aws-samples · stevensu1977 · Mar 15, 2020 · Mar 14, 2020 · Mar 14, 2020 · Mar 15, 2020
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,9 @@
+.DS_Store
+china/.DS_Store
+global/.DS_Store
+resource/china/ecsdemo-crystal
+resource/china/ecsdemo-frontend
+resource/china/ecsdemo-nodejs
+resource/china/s3-echoer
+resource/china/hpa/metrics-server-v0.3.6.tar.gz
+resource/china/hpa/metrics-server-v0.3.6/*
diff --git a/china/2020_EKS_Launch_Workshop/步骤1-准备实验环境.md b/china/2020_EKS_Launch_Workshop/步骤1-准备实验环境.md
@@ -70,7 +70,7 @@ https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
 #macOS
 curl -o kubectl  https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/darwin/amd64/kubectl
 #Linux
-curl -o kubectl  https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/kubectl
+curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/kubectl
 
 chmod +x ./kubectl
 sudo mv ./kubectl /usr/local/bin

diff --git a/china/2020_EKS_Launch_Workshop/步骤2-创建EKS集群.md b/china/2020_EKS_Launch_Workshop/步骤2-创建EKS集群.md
@@ -133,15 +133,22 @@ ip-192-168-86-36.cn-northwest-1.compute.internal    Ready    <none>   3d4h   v1.
 
 由于防火墙或安全限制，海外gcr.io, quay.io的镜像可能无法下载，为了不手动修改原始yaml文件的镜像路径，采用下面webhook的方式，自动修改国内配置的镜像路径。
 详情参考 [amazon-api-gateway-mutating-webhook-for-k8](https://github.com/aws-samples/amazon-api-gateway-mutating-webhook-for-k8)
+1. 修改 api-gateway.yaml 中 image_mirrors 下面的镜像地址为你偏好的国内镜像地址
 ```bash
 git clone [email protected]:aws-samples/amazon-api-gateway-mutating-webhook-for-k8.git
 cd amazon-api-gateway-mutating-webhook-for-k8
-Deploy cloudformation api-gateway.yaml，注意修改下面的镜像地址为你偏好的地址
+# 
 image_mirrors = {
             'gcr.io/': 'local-gcr-io/',
             'k8s.gcr.io/': 'local-gcr-io/google-containers/',
             'quay.io/': 'local-quay-io/'
 }
+```
+
+2. 在AWS console 部署 Cloudformation template api-gateway.yaml 
+
+3. Cloudformation 部署完成之后，在 EKS 集群部署 webhook
+```bash
 kubectl apply -f mutating-webhook.yaml
 ```
 

diff --git a/china/2020_EKS_Launch_Workshop/步骤3-部署官方的KubernetesDashboard.md b/china/2020_EKS_Launch_Workshop/步骤3-部署官方的KubernetesDashboard.md
@@ -16,5 +16,8 @@ http://localhost:8080//api/v1/namespaces/kube-system/services/https:kubernetes-d
 
 #获取登录的token
 aws eks get-token --cluster-name ${CLUSTER_NAME} --region ${AWS_REGION} | jq -r '.status.token'
+
+#登录
+选择 Dashbaord 登录页面的 “Token” 单选按钮，复制上述命令的输出，粘贴，之后点击 Sign In。
 ```
 
diff --git a/china/2020_EKS_Launch_Workshop/步骤4-部署微服务以及配置ALBIngressController.md b/china/2020_EKS_Launch_Workshop/步骤4-部署微服务以及配置ALBIngressController.md
@@ -106,9 +106,9 @@ eksctl utils associate-iam-oidc-provider --cluster=${CLUSTER_NAME} --approve --r
  * 请注意官方的policy里面包含了WAF等服务，中国区没有所以需要手动删除,修改好的已经放在resource/alb-ingress-controller目录下
 
 ```bash
-cd resource/alb-ingress-controller
+cd china/2020_EKS_Launch_Workshop
 aws iam create-policy --policy-name ALBIngressControllerIAMPolicy \
-  --policy-document file://./resource/alb-ingress-controller/iam-policy.json --region ${AWS_REGION}
+  --policy-document file://./resource/alb-ingress-controller/ingress-iam-policy.json --region ${AWS_REGION}
 
 # 记录返回的Plociy ARN
 POLICY_NAME=$(aws iam list-policies --query 'Policies[?PolicyName==`ALBIngressControllerIAMPolicy`].Arn' --output text --region ${AWS_REGION})

diff --git a/china/2020_EKS_Launch_Workshop/步骤6-配置使用EFS.md b/china/2020_EKS_Launch_Workshop/步骤6-配置使用EFS.md
@@ -9,7 +9,7 @@ aws ec2 create-security-group --description ${CLUSTER_NAME}-efs-eks-sg --group-n
 SGGroupID=上一步的结果访问
 aws ec2 authorize-security-group-ingress --group-id ${SGGroupID}  --protocol tcp --port 2049 --cidr ${VPC_CIDR}
 
-# 创建EFS file system 和 mount-target
+# 创建EFS file system 和 mount-target, 请根据你的环境替换 FileSystemId， SubnetID， SGGroupID
 aws efs create-file-system --creation-token eks-efs --region ${AWS_REGION}
 aws efs create-mount-target --file-system-id FileSystemId --subnet-id SubnetID --security-group SGGroupID
 

diff --git a/china/2020_EKS_Launch_Workshop/步骤7-在EKS中使用IAMRole进行权限管理.md b/china/2020_EKS_Launch_Workshop/步骤7-在EKS中使用IAMRole进行权限管理.md
@@ -60,10 +60,7 @@ kubectl delete job/s3-echoer
 
 7.3 部署第二个测试应用
 ```bash
-# download pod yaml
-curl -LO https://eksworkshop.com/beginner/110_irsa/deploy.files/iam-pod.yaml
-# replace the serviceAccountName: s3-echoer
-# add the env AWS_DEFAULT_REGION or AWS_REGION to resolve issue: An error occurred (InvalidIdentityToken) when calling the AssumeRoleWithWebIdentity operation: No OpenIDConnect provider found in your account for
+cd china/2020_EKS_Launch_Workshop/resource/IRSA
 
 # Apply the testing
 kubectl apply -f iam-pod.yaml

diff --git a/china/2020_EKS_Launch_Workshop/步骤9-使用Helm部署应用.md b/china/2020_EKS_Launch_Workshop/步骤9-使用Helm部署应用.md
@@ -46,7 +46,7 @@ helm version --short
 # 设置 stable repository
 ## 删除默认的源
 helm repo remove stable
-## 增加新的国内镜像源
+## 增加新的国内镜像源, 你可以选择其他偏好的国内镜像
 helm repo add stable https://burdenbear.github.io/kube-charts-mirror/
 helm search repo wordpress
 
@@ -84,7 +84,7 @@ kubectl get pods -l app.kubernetes.io/name=nginx
 
 # Get the NGINX URL:
 #Watch the status with
-kubectl get svc --n default -w gcr-eks-webserver-nginx
+kubectl get svc -n default -w gcr-eks-webserver-nginx
 SERVICE_IP=$(kubectl get svc --namespace default gcr-eks-webserver-nginx --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
 echo "NGINX URL: http://${SERVICE_IP}/"
 curl ${SERVICE_IP}