出海AWS EKS kubernets集群部署及维护

原创

以谁为师 2024-02-28 18:01:07 博主文章分类：AWS云平台运维实践 ©著作权

©著作权归作者所有：来自51CTO博客作者以谁为师的原创作品，请联系作者获取转载授权，否则将追究法律责任

安装工具

# 创建eks用户下载工具
userad eks && su - eks
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.0/2024-01-04/bin/linux/amd64/kubectl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

# 切换到root，移动文件到bin目录
mv /tmp/eksctl  /usr/local/bin/
mv /home/eks/kubectl  /usr/local/bin/

创建集群

IAM授权

出海AWS EKS kubernets集群部署及维护_kubernets

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "eks:CreateFargateProfile",
                "eks:ListFargateProfiles",
                "eks:DescribeFargateProfile",
                "eks:TagResource",
                "cloudformation:*",
                "eks:DescribeCluster",
                "eks:ListClusters",
                "eks:CreateCluster"
            ],
            "Resource": "*"
        }
    ]
}

EKS集群创建完毕回收IMAFullAccess权限，高危权限

创建集群命令

eksctl create cluster --name pro-eks-1 \
    --region ap-northeast-1 --version 1.29 \
    --vpc-private-subnets subnet-0c4a19145xxxxxx,subnet-0271ee2bfxxxxxxx \
    --without-nodegroup

安全设置

出海AWS EKS kubernets集群部署及维护_kubernets_02

节点组

aws iam create-role   --role-name AmazonEKSNodeRole   --assume-role-policy-document file://"node-role-trust-relationship.json"

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

出海AWS EKS kubernets集群部署及维护_kubernets_03