AWS EKS 集群部署 KubeSphere
AWS
创建角色
1.IAM 新建角色
说明 | 值 |
---|---|
服务 | ec2 |
名称 | admin |
1 | { |
2.新建EC2
说明 | 值 |
---|---|
系统 | Amazon Linux |
附加角色 | admin |
3.登录系统,部署环境
kubectl
下载
1 | curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.1/2023-04-19/bin/linux/amd64/kubectl |
授权
1 | chmod +x ./kubectl |
环境变量
1 | mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin |
查看当前版本
1 | kubectl version --short --client |
eksctl
1 | curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp |
helm
1 | wget https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz |
AWS - 环境变量
区域配置
1
2
3
4
5export AWS_REGION=ap-south-2
echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile
aws configure set default.region ${AWS_REGION}账号配置
1
2
3
4
5export ACCOUNT_ID=812246909648
echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile
export CLUSTER_NAME="eks"说明 值 ACCOUNT_ID AWS 账号ID,AWS 页面右上角 CLUSTER_NAME 集群名称 集群配置
1 | cat << EOF > ${CLUSTER_NAME}-cluster.yaml |
创建集群stack
1
eksctl create cluster -f ${CLUSTER_NAME}-cluster.yaml
整个过程大概耗时15分钟
OIDC
1
2
3
4
5
6aws eks describe-cluster --name ${CLUSTER_NAME} --query "cluster.identity.oidc.issuer" --output text
eksctl utils associate-iam-oidc-provider \
--region ${AWS_REGION} \
--cluster ${CLUSTER_NAME} \
--approve创建 IAM Policy
1
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
1
2
3aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy_${CLUSTER_NAME} \
--policy-document file://iam_policy.json
安装helm
1 | helm repo add eks https://aws.github.io/eks-charts |
- 验证安装
1
kubectl get deployment -n kube-system aws-load-balancer-controller
安装EBS CSI驱动
1 | eksctl create iamserviceaccount \ |
安装 KubeSphere
1 | kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.4.1/kubesphere-installer.yaml |
检查日志
1
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f
修改公网访问
1
kubectl edit svc ks-console -n kubesphere-system
在 metadata.annotations下新增:
1
2
3service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: external并把:NodePort 修改为 LoadBalancer