This example shows how to deploy Tapir to EKS using IRSA (IAM roles for Service Accounts), that allows cluster operators to map AWS IAM Roles to Kubernetes Service Accounts.
You need to have the following tools installed:
This example assumes that you have a working AWS account and that you have:
-
set up an EKS cluster with RBAC enabled
-
configured
~/.kube/configto access the cluster -
EKS with ALB Ingress Controller installed
-
EKS with external-dns installed
You can deploy the example by running the following commands:
terraform init
terraform apply -var="hosted_zone_name=<top_level_domain>" -var="eks_oidc_issuer_url=<eks_oidc_issuer_url>" -var="auth_endpoint=<your-idp-endpoint>" -var="auth_client_id=<your-client-id>"The hosted_zone_name variable should be set to the top level domain of your hosted zone in Route53 E.g. if hosted_zone_name=example.org, Tapir will be exposed on https://tapir.example.org. The eks_oidc_issuer_url variable should be set to the OIDC issuer URL of your EKS cluster.