AWS Containers

ECR

Elastic Container Registry.

ECS

Elastic Container Service.

EKS

Elastic Kubernetes Service.

通过AWS CLI创建EKS

通过MC创建的资源都可以通过CLI(aws)创建.

创建具有公有和私有子网且符合 Amazon EKS 要求的 Amazon VPC

$ aws cloudformation create-stack \
--stack-name my-eks-vpc-stack \
--region region-code \
--template-url https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml 

创建集群 IAM 角色并向其附加所需的 Amazon EKS IAM 托管策略

// 创建EKS IAM role
aws iam create-role \
--role-name my-EKSClusterRole \
--assume-role-policy-document file://cluster-role-trust-policy.json" \
--permissions-boundary arn:aws:iam::<Your AWS ID>:policy/ProjAdminsPermBoundaryv2

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "eks.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}

// 绑定role和eks策略
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
--role-name my-EKSClusterRole

创建EKS cluster:

aws eks create-cluster --name my-cluster \
--role-arn arn:aws:iam::<ID>:role/my-EKSClusterRole \
--resources-vpc-config vpc.json / --resources-vpc-config subnetIds=subnet-6782e71e,subnet-e7e761ac,securityGroupIds=sg-6979fe18 \
--kubernetes-network-config eks.json / --kubernetes-network-config serviceIpv4Cidr=string,ipFamily=string \
--kubernetes-version <version> --tags <tags> --logging <logging> 

给集群创建节点

// 创建节点IAM role
aws iam create-role \
--role-name my-EKSNodeRole \
--assume-role-policy-document file://node-role-trust-policy.json" \
--permissions-boundary arn:aws:iam::<ID>:policy/ProjAdminsPermBoundaryv2

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}

// 绑定role和node策略
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
--role-name my-EKSNodeRole 

aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
--role-name my-EKSNodeRole 

aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
--role-name my-EKSNodeRole 

创建managed node group:

aws eks create-nodegroup \
--cluster-name my-cluster --nodegroup-name my-mng  --subnets <value> --node-role <value> \
--scaling-config minSize=integer,maxSize=integer,desiredSize=integer \
--instance-types <value> --ami-type <value> --remote-access <value> --disk-size <value> 

将计算机配置为与您的集群通信

aws eks describe-cluster --name my-cluster
// 通过aws eks自动更新kube.config文件.
// 需要该role具有可以操作eks cluster的policy.
$ aws eks update-kubeconfig --name my-cluster --role-arn <role> --region eu-west-1 --verbose

$ kubectl get svc

删除集群和节点:

aws eks delete-nodegroup --nodegroup-name my-mng --cluster-name my-cluster
aws eks delete-cluster --name my-cluster
aws cloudformation delete-stack --stack-name my-stack

通过eksctl创建EKS

https://github.com/weaveworks/eksctl

https://eksctl.io/usage/schema/

创建集群和节点:

$ eksctl create cluster -f/--config-file ./cluster.yaml
$ eksctl create nodegroup -f/--config-file ./nodegroup.yaml

删除集群和节点

$ eksctl delete cluster --name my-cluster --region us-west-2
$ eksctl delete nodegroup --cluster my-cluster --region us-west-2 --name my-ng

通过Terraform创建EKS