安装工具
# 创建eks用户下载工具
userad eks && su - eks
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.0/2024-01-04/bin/linux/amd64/kubectl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
# 切换到root,移动文件到bin目录
mv /tmp/eksctl /usr/local/bin/
mv /home/eks/kubectl /usr/local/bin/
创建集群
IAM授权
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"eks:CreateFargateProfile",
"eks:ListFargateProfiles",
"eks:DescribeFargateProfile",
"eks:TagResource",
"cloudformation:*",
"eks:DescribeCluster",
"eks:ListClusters",
"eks:CreateCluster"
],
"Resource": "*"
}
]
}
EKS集群创建完毕回收IMAFullAccess权限,高危权限
创建集群命令
eksctl create cluster --name pro-eks-1 \
--region ap-northeast-1 --version 1.29 \
--vpc-private-subnets subnet-0c4a19145xxxxxx,subnet-0271ee2bfxxxxxxx \
--without-nodegroup
安全设置
节点组
aws iam create-role --role-name AmazonEKSNodeRole --assume-role-policy-document file://"node-role-trust-relationship.json"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}