步骤
eksctl create cluster -f eksctl.yaml
# eksctl用户权限
AmazonEC2FullAccess
AmazonEKS_CNI_Policy
AmazonEKSClusterPolicy
AmazonEKSServicePolicy
AmazonEKSWorkerNodePolicy
AmazonVPCFullAccess
AWSCloudFormationFullAccess
IAMFullAccess
# 关联 OIDC
eksctl utils associate-iam-oidc-provider \
--region=ap-southeast-1 \
--cluster=test-eks \
--approve
# 集群访问生成kubeconfig
aws eks update-kubeconfig --region ap-southeast-1 --name test-eks
# 创建EBS存储角色
eksctl create iamserviceaccount \
--name ebs-csi-controller-sa \
--namespace kube-system \
--cluster test-eks \
--role-name AmazonEKS_EBS_CSI_DriverRole \
--role-only \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
--approve
# AWS Load Balancer Controller 安装
1. 下载 AWS Load Balancer Controller 的 IAM 策略
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.13.3/docs/install/iam_policy.json
2. 使用上一步中下载的策略创建 IAM 策略。
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
3. 创建ServiceAccount
eksctl create iamserviceaccount \
--cluster=test-eks \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::666666666666:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--region ap-southeast-1 \
--approve
4.helm 安装 aws-load-balancer-controller
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=test-eks \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--version 1.13.3
eksctl.yaml 文件
apiversion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: test-eks
region: ap-southeast-1
version: "1.33"
vpc:
id: vpc-xxxxxxxxxxxxxxxx1
cidr: "10.1.0.0/16"
subnets:
private:
ap-southeast-1a:
id: subnet-xxxxxxxxxxxxxxxx1
ap-southeast-1b:
id: subnet-xxxxxxxxxxxxxxxx2
ap-southeast-1c:
id: subnet-xxxxxxxxxxxxxxxx2
autoModeConfig:
enabled: false
managedNodeGroups:
- name: test-eks-node-group1
instanceType: c5.2xlarge
minSize: 2
maxSize: 100
desiredCapacity: 2
volumeSize: 200
volumeType: gp3
amiFamily: AmazonLinux2023
privateNetworking: true
labels:
env: production
ssh:
allow: true
publicKeyName: test-eks
sourceSecurityGroupIds: ["sg-xxxxxxxxxxxxxxxx1"]
iam:
withAddonPolicies:
autoScaler: true
albIngress: true
externalDNS: true
certManager: true
updateConfig:
maxUnavailable: 1
addons:
- name: vpc-cni
version: latest
podIdentityAssociations:
- namespace: kube-system
serviceAccountName: aws-node
permissionPolicyARNs:
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- name: kube-proxy
version: latest
- name: coredns
version: latest
- name: aws-ebs-csi-driver
version: latest
podIdentityAssociations:
- namespace: kube-system
serviceAccountName: ebs-csi-controller-sa
permissionPolicyARNs:
- arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
- name: eks-pod-identity-agent
version: latest
gp3存储类
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
parameters:
type: gp3
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
更新node节点组实例类型
# 1.先在eksctl.yaml中添加新的节点组配置,然后创建新的节点组。
eksctl create nodegroup --config-file=eksctl.yaml --include=sk-prod-node-m6a-2x
# 2.排空老的节点组
eksctl drain nodegroup --cluster=sk-prod --name=sk-prod-node-group1 --region=ap-southeast-1
# 3.在eksctl.yaml文件中删除老的nodegroup配置,然后删除老的节点组
eksctl delete nodegroup --config-file=eksctl.yaml --only-missing --approve
