diff --git a/resources/files/blog-resource/kubecost-multicluster/Policy.json b/resources/files/blog-resource/kubecost-multicluster/Policy.json new file mode 100644 index 000000000..a6c1e4e17 --- /dev/null +++ b/resources/files/blog-resource/kubecost-multicluster/Policy.json @@ -0,0 +1,17 @@ +{ +"Version": "2012-10-17", +"Statement": [ +{ +"Effect": "Allow", +"Principal": { +"AWS": [ +"arn:aws:iam::1234567890:role/EKS-Kubecost-cost-role", +"arn:aws:iam::1234567890:role/EKS-Kubecost-prom-role" +] +}, +"Action": "sts:AssumeRole", +"Condition": {} +} +] +} + diff --git a/resources/files/blog-resource/kubecost-multicluster/Trust1.json b/resources/files/blog-resource/kubecost-multicluster/Trust1.json new file mode 100644 index 000000000..23585f8ac --- /dev/null +++ b/resources/files/blog-resource/kubecost-multicluster/Trust1.json @@ -0,0 +1,30 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123456789:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/AF4832F0CCC4BCBC4636863B58BFD3F9" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.us-east-1.amazonaws.com/id/AF4832F0CCC4BCBC4636863B58BFD3F9:sub": "system:serviceaccount:kubecost:kubecost-prometheus-server-amp" + } + } + }, + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123456789:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BCEA68EF86BA073F9E2DEE3B6327EE2D" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.us-east-1.amazonaws.com/id/BCEA68EF86BA073F9E2DEE3B6327EE2D:sub": "system:serviceaccount:kubecost:kubecost-prometheus-server-amp" + } + } + } + ] +} + diff --git a/resources/files/blog-resource/kubecost-multicluster/config-value.yaml b/resources/files/blog-resource/kubecost-multicluster/config-value.yaml new file mode 100644 index 000000000..23a58954f --- /dev/null +++ b/resources/files/blog-resource/kubecost-multicluster/config-value.yaml @@ -0,0 +1,14 @@ +global: + amp: + enabled: true + prometheusServerEndpoint: http://localhost:8005/workspaces/ws-020a693c-4d10-4292-b4a0-e6703ba1d33b + remoteWriteService: https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-020a693c-4d10-4292-b4a0-e6703ba1d33b/api/v1/remote_write + sigv4: + region: us-east-1 + role_arn: arn:aws:iam::1234567890:role/EKS-AMP-Central-Role + +sigV4Proxy: + region: us-east-1 + host: aps-workspaces.us-east-1.amazonaws.com + role_arn: arn:aws:iam::1234567890:role/EKS-AMP-Central-Role + diff --git a/resources/files/blog-resource/kubecost-multicluster/trustPolicy.json b/resources/files/blog-resource/kubecost-multicluster/trustPolicy.json new file mode 100644 index 000000000..ff8dc4ecf --- /dev/null +++ b/resources/files/blog-resource/kubecost-multicluster/trustPolicy.json @@ -0,0 +1,30 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123456789:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/BCEA68EF86BA073F9E2DEE3B6327EE2D" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.us-east-1.amazonaws.com/id/BCEA68EF86BA073F9E2DEE3B6327EE2D:sub": "system:serviceaccount:kubecost:kubecost-cost-analyzer-amp" + } + } + }, + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123456789:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/AF4832F0CCC4BCBC4636863B58BFD3F9" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.us-east-1.amazonaws.com/id/AF4832F0CCC4BCBC4636863B58BFD3F9:sub": "system:serviceaccount:kubecost:kubecost-cost-analyzer-amp" + } + } + } + ] +} +