nhatthaiquang-agilityio
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 1 deletion b/‎.gitignore‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎AWS/load-balancer-role-trust-policy.json‎
Lines changed: 0 additions & 18 deletions b/‎AWS/load-balancer-role-trust-policy.json‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 42 deletions b/‎README.md‎
Lines changed: 5 additions & 42 deletions
diff --git a/‎…-balancer-controller-service-account.yml‎ ‎…-balancer-controller-service-account.yml‎AWS/aws-load-balancer-controller-service-account.yml renamed to devops/AWS/aws-load-balancer-controller-service-account.yml
Lines changed: 1 addition & 1 deletion b/‎…-balancer-controller-service-account.yml‎ ‎…-balancer-controller-service-account.yml‎AWS/aws-load-balancer-controller-service-account.yml renamed to devops/AWS/aws-load-balancer-controller-service-account.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎AWS/cluster-trust-policy.json‎ ‎devops/AWS/cluster-trust-policy.json‎AWS/cluster-trust-policy.json renamed to devops/AWS/cluster-trust-policy.json b/‎AWS/cluster-trust-policy.json‎ ‎devops/AWS/cluster-trust-policy.json‎AWS/cluster-trust-policy.json renamed to devops/AWS/cluster-trust-policy.json
diff --git a/‎AWS/iam_policy.json‎ ‎devops/AWS/iam_policy.json‎AWS/iam_policy.json renamed to devops/AWS/iam_policy.json b/‎AWS/iam_policy.json‎ ‎devops/AWS/iam_policy.json‎AWS/iam_policy.json renamed to devops/AWS/iam_policy.json
diff --git a/‎AWS/iam_policy_v1_to_v2_additional.json‎ ‎…/AWS/iam_policy_v1_to_v2_additional.json‎AWS/iam_policy_v1_to_v2_additional.json renamed to devops/AWS/iam_policy_v1_to_v2_additional.json b/‎AWS/iam_policy_v1_to_v2_additional.json‎ ‎…/AWS/iam_policy_v1_to_v2_additional.json‎AWS/iam_policy_v1_to_v2_additional.json renamed to devops/AWS/iam_policy_v1_to_v2_additional.json
diff --git a/‎devops/AWS/load-balancer-role-trust-policy.json‎
Lines changed: 18 additions & 0 deletions b/‎devops/AWS/load-balancer-role-trust-policy.json‎
Lines changed: 18 additions & 0 deletions
@@ -4,9 +4,9 @@
 ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
 
 # terraform
-terraform.tfstate
 devops/*/.terraform
 devops/*/.terraform.*
+devops/*/.terraform.tfstate.*
 
 # User-specific files
 *.rsuser
 
@@ -11,7 +11,7 @@ Deploy a sample .Net6 WebAPI to Amazon EKS with Github Actions
 
 + Update kubeconfig
 ```
-aws eks update-kubeconfig --region ap-southeast-1 --name eks-github
+aws eks update-kubeconfig --region ap-southeast-1 --name webapi-eks
 ```
 
 + Create Role
@@ -23,7 +23,7 @@ aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSCluster
 
 + oidc-provider and cluster
 ```
-eksctl utils associate-iam-oidc-provider --region=ap-southeast-1 --cluster=eks-github --approve
+eksctl utils associate-iam-oidc-provider --region=ap-southeast-1 --cluster=webapi-eks --approve
 ```
 
 + Create policy
@@ -53,20 +53,20 @@ aws iam attach-role-policy --role-name AmazonEKSLoadBalancerControllerRole  --po
 
 + Create Service Account
 ```
-eksctl create iamserviceaccount --cluster=eks-github --namespace=kube-system --name=aws-load-balancer-controller --role-name AmazonEKSLoadBalancerControllerRole --attach-policy-arn=arn:aws:iam::ACCOUNT_ID:policy/ALBIngressControllerIAMPolicy --override-existing-serviceaccounts --approve
+eksctl create iamserviceaccount --cluster=webapi-eks --namespace=kube-system --name=aws-load-balancer-controller --role-name AmazonEKSLoadBalancerControllerRole --attach-policy-arn=arn:aws:iam::ACCOUNT_ID:policy/ALBIngressControllerIAMPolicy --override-existing-serviceaccounts --approve
 
 kubectl apply -f AWS/aws-load-balancer-controller-service-account.yml
 ```
 
 + Get IAM Service Account
 ```
-eksctl  get iamserviceaccount --cluster eks-github
+eksctl  get iamserviceaccount --cluster webapi-eks
 
 kubectl describe sa aws-load-balancer-controller -n kube-system
 
 kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
 
-helm install aws-load-balancer-controller eks/aws-load-balancer-controller --set clusterName=eks-github --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller -n kube-system
+helm install aws-load-balancer-controller eks/aws-load-balancer-controller --set clusterName=webapi-eks --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller -n kube-system
 ```
 
 + Verify that the AWS Load Balancer Controller is installed:
@@ -79,43 +79,6 @@ kubectl get deployment -n kube-system aws-load-balancer-controller
 kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
 ```
 
-
-### Apply Terraform
-+ Create Infrastructure EKS
-    ```
-    cd devops\terraform
-    terraform init
-    terraform apply
-    ```
-
-+ Update kubeconfig
-    ```
-    aws eks update-kubeconfig --region ap-southeast-1 --name microservice-eks-00mIoI2W
-    ```
-
-+ Create Service Account
-    ```
-    eksctl create iamserviceaccount --cluster=microservice-eks-00mIoI2W --name=aws-load-balancer-controller --namespace=kube-system --role-name eksctl-eks-github-addon-iamserviceaccount-ku-Role1 --attach-policy-arn=arn:aws:iam::783560535431:policy/ALBIngressControllerIAMPolicy --override-existing-serviceaccounts --approve
-
-    kubectl apply -f aws/aws-load-balancer-controller-service-account.yml
-    ```
-
-+ Get IAM Service Account
-    ```
-    eksctl get iamserviceaccount --cluster microservice-eks-00mIoI2W
-
-    kubectl describe sa aws-load-balancer-controller -n kube-system
-
-    kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
-
-    helm install aws-load-balancer-controller eks/aws-load-balancer-controller --set clusterName=microservice-eks-00mIoI2W --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller -n kube-system
-    ```
-
-+ Verify the AWS Load Balancer Controller
-    ```
-    kubectl get deployment -n kube-system aws-load-balancer-controller
-    ```
-
 ### Issues
 + Couldn't create an AWS Load Balancer Controller
 ```
 
@@ -7,4 +7,4 @@ metadata:
   name: aws-load-balancer-controller
   namespace: kube-system
   annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::[AccountID]:role/AmazonEKSLoadBalancerControllerRole
+    eks.amazonaws.com/role-arn: arn:aws:iam::783560535431:role/AmazonEKSLoadBalancerControllerRole
@@ -0,0 +1,18 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::783560535431:oidc-provider/oidc.eks.ap-southeast-1.amazonaws.com/id/B3CC05A4C5B79D318F0942260946D505"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringEquals": {
+                    "oidc.eks.ap-southeast-1.amazonaws.com/id/B3CC05A4C5B79D318F0942260946D505:aud": "sts.amazonaws.com",
+                    "oidc.eks.ap-southeast-1.amazonaws.com/id/B3CC05A4C5B79D318F0942260946D505:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
+                }
+            }
+        }
+    ]
+}