Skip to content

Commit

Permalink
edits
Browse files Browse the repository at this point in the history
  • Loading branch information
@orishoshan
orishoshan committed Mar 14, 2024
1 parent 04f9a97 commit 34fe154
Show file tree
Hide file tree
Showing 5 changed files with 109 additions and 106 deletions.
56 changes: 9 additions & 47 deletions docs/features/aws-iam/tutorials/aws-iam-eks.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,56 +25,18 @@ Before you start, you'll need an AWS EKS cluster. Any cluster will do; there are
<summary>How to set up an AWS EKS cluster using eksctl</summary>


Save this `yaml` as `cluster-config.yaml`:
Run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/)

```yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: otterize-iam-eks-tutorial
region: us-west-2
version: "1.27"

iam:
withOIDC: true

vpc:
clusterEndpoints:
publicAccess: true
privateAccess: true

addons:
- name: vpc-cni
version: 1.14.0
attachPolicyARNs: #optional
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
configurationValues: |-
enableNetworkPolicy: "true"
- name: coredns
- name: kube-proxy

managedNodeGroups:
- name: small-on-demand
amiFamily: AmazonLinux2
instanceTypes: [ "t3.large" ]
minSize: 0
desiredCapacity: 2
maxSize: 6
privateNetworking: true
disableIMDSv1: true
volumeSize: 100
volumeType: gp3
volumeEncrypted: true
tags:
team: "eks"
```bash
curl ${ABSOLUTE_URL}/code-examples/aws-iam-eks/cluster-config.yaml | eksctl create cluster -f -
```
<details>
<summary>Inspect eks-cluster.yaml contents</summary>

Then run the following command to create your cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/)

```shell
eksctl create cluster -f cluster-config.yaml
```
```yaml
{@include: ../../../../static/code-examples/aws-iam-eks/cluster-config}
```
</details>

</details>

Expand Down
19 changes: 7 additions & 12 deletions docs/features/aws-iam/tutorials/aws-visibility.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
sidebar_position: 2
title: AWS Resource Mapping
title: AWS resource mapping & IAM policy generation
image: /img/quick-tutorials/aws-iam-visibility/social.png
---

Expand All @@ -10,7 +10,7 @@ Many production Kubernetes workloads rely on cloud resources, like S3 Buckets, R
In this tutorial, we will:
* Set up an EKS cluster.
* Deploy two Lambda functions.
* Deploy a server pod that retrieves joke from a Lambda, provides a review, and posts the review to another Lambda.
* Deploy a server pod that retrieves a joke (as in, a string containing a joke ;) from a Lambda, provides a review, and posts the review to another Lambda.
* Automatically detect and view the Lambda function calls in Otterize.

By the end, you'll know how to map Kubernetes workloads alongside their dependent AWS resources using Otterize.
Expand All @@ -20,7 +20,7 @@ By the end, you'll know how to map Kubernetes workloads alongside their dependen
### CLI tools
We will need the following CLI tools to set up our cluster and deploy our scripts.

1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account with permissions to work with EKS clusters, IAM, Cloudformation, and Lambda functions
1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). You will also need credentials within the target account with permissions to work with EKS clusters, IAM, CloudFormation, and Lambda functions.
2. [eksctl](https://eksctl.io/installation/)

### Create an EKS cluster
Expand All @@ -31,7 +31,7 @@ Begin by creating an EKS cluster for pod deployment using **eksctl** with the YA
curl ${ABSOLUTE_URL}/code-examples/aws-visibility/eks-cluster.yaml | eksctl create cluster -f -
```
<details>
<summary>Inspect Cluster Configuration</summary>
<summary>Inspect eks-cluster.yaml contents</summary>

```yaml
{@include: ../../../../static/code-examples/aws-visibility/eks-cluster.yaml}
Expand All @@ -50,7 +50,7 @@ To provide visibility, we will need to install Otterize in our cluster, and we w
If you don't have a connected Kubernetes cluster, create one via [Integrations page](https://app.otterize.com/integrations) and follow the setup instructions for Kubernetes. Skip if your cluster is already connected.

2. **Integrate AWS with Otterize Cloud**
To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a cloudformation script we will use to integrate AWS access controls into our cluster.
To begin the integration with AWS, visit the [Integrations page](https://app.otterize.com/integrations). Once there, you will be asked for information to help populate a CloudFormation template we will use to set up roles and policies for the Otterize deployment in our cluster.

If you created the EKS cluster above, the cluster name would be`otterize-tutorial-aws-visibility`, and the region would be `us-west-2`.

Expand Down Expand Up @@ -160,14 +160,9 @@ In the Access graph screenshot below, you’ll see 4 AWS resources associated wi

### What's Next

Now that we've discovered AWS resources used within a Kubernetes workload, you can learn more about how you can manage access to these resources with Otterize in the [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) tutorial.
Now that we've discovered the AWS resources used within a Kubernetes workload, you can learn more about how you can manage access to these resources with Otterize in the [Automate AWS IAM for EKS](/features/aws-iam/tutorials/aws-iam-eks) tutorial.

## Clean Up

To remove cloudformation yaml:
```bash
rm template.yaml
```
## Cleanup

To remove the deployed example:
```bash
Expand Down
59 changes: 12 additions & 47 deletions docs/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,57 +23,22 @@ This tutorial will walk you through deploying an AWS EKS cluster with the AWS VP

