- Cloudtechdev·Last edited by Neil Guan on Oct 20, 2020Linked with GitHubContributed by
There is no commentSelect some text and then click Comment, or simply add a comment to this page from below to start a discussion.EKS Workshop
創建 aws eks 有很多方法 , 可以使用 awscdk , terraform ,eksctl 等等…, 今天使用對於創建 AWS EKS 叢集經驗跟知識比較不需要這麼高的方式來創建 AWS EKS 叢集 eksctl 。
Preinstall eksctl and awscli
Linux
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
Mac OS
use Homebrew
brew tap weaveworks/tap
brew install weaveworks/tap/eksctl
Windows
若以上都不想做點我吧 !!!
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
如果您不是使用 Admin User , 請確定至少有以下權限 AWS 相關最低權限
export AWS_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAA
export AWS_SECRET_ACCESS_KEY=AAAAAAAAAAAAAAAAAVVVVVVVVVVVVVVV
export AWS_DEFAULT_REGION=ap-northeast-1
# 先確認目前使用的身份。
aws sts get-caller-identity
eksctl create cluster \
--name eks-2020-{NAME} \
--managed \
--node-type t3.medium
[ℹ] eksctl version 0.28.1
[ℹ] using region ap-northeast-1
[ℹ] setting availability zones to [ap-northeast-1a ap-northeast-1d ap-northeast-1c]
[ℹ] subnets for ap-northeast-1a - public:192.168.0.0/19 private:192.168.96.0/19
[ℹ] subnets for ap-northeast-1d - public:192.168.32.0/19 private:192.168.128.0/19
[ℹ] subnets for ap-northeast-1c - public:192.168.64.0/19 private:192.168.160.0/19
[ℹ] using Kubernetes version 1.17
[ℹ] creating EKS cluster "eks-2020-{name}" in "ap-northeast-1" region with managed nodes
[ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
[ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-northeast-1 --cluster=eks-2020-{name}'
[ℹ] CloudWatch logging will not be enabled for cluster "eks-2020-{name}" in "ap-northeast-1"
[ℹ] you can enable it with 'eksctl utils update-cluster-logging --region=ap-northeast-1 --cluster=eks-2020-{name}'
# 創建叢集須等待 20 分鐘左右
# get nodes ...
kubectl get nodes
但是這個過程中 eksctl 幫你做了什麼呢?!
創建了 vpc , nat , eks cluster ,node workgroup (ec2) …
Learn More →
- eks cluster 加網路等等…
Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
- eks worker nodegroup…
創建完成後,因為為 managed nodegroup , 所以可以在 eks console看到 compute nodegroup 們。Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Image Not Showing Possible Reasons- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
可以說 eksctl 真的很方便呢 但是如果 create cluster 時,還沒裝 aws and kubectl怎麼辦呢?!
可以這麼做
# 安裝完 aws cli 以及 kubectl 後
# 什麼?! 忘記 cluster name
# try : eksctl get cluster --region ${region_name}
# see more aws eks cli ... https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html
aws eks update-kubeconfig --name ${Cluster_name} --region ${region_name}
kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T21:51:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"16+", GitVersion:"v1.16.13-eks-2ba888", GitCommit:"2ba888155c7f8093a1bc06e3336333fbdb27b3da", GitTreeState:"clean", BuildDate:"2020-07-17T18:48:53Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
所以 AWS EKS 是怎麼做授權的呢?!
創建Amazon EKS集群時,會在集群的RBAC配置中自動向IAM實體用戶或角色(例如創建集群的聯合用戶)授予system:masters權限。 要授予其他AWS用戶或角色與集群進行交互的能力,您必須在Kubernetes中編輯 aws-auth ConfigMap,而因為我們使用的是 eksctl 創建叢集不會出現在 aws-auth 但擁有 system:master 權限。
可以看看 aws-auth 這個 configmaps 目前長什麼樣子
# aws-auth 在 kube-system namespace
kubectl -n kube-system get configmaps aws-auth -o yaml
apiVersion: v1
data:
mapRoles: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::${account_id}:role/eksctl-XXXXXXX-nodegroup-XXXXXX-NodeInstanceRole-XXXXXXXXXX
username: system:node:{{EC2PrivateDNSName}}
mapUsers: |
kind: ConfigMap
...
如果有一個以上的 叢集如何切換 指令如下。
# 查看目前 `~/.kube/config` 有多少 context
kubectl config get-contexts
# 選取指定的 context
kubectl config use-context <context-name>
將當前的 context 預設的 namespace 設定成你想要的 namespace 指令如下。
# 將當前的 context 預設的 namespace 設定成你想要的
kubectl config set-context --current --namespace=<ns>
# 範例
kubectl create ns haha
kubectl config set-context --current --namespace=haha
等待更新
.
移除 EKS Cluster
eksctl delete cluster --name eks-2020-{name}
[✔] all cluster resources were deleted
Read more
Pull ECR Pricing
REF: https://aws.amazon.com/vpc/pricing/#natgatewaypricing https://aws.amazon.com/privatelink/pricing/ https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html
Aug 22, 2021Cathay ITalent
學習力 在沒有工作task 時,懂的利用時間去充實自己未具備的技能,並在遇到可以使用此技能的在工作上提出,並實用。 敏捷力 在工作被派與任務時,能夠快速且準確的把任務完成。 對話力 在工作發現問題時,懂的與團隊溝通並提出想法,以解決問題。 促進團隊成功
Aug 10, 2021okd 3.11 sample inventory
[OSEv3:children] masters etcd nodes [masters] pmst01.com.tw pmst02.com.tw pmst03.com.tw
Apr 11, 2021nodejs Dockerfile tips
Type the following into the file. These statements produce a Dockerfile that describes the following: The base stage includes environment setup which we expect to change very rarely, if at all. Creates a new Docker image from the base image node:alpine. This base image has node.js on it and is optimized for small size. Add curl to the base image to support Docker health checks. Creates a directory on the image where the application files can be copied.
Dec 11, 2020
HackMD