Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/neilkuan/eks-workshop

eks-workshop for lab .
https://github.com/neilkuan/eks-workshop

Last synced: 9 days ago
JSON representation

eks-workshop for lab .

Host: GitHub
URL: https://github.com/neilkuan/eks-workshop
Owner: neilkuan
Created: 2020-10-20T02:51:54.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2020-10-20T10:33:50.000Z (about 4 years ago)
Last Synced: 2024-10-06T10:11:17.388Z (about 1 month ago)
Language: Dockerfile
Size: 5.86 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # EKS Workshop

> 創建 aws eks 有很多方法 , 可以使用 [awscdk](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) , [terraform](https://github.com/terraform-aws-modules/terraform-aws-eks) ,[eksctl](https://eksctl.io/introduction/) 等等..., 今天使用對於創建 AWS EKS 叢集經驗跟知識比較不需要這麼高的方式來創建 AWS EKS 叢集 [eksctl](https://eksctl.io/introduction/) 。

## Preinstall eksctl and awscli

- [eksctl info](https://eksctl.io/introduction/#installation)

- [awscli info](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)

- [kubectl for aws](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html)

#### Linux

```bash=

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

sudo mv /tmp/eksctl /usr/local/bin

```

#### Mac OS

##### use Homebrew

```bash=

brew tap weaveworks/tap

brew install weaveworks/tap/eksctl

```

#### Windows

[download_link](https://github.com/weaveworks/eksctl/releases/download/0.30.0/eksctl_Windows_amd64.zip)

# 若以上都不想做點我吧 !!!     [![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/guan840912/eks-workshop)

![](https://i.imgur.com/MhjchrM.png)

### 如果您不是使用 Admin User , 請確定至少有以下權限 [AWS 相關最低權限](https://eksctl.io/usage/minimum-iam-policies/)

```bash=

export AWS_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAA

export AWS_SECRET_ACCESS_KEY=AAAAAAAAAAAAAAAAAVVVVVVVVVVVVVVV

export AWS_DEFAULT_REGION=ap-northeast-1

# 先確認目前使用的身份。

aws sts get-caller-identity

eksctl create cluster \

   --name eks-2020-{NAME} \

   --managed \

   --node-type t3.medium

[ℹ]  eksctl version 0.28.1

[ℹ]  using region ap-northeast-1

[ℹ]  setting availability zones to [ap-northeast-1a ap-northeast-1d ap-northeast-1c]

[ℹ]  subnets for ap-northeast-1a - public:192.168.0.0/19 private:192.168.96.0/19

[ℹ]  subnets for ap-northeast-1d - public:192.168.32.0/19 private:192.168.128.0/19

[ℹ]  subnets for ap-northeast-1c - public:192.168.64.0/19 private:192.168.160.0/19

[ℹ]  using Kubernetes version 1.17

[ℹ]  creating EKS cluster "eks-2020-{name}" in "ap-northeast-1" region with managed nodes

[ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup

[ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-northeast-1 --cluster=eks-2020-{name}'

[ℹ]  CloudWatch logging will not be enabled for cluster "eks-2020-{name}" in "ap-northeast-1"

[ℹ]  you can enable it with 'eksctl utils update-cluster-logging --region=ap-northeast-1 --cluster=eks-2020-{name}'

# 創建叢集須等待 20 分鐘左右

# get nodes ...

kubectl get nodes 

```

### 但是這個過程中 eksctl 幫你做了什麼呢？！

> 創建了 vpc , nat , eks cluster ,node workgroup (ec2) ...

![](https://i.imgur.com/BJOIbZf.png)

會創建兩個 cloudformation stack

- eks cluster 加網路等等...

![](https://i.imgur.com/aJQuMib.png)

- eks worker nodegroup...

![](https://i.imgur.com/6NN84q4.png)

創建完成後，因為為 managed nodegroup , 所以可以在 [eks console](https://ap-northeast-1.console.aws.amazon.com/eks/home?region=ap-northeast-1#/clusters)看到 compute 

nodegroup 們。

![](https://i.imgur.com/vsdFbbX.png)

可以說 eksctl 真的很方便呢 但是如果 `create cluster` 時，還沒裝 `aws` and `kubectl`怎麼辦呢？！

> 可以這麼做 

```bash=

# 安裝完 aws cli 以及 kubectl 後 

# 什麼?! 忘記 cluster name  

# try : eksctl get cluster --region ${region_name}

# see more aws eks cli ... https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html

aws eks update-kubeconfig --name ${Cluster_name} --region ${region_name}

kubectl version

Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T21:51:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"darwin/amd64"}

Server Version: version.Info{Major:"1", Minor:"16+", GitVersion:"v1.16.13-eks-2ba888", GitCommit:"2ba888155c7f8093a1bc06e3336333fbdb27b3da", GitTreeState:"clean", BuildDate:"2020-07-17T18:48:53Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

```

## 所以 AWS EKS 是怎麼做授權的呢？！

創建Amazon EKS集群時，會在集群的RBAC配置中自動向IAM實體用戶或角色（例如創建集群的聯合用戶）授予system：masters權限。 要授予其他AWS用戶或角色與集群進行交互的能力，您必須在Kubernetes中編輯 `aws-auth` ConfigMap，而因為我們使用的是 eksctl 創建叢集不會出現在 `aws-auth` 但擁有 system:master 權限。

#### 可以看看 `aws-auth` 這個 configmaps 目前長什麼樣子

```bash=

# aws-auth 在 kube-system namespace

kubectl -n kube-system get configmaps aws-auth -o yaml 

apiVersion: v1

data:

  mapRoles: |

    - groups:

      - system:bootstrappers

      - system:nodes

      rolearn: arn:aws:iam::${account_id}:role/eksctl-XXXXXXX-nodegroup-XXXXXX-NodeInstanceRole-XXXXXXXXXX

      username: system:node:{{EC2PrivateDNSName}}

  mapUsers: |

kind: ConfigMap

...

```

### 如果有一個以上的 叢集如何切換 指令如下。

```bash=

# 查看目前 `~/.kube/config` 有多少 context

kubectl config get-contexts

# 選取指定的 context

kubectl config use-context 

```

### 將當前的 context 預設的 namespace 設定成你想要的 namespace 指令如下。

```bash=

# 將當前的 context 預設的 namespace 設定成你想要的

kubectl config set-context --current --namespace=

# 範例

kubectl create ns haha

kubectl config set-context --current --namespace=haha

```

等待更新     

.

# 移除 EKS Cluster

```bash=

eksctl delete cluster --name eks-2020-{name}

[✔]  all cluster resources were deleted

```