Merge pull request #99 from black-mirror-1/eks-workshop-with-ee-bluep…

…rint Eks workshop with ee blueprint
awslabs · Dec 6, 2020 · a2f01cd · a2f01cd
2 parents 3fdfa7c + ea234a8
commit a2f01cd
Show file tree

Hide file tree

Showing 13 changed files with 551 additions and 54 deletions.
diff --git a/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md b/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md
@@ -8,7 +8,7 @@ weight: 20
 
 {{% notice warning %}}
 Only complete this section if you are at an AWS hosted event (such as re:Invent,
-Kubecon, Immersion Day, or any other event hosted by an AWS employee). If you are running the workshop on your own, go to: [Start the workshop on your own]({{< relref "self_paced.md" >}}).
+Kubecon, Immersion Day, or any other event hosted by an AWS employee). If you are running the workshop on your own, go to: [Start the workshop on your own]({{< relref "nf_self_paced.md" >}}).
 {{% /notice %}}
 
 ### Login to the AWS Workshop Portal

diff --git a/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md b/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md
@@ -5,7 +5,7 @@ weight: 10
 ---
 
 {{% notice warning %}}
-Only complete this section if you are running the workshop on your own. If you are at an AWS hosted event (such as re:Invent, Kubecon, Immersion Day, etc), go to [Start the workshop at an AWS event]({{< relref "aws_event.md" >}}).
+Only complete this section if you are running the workshop on your own. If you are at an AWS hosted event (such as re:Invent, Kubecon, Immersion Day, etc), go to [Start the workshop at an AWS event]({{< relref "nf_aws_event.md" >}}).
 {{% /notice %}}
 
 ### Prepare for CleanUp

diff --git a/...t/using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md b/...t/using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md
@@ -0,0 +1,13 @@
+---
+title: "Create EKS cluster Command"
+chapter: false
+disableToc: true
+hidden: true
+---
+<!--
+This markdown file is used as part of another file using 'insert-md-from-file' shortcode
+-->
+
+```
+eksctl create cluster --version=1.18 --name=eksworkshop-eksctl --node-private-networking  --managed --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access
+```
diff --git a/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md b/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md
@@ -14,20 +14,7 @@ weight: 20
 
 {{%expand "Expand here to see the solution" %}}
 
-Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role.
-
-```
-aws sts get-caller-identity
-
-```
-
-{{% notice note %}}
-**Select the tab** and and validate the assumed role…
-{{% /notice %}}
-{{< tabs name="Region" >}}
-    {{< tab name="...ON YOUR OWN" include="../prerequisites/on_your_own_validaterole.md" />}}
-    {{< tab name="...AT AN AWS EVENT" include="../prerequisites/at_an_aws_validaterole.md" />}}
-{{< /tabs >}}
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md" %}}
 
 If you do not see the correct role, please go back and **[validate the IAM role]({{< relref "../prerequisites/update_workspaceiam.md" >}})** for troubleshooting.
 
@@ -39,9 +26,7 @@ If you do see the correct role, proceed to next step to create an EKS cluster.
 
 The following command will create an eks cluster with the name `eksworkshop-eksctl`. It will also create a nodegroup with 2 on-demand instances.
 
-```
-eksctl create cluster --version=1.18 --name=eksworkshop-eksctl --node-private-networking  --managed --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access
-```
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md" %}}
 
 eksctl allows us to pass parameters to initialize the cluster. While initializing the cluster, eksctl does also allow us to create nodegroups.
 