Before you start, you'll need an AWS Kubernetes cluster. Having a cluster with a [CNI](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports [NetworkPolicies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) is required for this tutorial.

Save this `yaml` as `cluster-config.yaml`:

```yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: np-ipv4-127
region: us-west-2
version: "1.27"

iam:
withOIDC: true

vpc:
clusterEndpoints:
publicAccess: true
privateAccess: true

addons:
- name: vpc-cni
version: 1.14.0
attachPolicyARNs: #optional
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
configurationValues: |-
# highlight-next-line
enableNetworkPolicy: "true"
- name: coredns
- name: kube-proxy

managedNodeGroups:
- name: small-on-demand
amiFamily: AmazonLinux2
instanceTypes: [ "t3.large" ]
minSize: 0
desiredCapacity: 2
maxSize: 6
privateNetworking: true
disableIMDSv1: true
volumeSize: 100
volumeType: gp3
volumeEncrypted: true
tags:
team: "eks"
```shell
eksctl create cluster -f cluster-config.yaml
```

Then run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/)
Run the following command to create your AWS cluster. [Don't have eksctl? Install it now.](https://eksctl.io/installation/)

```shell
eksctl create cluster -f cluster-config.yaml
```bash
curl ${ABSOLUTE_URL}/code-examples/aws-eks-mini/cluster-config.yaml | eksctl create cluster -f -
```
<details>
<summary>Inspect eks-cluster.yaml contents</summary>

```yaml
{@include: ../../../../static/code-examples/aws-eks-mini/cluster-config}
```
</details>

Once your AWS EKS has finished deploying the control pane and node group, the next step is deploying Otterize as well as a couple of clients and a server to see how they are affected by network policies.

Expand Down
41 changes: 41 additions & 0 deletions static/code-examples/aws-eks-mini/cluster-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: np-ipv4-127
region: us-west-2
version: "1.27"

iam:
withOIDC: true

vpc:
clusterEndpoints:
publicAccess: true
privateAccess: true

addons:
- name: vpc-cni
version: 1.14.0
attachPolicyARNs: #optional
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
configurationValues: |-
# highlight-next-line
enableNetworkPolicy: "true"
- name: coredns
- name: kube-proxy

managedNodeGroups:
- name: small-on-demand
amiFamily: AmazonLinux2
instanceTypes: [ "t3.large" ]
minSize: 0
desiredCapacity: 2
maxSize: 6
privateNetworking: true
disableIMDSv1: true
volumeSize: 100
volumeType: gp3
volumeEncrypted: true
tags:
team: "eks"
40 changes: 40 additions & 0 deletions static/code-examples/aws-iam-eks/cluster-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
name: otterize-iam-eks-tutorial
region: us-west-2
version: "1.27"

iam:
withOIDC: true

vpc:
clusterEndpoints:
publicAccess: true
privateAccess: true

addons:
- name: vpc-cni
version: 1.14.0
attachPolicyARNs: #optional
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
configurationValues: |-
enableNetworkPolicy: "true"
- name: coredns
- name: kube-proxy

managedNodeGroups:
- name: small-on-demand
amiFamily: AmazonLinux2
instanceTypes: [ "t3.large" ]
minSize: 0
desiredCapacity: 2
maxSize: 6
privateNetworking: true
disableIMDSv1: true
volumeSize: 100
volumeType: gp3
volumeEncrypted: true
tags:
team: "eks"

0 comments on commit 34fe154

Please sign in to comment.