2023.8 创建EKS后要关注的几个事情

在控制台创建EKS之后有几个收尾工作要注意，这些事项可以手工，也可以使用terraform之类的进行自动化

创建IAM OIDC身份提供商

集群设置IAM权限策略

AWS Cluster Autoscaler的安装

// 部署autoscaler
kubectl apply -f https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml

// 使用service account
kubectl annotate serviceaccount cluster-autoscaler -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::88888888:role/eks-cluster-autoscaler

给CA指定正确的集群进行管理

// 编辑部署参数
kubectl -n kube-system edit deployment.apps/cluster-autoscaler

// 找到并修改成如下参数
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-
autoscaler/enabled,k8s.io/cluster-autoscaler/<YOURCLUSTERNAME>
- --balance-similar-node-groups
- --skip-nodes-with-system-pods=false

避免CA的pod被缩容回收掉

kubectl patch deployment cluster-autoscaler -n kube-system -p'{"spec":{"template":{"metadata":{"annotations":{"cluster-autoscaler.kubernetes.io/safe-to-evict":"false"}}}}}'

AWS ALB controller的安装

Policy
Iamrole
Service account
Helm install aws-load-balancer-controller
Vpc Subnet tag
Create ingress with annotations

// Some code
kubectl apply -f aws-load-balancer-controller-service-account.yaml

// Some code
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=<YOURCLUSTERNAME> \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller

测试LB的例子

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default
spec:
  replicas: 3                   # 指定副本数
  selector:
    matchLabels:
      app: nginx                # 选择具有标签 `app: nginx` 的 Pod 进行管理
  template:
    metadata:
      labels:
        app: nginx              # 给 Pod 添加标签 `app: nginx`
    spec:
      containers:
      - name: nginx              # 容器名称为 nginx
        image: nginx:latest      # 使用最新版本的 nginx 镜像
        ports:
        - containerPort: 80      # 将容器端口 80 暴露给集群内其他 Pod 或服务
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service           # Service 名称
  namespace: default
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: external
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
  selector:
    app: nginx                  # 根据标签 `app: nginx` 进行选择
  type: LoadBalancer            # 设置 Service 类型为负载均衡器
  ports:
  - protocol: TCP
    port: 80                    # 在 Service 上监听端口 80
    targetPort: 80              # 将流量转发至 Pod 的端口 80

上一页2023.5 记一次EKS 1.22->1.26 升级下一页Kubernetes Workshop

最后更新于8个月前