AWSTemplateFormatVersion: "2010-09-09" Description: Deploys an EKS cluster into an existing VPC (qs-1p7nknoht) Metadata: LintSpellExclude: - Kubernetes - ARNs - Resource Names - autoscaler - IOPS - EfsStorageClass - dcd - vpc-0343606e - Lambda - maxIO AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - VPCID - PrivateSubnet1ID - PrivateSubnet2ID - PrivateSubnet3ID - PublicSubnet1ID - PublicSubnet2ID - PublicSubnet3ID - RemoteAccessCIDR - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - Label: default: Amazon EKS configuration Parameters: - NodeInstanceType - NumberOfNodes - NodeGroupName - NodeVolumeSize - ManagedNodeGroup - ManagedNodeGroupAMIType - AdditionalEKSAdminArns - KubernetesVersion - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion - LambdaZipsBucketName - Label: default: Optional Kubernetes add-ins Parameters: - ClusterAutoScaler - EfsStorageClass - EfsPerformanceMode - EfsThroughputMode - EfsProvisionedThroughputInMibps ParameterLabels: KeyPairName: default: SSH key name QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket region RemoteAccessCIDR: default: Allowed external access CIDR NodeInstanceType: default: Nodes instance type NumberOfNodes: default: Number of nodes NodeGroupName: default: Node group name NodeVolumeSize: default: Node volume size ManagedNodeGroup: default: Managed Node Group ManagedNodeGroupAMIType: default: Managed Node Group AMI Type PublicSubnet1ID: default: Public subnet 1 ID PublicSubnet2ID: default: Public subnet 2 ID PublicSubnet3ID: default: Public subnet 3 ID PrivateSubnet1ID: default: Private subnet 1 ID PrivateSubnet2ID: default: Private subnet 2 ID PrivateSubnet3ID: default: Private subnet 3 ID VPCID: default: VPC ID AdditionalEKSAdminArns: default: Additional EKS admin ARNs KubernetesVersion: default: Kubernetes version LambdaZipsBucketName: default: Lambda zips bucket name ClusterAutoScaler: default: Cluster autoscaler EfsStorageClass: default: EFS storage class EfsPerformanceMode: default: EFS performance mode EfsThroughputMode: default: EFS throughput mode EfsProvisionedThroughputInMibps: default: EFS provisioned throughput in Mibps Parameters: KeyPairName: Description: The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches Type: AWS::EC2::KeyPair::KeyName QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/.]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), dots(.) and forward slash (/). Default: quickstart-amazon-eks/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), dots(.) and forward slash (/). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access the instances. We recommend that you set this value to a trusted IP range. Type: String AdditionalEKSAdminArns: Default: "" Description: "[OPTIONAL] Comma separated list of IAM user/role Amazon Resource Names (ARNs) to be granted admin access to the EKS cluster" Type: CommaDelimitedList NodeInstanceType: Default: t3.medium AllowedValues: - t2.small - t2.medium - t2.large - t2.xlarge - t2.2xlarge - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.12xlarge - m5.24xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.9xlarge - c5.18xlarge - i3.large - i3.xlarge - i3.2xlarge - i3.4xlarge - i3.8xlarge - i3.16xlarge - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - r4.large - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r4.16xlarge - x1.16xlarge - x1.32xlarge - p2.xlarge - p2.8xlarge - p2.16xlarge - p3.2xlarge - p3.8xlarge - p3.16xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.12xlarge - r5.24xlarge - r5d.large - r5d.xlarge - r5d.2xlarge - r5d.4xlarge - r5d.12xlarge - r5d.24xlarge - z1d.large - z1d.xlarge - z1d.2xlarge - z1d.3xlarge - z1d.6xlarge - z1d.12xlarge ConstraintDescription: Must be a valid EC2 instance type Description: The type of EC2 instance for the node instances. Type: String NumberOfNodes: Default: 3 Description: The number of Amazon EKS node instances. The default is one for each of the three Availability Zones. Type: Number NodeGroupName: Default: Default Description: The name for EKS node group. Type: String NodeVolumeSize: Default: 20 Description: "The size for the node's root EBS volumes." Type: String ManagedNodeGroup: AllowedValues: [ "yes", "no" ] Default: "yes" Description: Choose if you want to use a managed node group. If you select "yes", you must select Kubernetes Version 1.14 or higher. Type: String ManagedNodeGroupAMIType: Description: Select one of the two AMI Types for your Managed Node Group (Only applies if you selected Managed Node Group "yes". ). GPU instance types should use the AL2_x86_64_GPU AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the AL2_x86_64 AMI type, which uses the Amazon EKS-optimized Linux AMI. AllowedValues: [ "AL2_x86_64", " AL2_x86_64_GPU", ""] Default: "AL2_x86_64" Type: String KubernetesVersion: Type: String AllowedValues: [ "1.14", "1.13", "1.12" ] Default: "1.14" Description: The Kubernetes control plane version. LambdaZipsBucketName: Description: '[OPTIONAL] The name of the S3 bucket where the Lambda zip files should be placed. If you leave this parameter blank, an S3 bucket will be created.' Type: String Default: '' VPCID: Type: "AWS::EC2::VPC::Id" Description: The ID of your existing VPC (e.g., vpc-0343606e) PublicSubnet1ID: Type: String Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd) Default: "" PublicSubnet2ID: Type: String Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b1236eea) Default: "" PublicSubnet3ID: Type: String Description: The ID of the public subnet in Availability Zone 3 in your existing VPC (e.g., subnet-c3456aba) Default: "" PrivateSubnet1ID: Type: "AWS::EC2::Subnet::Id" Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-fe9a8b32) PrivateSubnet2ID: Type: String Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-be8b01ea) Default: "" PrivateSubnet3ID: Type: String Description: The ID of the private subnet in Availability Zone 3 in your existing VPC (e.g., subnet-abd39039) Default: "" ClusterAutoScaler: Type: String AllowedValues: [ Enabled, Disabled ] Default: Disabled Description: Choose Enabled to enable Kubernetes cluster autoscaler. EfsStorageClass: Type: String AllowedValues: [ Enabled, Disabled ] Default: Disabled Description: Choose Enabled to enable EFS storage class, which will create the required EFS volume. EfsPerformanceMode: Type: String AllowedValues: [ generalPurpose, maxIO ] Default: generalPurpose Description: Choose maxIO mode to provide greater IOPS with an increased latency. Only has an effect when EfsStorageClass is enabled. EfsThroughputMode: Type: String AllowedValues: [ bursting, provisioned ] Default: bursting Description: Choose provisioned for throughput that is not dependent on the amount of data stored in the file system. Only has an effect when EfsStorageClass is enabled. EfsProvisionedThroughputInMibps: Type: Number MinValue: 0 Default: 0 Description: Set to 0 if EfsThroughputMode is set to bursting. Only has an effect when EfsStorageClass is enabled. HttpProxy: Type: String Default: "" Description: "HTTP(S) proxy configuration, if provided all worker nodes and pod egress traffic will go use this proxy. Example: http://10.101.0.100:3128/" Rules: EKSSupport: Assertions: - AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS Assert: !Contains - - us-west-2 - us-east-1 - us-east-2 - sa-east-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-north-1 - eu-central-1 - ap-southeast-1 - ap-southeast-2 - ap-northeast-1 - ap-northeast-2 - ap-south-1 - ca-central-1 - !Ref 'AWS::Region' EKSVersion_ManagedNodeGrou: RuleCondition: !Equals [ !Ref 'ManagedNodeGroup', 'yes' ] Assertions: - AssertDescription: To use Managed Node Groups you must use EKS version 1.14 Assert: !Contains - - '1.14' - !Ref 'KubernetesVersion' ClusterAutoScalerVerification: RuleCondition: !Equals [ !Ref 'ManagedNodeGroup', 'yes' ] Assertions: - AssertDescription: To use Cluster AutoScaler you should not use Managed Node Groups Assert: !Contains - - 'Disabled' - !Ref 'ClusterAutoScaler' Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: EKSStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: HttpProxy: !Ref HttpProxy PublicSubnet1ID: !Ref PublicSubnet1ID PublicSubnet2ID: !Ref PublicSubnet2ID PublicSubnet3ID: !Ref PublicSubnet3ID KeyPairName: !Ref KeyPairName QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix QSS3BucketRegion: !Ref QSS3BucketRegion PrivateSubnet1ID: !Ref PrivateSubnet1ID PrivateSubnet2ID: !Ref PrivateSubnet2ID PrivateSubnet3ID: !Ref PrivateSubnet3ID NumberOfNodes: !Ref NumberOfNodes MaxNumberOfNodes: !Ref NumberOfNodes NodeGroupName: !Ref NodeGroupName NodeVolumeSize: !Ref NodeVolumeSize ManagedNodeGroup: !Ref ManagedNodeGroup ManagedNodeGroupAMIType: !Ref ManagedNodeGroupAMIType LambdaZipsBucketName: !Ref LambdaZipsBucketName NodeInstanceType: !Ref NodeInstanceType RemoteAccessCIDR: !Ref RemoteAccessCIDR AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ] VPCID: !Ref VPCID KubernetesVersion: !Ref KubernetesVersion ProvisionClusterAutoScaler: !Ref ClusterAutoScaler EfsStorageClass: !Ref EfsStorageClass EfsPerformanceMode: !Ref EfsPerformanceMode EfsThroughputMode: !Ref EfsThroughputMode EfsProvisionedThroughputInMibps: !Ref EfsProvisionedThroughputInMibps ProvisionBastionHost: Disabled Outputs: KubeConfigPath: Value: !GetAtt EKSStack.Outputs.KubeConfigPath HelmLambdaArn: Value: !GetAtt EKSStack.Outputs.HelmLambdaArn KubeManifestLambdaArn: Value: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn KubeGetLambdaArn: Value: !GetAtt EKSStack.Outputs.KubeGetLambdaArn EKSClusterName: Value: !GetAtt EKSStack.Outputs.EKSClusterName NodeGroupSecurityGroup: Value: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup