f017a06c9dcb19013bcaed92115a9/projects/cilium/icon/color/cilium_icon-color.svg
+shell: /usr/local/bin/bash -eu
+cwd: /tmp
 ---
 
 I'm going to describe how to install [Amazon EKS](https://aws.amazon.com/eks/)
@@ -54,7 +56,7 @@ The Cilium installation should meet these requirements:
 If you would like to follow this documents and it's task you will need to set up
 few environment variables like:
 
-```bash
+```bash { interactive=false }
 # AWS Region
 export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-us-east-1}"
 # Hostname / FQDN definitions
@@ -75,7 +77,7 @@ mkdir -pv "${TMP_DIR}/${CLUSTER_FQDN}"
 You will need to configure [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)
 and other secrets/variables.
 
-```shell
+```sh { excludeFromRunAll=true }
 # AWS Credentials
 export AWS_ACCESS_KEY_ID="xxxxxxxxxxxxxxxxxx"
 export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
@@ -117,7 +119,7 @@ Install necessary tools:
 
 Create DNS zone for EKS clusters:
 
-```shell
+```sh { excludeFromRunAll=true }
 export CLOUDFLARE_EMAIL="petr.ruzicka@gmail.com"
 export CLOUDFLARE_API_KEY="1xxxxxxxxx0"
 
@@ -131,7 +133,7 @@ Use your domain registrar to change the nameservers for your zone (for example
 `mylabs.dev`) to use the Amazon Route 53 nameservers. Here is the way how you
 can find out the the Route 53 nameservers:
 
-```shell
+```sh { excludeFromRunAll=true }
 NEW_ZONE_ID=$(aws route53 list-hosted-zones --query "HostedZones[?Name==\`${BASE_DOMAIN}.\`].Id" --output text)
 NEW_ZONE_NS=$(aws route53 get-hosted-zone --output json --id "${NEW_ZONE_ID}" --query "DelegationSet.NameServers")
 NEW_ZONE_NS1=$(echo "${NEW_ZONE_NS}" | jq -r ".[0]")
@@ -142,7 +144,7 @@ Create the NS record in `k8s.mylabs.dev` (`BASE_DOMAIN`) for
 proper zone delegation. This step depends on your domain registrar - I'm using
 CloudFlare and using Ansible to automate it:
 
-```shell
+```sh { excludeFromRunAll=true }
 ansible -m cloudflare_dns -c local -i "localhost," localhost -a "zone=mylabs.dev record=${BASE_DOMAIN} type=NS value=${NEW_ZONE_NS1} solo=true proxied=no account_email=${CLOUDFLARE_EMAIL} account_api_token=${CLOUDFLARE_API_KEY}"
 ansible -m cloudflare_dns -c local -i "localhost," localhost -a "zone=mylabs.dev record=${BASE_DOMAIN} type=NS value=${NEW_ZONE_NS2} solo=false proxied=no account_email=${CLOUDFLARE_EMAIL} account_api_token=${CLOUDFLARE_API_KEY}"
 ```
@@ -405,6 +407,11 @@ managedNodeGroups:
     disablePodIMDS: true
     volumeEncrypted: true
     volumeKmsKeyID: ${AWS_KMS_KEY_ID}
+    # iam:
+    #   attachPolicyARNs:
+    #   - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+    #   - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+    #   - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
     taints:
      - key: "node.cilium.io/agent-not-ready"
        value: "true"
@@ -1652,7 +1659,7 @@ Cluster health:          2/2 reachable   (2023-08-18T17:53:44Z)
 
 Handy details abou Cilium networking can be found by listing `ciliumnodes` CRD:
 
-```shell
+```sh { excludeFromRunAll=true }
 kubectl describe ciliumnodes.cilium.io
 ```
 
@@ -2112,15 +2119,15 @@ Events:            <none>
 
 Remove EKS cluster and created components:
 
-```sh
+```sh { category=destroy }
 if eksctl get cluster --name="${CLUSTER_NAME}"; then
   eksctl delete cluster --name="${CLUSTER_NAME}" --force
 fi
 ```
 
 Remove Route 53 DNS records from DNS Zone:
 
-```sh
+```sh { category=destroy }
 CLUSTER_FQDN_ZONE_ID=$(aws route53 list-hosted-zones --query "HostedZones[?Name==\`${CLUSTER_FQDN}.\`].Id" --output text)
 if [[ -n "${CLUSTER_FQDN_ZONE_ID}" ]]; then
   aws route53 list-resource-record-sets --hosted-zone-id "${CLUSTER_FQDN_ZONE_ID}" | jq -c '.ResourceRecordSets[] | select (.Type != "SOA" and .Type != "NS")' |
@@ -2135,7 +2142,7 @@ fi
 
 Remove orphan EC2s created by Karpenter:
 
-```sh
+```sh { category=destroy }
 for EC2 in $(aws ec2 describe-instances --filters "Name=tag:kubernetes.io/cluster/${CLUSTER_NAME},Values=owned" Name=instance-state-name,Values=running --query "Reservations[].Instances[].InstanceId" --output text) ; do
   echo "Removing EC2: ${EC2}"
   aws ec2 terminate-instances --instance-ids "${EC2}"
@@ -2144,20 +2151,20 @@ done
 
 Remove CloudFormation stack:
 
-```sh
+```sh { category=destroy }
 aws cloudformation delete-stack --stack-name "${CLUSTER_NAME}-route53-kms"
 ```
 
 Wait for all CloudFormation stacks to be deleted:
 
-```sh
+```sh { category=destroy }
 aws cloudformation wait stack-delete-complete --stack-name "${CLUSTER_NAME}-route53-kms"
 aws cloudformation wait stack-delete-complete --stack-name "eksctl-${CLUSTER_NAME}-cluster"
 ```
 
 Remove Volumes and Snapshots related to the cluster (just in case):
 
-```sh
+```sh { category=destroy }
 for VOLUME in $(aws ec2 describe-volumes --filter "Name=tag:eks:cluster-name,Values=${CLUSTER_NAME}" --query 'Volumes[].VolumeId' --output text) ; do
   echo "*** Removing Volume: ${VOLUME}"
   aws ec2 delete-volume --volume-id "${VOLUME}"
@@ -2166,7 +2173,7 @@ done
 
 Remove `${TMP_DIR}/${CLUSTER_FQDN}` directory:
 
-```sh
+```sh { category=destroy }
 [[ -d "${TMP_DIR}/${CLUSTER_FQDN}" ]] && rm -rf "${TMP_DIR}/${CLUSTER_FQDN}" && [[ -d "${TMP_DIR}" ]] && rmdir "${TMP_DIR}" || true
 ```
 
