# 2023.8 创建EKS后要关注的几个事情 ## 创建IAM OIDC身份提供商 ## 集群设置IAM权限策略 ## AWS Cluster Autoscaler的安装 {% code overflow="wrap" %} ```bash // 部署autoscaler kubectl apply -f https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml ``` {% endcode %} {% code overflow="wrap" %} ```bash // 使用service account kubectl annotate serviceaccount cluster-autoscaler -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::88888888:role/eks-cluster-autoscaler ``` {% endcode %} 给CA指定正确的集群进行管理 ``` // 编辑部署参数 kubectl -n kube-system edit deployment.apps/cluster-autoscaler // 找到并修改成如下参数 - --node-group-auto-discovery=asg:tag=k8s.io/cluster- autoscaler/enabled,k8s.io/cluster-autoscaler/ - --balance-similar-node-groups - --skip-nodes-with-system-pods=false ``` 避免CA的pod被缩容回收掉 {% code overflow="wrap" %} ``` kubectl patch deployment cluster-autoscaler -n kube-system -p'{"spec":{"template":{"metadata":{"annotations":{"cluster-autoscaler.kubernetes.io/safe-to-evict":"false"}}}}}' ``` {% endcode %} ## AWS ALB controller的安装 > Policy > > Iamrole > > Service account > > Helm install aws-load-balancer-controller > > Vpc Subnet tag > > Create ingress with annotations ``` // Some code kubectl apply -f aws-load-balancer-controller-service-account.yaml ``` ``` // Some code helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName= \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller ``` ### 测试LB的例子 ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default spec: replicas: 3 # 指定副本数 selector: matchLabels: app: nginx # 选择具有标签 `app: nginx` 的 Pod 进行管理 template: metadata: labels: app: nginx # 给 Pod 添加标签 `app: nginx` spec: containers: - name: nginx # 容器名称为 nginx image: nginx:latest # 使用最新版本的 nginx 镜像 ports: - containerPort: 80 # 将容器端口 80 暴露给集群内其他 Pod 或服务 --- apiVersion: v1 kind: Service metadata: name: nginx-service # Service 名称 namespace: default annotations: service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing spec: selector: app: nginx # 根据标签 `app: nginx` 进行选择 type: LoadBalancer # 设置 Service 类型为负载均衡器 ports: - protocol: TCP port: 80 # 在 Service 上监听端口 80 targetPort: 80 # 将流量转发至 Pod 的端口 80 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.spotmaxtech.com/she-qu-huo-dong/techdoc/2023.8-chuang-jian-eks-hou-yao-guan-zhu-de-ji-ge-shi-qing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.