diff --git a/content/using_ec2_spot_instances_with_eks/eksctl/test.md b/content/using_ec2_spot_instances_with_eks/eksctl/test.md
@@ -33,3 +33,36 @@ You now have a fully working Amazon EKS Cluster that is ready to use!
 {{% notice tip %}}
 Explore the Elastic Kubernetes Service (EKS) section in the AWS Console and the properties of the newly created EKS cluster.
 {{% /notice %}}
+
+{{% notice warning %}}
+You might see **Error loading Namespaces** while exploring the cluster on the AWS Console. It could be because the console user role doesnt have necessary permissions on the EKS cluster's RBAC configuration in the control plane. Please expand and follow the below instructions to add necessary permissions. 
+{{% /notice %}}
+
+{{%expand "Click to reveal detailed instructions" %}}
+
+### Add your IAM role Arn as cluster-admin on RBAC
+
+Get the ARN for your IAM role, it should look something like 
+
+```
+arn:aws:iam::<AWS_Account_Number>:role/<RoleName>
+```
+
+Edit the ConfigMap **aws-auth** using the below command
+
+```
+kubectl edit configmap -n kube-system aws-auth
+```
+
+Add the below snippet at the end, that will add the IAM role to the **masters** group on EKS cluster RBAC, thereby assigning a **cluster-admin** role on the cluster. Please refer the documentation [here](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html)
+
+Please make sure to replace the `<AWS_Account_Number>` and `<RoleName>` with your AWS Account Number and IAM Role Name respectively
+
+```
+    - groups:
+      - system:masters
+      rolearn: arn:aws:iam::<AWS_Account_Number>:role/<RoleName>
+      username: <RoleName>
+```
+
+{{% /expand%}}
diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md b/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md
@@ -23,4 +23,66 @@ If you are at an AWS event, an AWS account was created for you to use throughout
 
 You are now logged in to the AWS console in an account that was created for you, and will be available only throughout the workshop run time.
 
-Once you have completed the step above, **you can head straight to [Create a Workspace]({{< relref "workspace.md" >}})**
+{{% notice info %}}
+In the interest of time for shorter events we sometimes deploy the resources required as a prerequisite for you. If you were told so, please review the cloudformation outputs of the stack that was deployed by **expanding the instructions below**.
+{{% /notice %}}
+
+{{%expand "Click to reveal detailed instructions" %}}
+
+#### What resources are already deployed {#resources_deployed}
+
+We have deployed the below resources required to get started with the workshop using a CloudFormation Template (**[eks-spot-workshop-quickstarter-cnf.yml] (prerequisites.files/eks-spot-workshop-quickstart-cnf.yml)**), Please reference the below  resources created by the stack.
+
++ An [AWS Cloud9](https://console.aws.amazon.com/cloud9) workspace with
+    - An IAM role created and attached to the workspace with Administrator access
+    - Kubernetes tools installed (kubectl, jq and envsubst)
+    - awscli upgraded to v2
+    - Created and imported a key pair to Amazon EC2
+    - [eksctl](https://eksctl.io/) installed, The official CLI for Amazon EKS 
+
++ An EKS cluster with the name `eksworkshop-eksctl` and a [EKS managed node group](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html)  with 2 on-demand instances.
+
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md" %}}
+
+
+#### Use your resources 
+
+In this workshop, you'll need to reference the resources created by the CloudFormation stack that we setup for you.
+
+1. On the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation), select the stack name that starts with **mod-** in the list.
+
+1. In the stack details pane, click the **Outputs** tab.
+
+![cnf_output](/images/using_ec2_spot_instances_with_eks/prerequisites/cnf_output.png)
+
+It is recommended that you keep this window open so you can easily refer to the outputs and resources throughout the workshop.
+
+{{% notice info %}}
+you will notice additional Cloudformation stacks were also deployed which is the result of the stack that starts with **mod-**. One to deploy the Cloud9 Workspace and two other to create the EKS cluster and managed nodegroup.
+{{% /notice %}}
+
+#### Launch your Cloud9 workspace
+
+- Click on the url against `Cloud9IDE` from the outputs
+
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/workspace_at_launch.md" %}}
+
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md" %}}
+
+### Validate the IAM role {#validate_iam}
+
+Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role.
+
+```
+aws sts get-caller-identity
+
+```
+
+{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/at_an_aws_validaterole.md" %}}
+
+{{% notice note %}}
+Since we have already setup the prerequisites, **you can head straight to [Test the Cluster]({{<  relref "../eksctl/test.md"  >}})**
+{{% /notice %}}
+
+{{% /expand%}}
+