15-managed-nodes.yaml

# An example of ClusterConfig object using Managed Nodes
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: cluster-15
  region: us-west-2

managedNodeGroups:
  - name: managed-ng-public
    instanceType: m5.large
    minSize: 2
    desiredCapacity: 3
    maxSize: 4
    availabilityZones: ["us-west-2a", "us-west-2b"]
    volumeSize: 20
    updateConfig:
      maxUnavailable: 3 # or `maxUnavailablePercentage: 75` to specify maxUnavailable as a percentage of total nodes
    securityGroups:
      attachIDs: ["sg-1", "sg-2"]
    ssh:
      allow: true
      publicKeyPath: ~/.ssh/ec2_id_rsa.pub
      # new feature for restricting SSH access to certain AWS security group IDs
      sourceSecurityGroupIds: ["sg-00241fbb12c607007"]
    labels: {role: worker}
    # Note: unmanaged nodegroups (`nodeGroups` field) use a different structure (map[string]string) to express taints
    taints:
    - key: key1
      value: value1
      effect: NoSchedule
    - key: key2
      effect: NoExecute
    tags:
      nodegroup-role: worker
    iam:
      withAddonPolicies:
        externalDNS: true
        certManager: true

  - name: managed-ng-private
    instanceType: m5.large
    # launch nodegroup in private subnets
    privateNetworking: true

  - name: custom-ami
    amiFamily: AmazonLinux2
    ami: ami-custom
    preBootstrapCommands:
      # disable hyperthreading
      - "for n in $(cat /sys/devices/system/cpu/cpu*/topology/thread_siblings_list | cut -s -d, -f2- | tr ',' '\n' | sort -un); do echo 0 > /sys/devices/system/cpu/cpu${n}/online; done"
    overrideBootstrapCommand: |
      #!/bin/bash
      /etc/eks/bootstrap.sh cluster-15

  - name: custom-launch-template
    launchTemplate:
      id: lt-1234
      version: "3"