aws cdk 创建eks集群和ecs集群并部署服务
cdk 和 eks
使用cdk版本2.45通过cdk创建eks集群
const cdk = require("aws-cdk-lib");
const eks = require("aws-cdk-lib/aws-eks");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");
class EksCdkStack extends cdk.Stack {
constructor(scope, id, props) {
super(scope, id, props);
//引用已有的vpc
var myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {
region: 'cn-north-1',
vpcId: 'vpc-07xxxxxx0d0'
})
// 将已有的role配置为集群admin
var masterrole = iam.Role.fromRoleArn(this, "mymasterrole", 'arn:aws-cn:iam::xxxxxxxxx:role/xxxxxxxxx', {})
var mycluster = new eks.Cluster(this, 'WorklearnCLuster', {
endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE,
version: '1.23',
vpc: myvpc,
// 默认启动容量类型为managednode,默认实例类型为m5.large
// defaultCapacityInstance: 't3.large',
// defaultCapacityType: eks.DefaultCapacityType.EC2,
defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
vpcSubnets: [{ subnetId: 'subnet-xxxxxxxx' }, { subnetId: 'subnet-xxxxxxxx' }],
// 默认启动数量为2
defaultCapacity: 1,
mastersRole: masterrole,
outputMastersRoleArn: true
});
// 安装ebs驱动
// new eks.CfnAddon(this, 'MyEbsAddon', {
// addonName: 'aws-ebs-csi-driver',
// clusterName: mycluster.clusterName
// })
new cdk.CfnOutput(this, 'clusterArn', {value: mycluster.clusterArn});
new cdk.CfnOutput(this, 'clusterName', {value: mycluster.clusterName});
new cdk.CfnOutput(this, 'matserRoleName', {value: masterrole.roleArn});
}
}
module.exports = { EksCdkStack }
通过cdk创建eks集群最终会创建4个堆栈(嵌套堆栈),按照时间顺序排列,2和4是嵌套堆栈
- 堆栈1:角色(eks集群角色,节点角色,创建集群的角色),节点组,ssm参数,eks集群,堆栈2,堆栈3
- 堆栈2:角色(lambda执行角色),StepFunctions状态机,5个lambda函数(获取集群信息,处理自定义命令),将额外配置的master role加入aws-auth就是由这个lambda完成的
- 堆栈3:角色(cfn上传),s3桶(存放cdk资料)
- 堆栈4:角色(lambda执行角色),2个lambda函数
lambda实际上就是cfn的自定义资源,有一个关键的lambda函数处理客户的自定义逻辑
import json
import logging
from apply import apply_handler
from helm import helm_handler
from patch import patch_handler
from get import get_handler
def handler(event, context):
print(json.dumps(dict(event, ResponseURL='...')))
resource_type = event['ResourceType']
if resource_type == 'Custom::AWSCDK-EKS-KubernetesResource':
return apply_handler(event, context)
if resource_type == 'Custom::AWSCDK-EKS-HelmChart':
return helm_handler(event, context)
if resource_type == 'Custom::AWSCDK-EKS-KubernetesPatch':
return patch_handler(event, context)
if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue':
return get_handler(event, context)
raise Exception("unknown resource type %s" % resource_type)
我们可以在相应的cw logs中看到具体的执行逻辑
例如helm安装的命令解析如下
['helm', 'upgrade', 'tekscdkstackworklearnclusterchartnginxingress00e4b90f', 'aws-ebs-csi-driver', '--install', '--create-namespace', '--repo', 'https://kubernetes-sigs.github.io/aws-ebs-csi-driver', '--values', '/tmp/values.yaml', '--namespace', 'kube-system', '--kubeconfig', '/tmp/kubeconfig']
cdk 和 ecs
通过cdk部署ecs服务比较简单
引用已经存在的资源避免重复创建
const cdk = require("aws-cdk-lib");
const ecs = require("aws-cdk-lib/aws-ecs");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");
const aws = require("aws-cdk-lib");
class EcsCdkStack extends cdk.Stack {
constructor(scope, id, props) {
super(scope, id, props);
//引用已经存在的vpc
var myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {
region: 'cn-north-1',
vpcId: 'vpc-xxxxxxxxx'
})
//引用已经存在的ecs集群
var ecscluster = ecs.Cluster.fromClusterAttributes(this, 'myecscluster', {
clusterName: 'xxxxxxx',
securityGroups: ['sg-xxxxxxxx'],
vpc: myvpc,
clusterArn: 'arn:aws-cn:ecs:cn-north-1:xxxxx:cluster/xxxxxx'
})
// 引用已存在的角色
var taskrole = iam.Role.fromRoleArn(this, "mytaskrole", 'arn:aws-cn:iam::xxxxx:role/ecsTaskRole', {})
var taskexecrole = iam.Role.fromRoleArn(this, "mytaskexecrole", 'arn:aws-cn:iam::xxxxxxx:role/ecsTaskExecutionRole', {})
const mytaskDefinition = new ecs.Ec2TaskDefinition(this, 'myTaskDef', {
// 指定任务网络模式为awsvpc
networkMode: ecs.NetworkMode.AWS_VPC,
// networkMode: ecs.NetworkMode.BRIDGE,
taskRole: taskrole,
executionRole: taskexecrole,
});
// 向任务定义添加container
var nginxContainer = mytaskDefinition.addContainer('myNginxContainer', {
containerName: 'nginx',
image: ecs.ContainerImage.fromRegistry('nginx:latest'),
memoryLimitMiB: 256,
});
nginxContainer.addPortMappings({
containerPort: 80,
protocol: ecs.Protocol.TCP
})
var mysg = ec2.SecurityGroup.fromSecurityGroupId(this, 'mysg', 'sg-xxxxxxx')
// 创建ecs服务
new ecs.Ec2Service(this, 'myEC2Service', {
cluster: ecscluster,
taskDefinition: mytaskDefinition,
desiredCount: 1,
securityGroups: [mysg],
// assignPublicIp: true,
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC
}
});
new cdk.CfnOutput(this, 'clusterArn', { value: ecscluster.clusterArn });
new cdk.CfnOutput(this, 'clusterName', { value: ecscluster.clusterName });
new cdk.CfnOutput(this, 'matserRoleName', { value: mytaskDefinition.taskDefinitionArn });
}
}
module.exports = { EcsCdkStack }