cdk 和 eks
使用cdk版本2.45通过cdk创建eks集群
const cdk = require("aws-cdk-lib");
const eks = require("aws-cdk-lib/aws-eks");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");class EksCdkStack extends cdk.Stack {constructor(scope, id, props) {super(scope, id, props);//引用已有的vpcvar myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {region: 'cn-north-1',vpcId: 'vpc-07xxxxxx0d0'})// 将已有的role配置为集群adminvar masterrole = iam.Role.fromRoleArn(this, "mymasterrole", 'arn:aws-cn:iam::xxxxxxxxx:role/xxxxxxxxx', {})var mycluster = new eks.Cluster(this, 'WorklearnCLuster', {endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE,version: '1.23',vpc: myvpc,// 默认启动容量类型为managednode,默认实例类型为m5.large// defaultCapacityInstance: 't3.large',// defaultCapacityType: eks.DefaultCapacityType.EC2,defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,vpcSubnets: [{ subnetId: 'subnet-xxxxxxxx' }, { subnetId: 'subnet-xxxxxxxx' }],// 默认启动数量为2defaultCapacity: 1,mastersRole: masterrole,outputMastersRoleArn: true});// 安装ebs驱动// new eks.CfnAddon(this, 'MyEbsAddon', {// addonName: 'aws-ebs-csi-driver',// clusterName: mycluster.clusterName// })new cdk.CfnOutput(this, 'clusterArn', {value: mycluster.clusterArn});new cdk.CfnOutput(this, 'clusterName', {value: mycluster.clusterName});new cdk.CfnOutput(this, 'matserRoleName', {value: masterrole.roleArn});}
}module.exports = { EksCdkStack }
通过cdk创建eks集群最终会创建4个堆栈(嵌套堆栈),按照时间顺序排列,2和4是嵌套堆栈
- 堆栈1:角色(eks集群角色,节点角色,创建集群的角色),节点组,ssm参数,eks集群,堆栈2,堆栈3
- 堆栈2:角色(lambda执行角色),StepFunctions状态机,5个lambda函数(获取集群信息,处理自定义命令),将额外配置的master role加入aws-auth就是由这个lambda完成的
- 堆栈3:角色(cfn上传),s3桶(存放cdk资料)
- 堆栈4:角色(lambda执行角色),2个lambda函数
lambda实际上就是cfn的自定义资源,有一个关键的lambda函数处理客户的自定义逻辑
import json
import loggingfrom apply import apply_handler
from helm import helm_handler
from patch import patch_handler
from get import get_handlerdef handler(event, context):print(json.dumps(dict(event, ResponseURL='...')))resource_type = event['ResourceType']if resource_type == 'Custom::AWSCDK-EKS-KubernetesResource':return apply_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-HelmChart':return helm_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-KubernetesPatch':return patch_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue':return get_handler(event, context)raise Exception("unknown resource type %s" % resource_type)
我们可以在相应的cw logs中看到具体的执行逻辑
例如helm安装的命令解析如下
['helm', 'upgrade', 'tekscdkstackworklearnclusterchartnginxingress00e4b90f', 'aws-ebs-csi-driver', '--install', '--create-namespace', '--repo', 'https://kubernetes-sigs.github.io/aws-ebs-csi-driver', '--values', '/tmp/values.yaml', '--namespace', 'kube-system', '--kubeconfig', '/tmp/kubeconfig']
cdk 和 ecs
通过cdk部署ecs服务比较简单
引用已经存在的资源避免重复创建
const cdk = require("aws-cdk-lib");
const ecs = require("aws-cdk-lib/aws-ecs");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");
const aws = require("aws-cdk-lib");class EcsCdkStack extends cdk.Stack {constructor(scope, id, props) {super(scope, id, props);//引用已经存在的vpcvar myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {region: 'cn-north-1',vpcId: 'vpc-xxxxxxxxx'})//引用已经存在的ecs集群var ecscluster = ecs.Cluster.fromClusterAttributes(this, 'myecscluster', {clusterName: 'xxxxxxx',securityGroups: ['sg-xxxxxxxx'],vpc: myvpc,clusterArn: 'arn:aws-cn:ecs:cn-north-1:xxxxx:cluster/xxxxxx'})// 引用已存在的角色var taskrole = iam.Role.fromRoleArn(this, "mytaskrole", 'arn:aws-cn:iam::xxxxx:role/ecsTaskRole', {})var taskexecrole = iam.Role.fromRoleArn(this, "mytaskexecrole", 'arn:aws-cn:iam::xxxxxxx:role/ecsTaskExecutionRole', {})const mytaskDefinition = new ecs.Ec2TaskDefinition(this, 'myTaskDef', {// 指定任务网络模式为awsvpcnetworkMode: ecs.NetworkMode.AWS_VPC,// networkMode: ecs.NetworkMode.BRIDGE,taskRole: taskrole,executionRole: taskexecrole,});// 向任务定义添加containervar nginxContainer = mytaskDefinition.addContainer('myNginxContainer', {containerName: 'nginx',image: ecs.ContainerImage.fromRegistry('nginx:latest'),memoryLimitMiB: 256,});nginxContainer.addPortMappings({containerPort: 80,protocol: ecs.Protocol.TCP})var mysg = ec2.SecurityGroup.fromSecurityGroupId(this, 'mysg', 'sg-xxxxxxx')// 创建ecs服务new ecs.Ec2Service(this, 'myEC2Service', {cluster: ecscluster,taskDefinition: mytaskDefinition,desiredCount: 1,securityGroups: [mysg],// assignPublicIp: true,vpcSubnets: {subnetType: ec2.SubnetType.PUBLIC}});new cdk.CfnOutput(this, 'clusterArn', { value: ecscluster.clusterArn });new cdk.CfnOutput(this, 'clusterName', { value: ecscluster.clusterName });new cdk.CfnOutput(this, 'matserRoleName', { value: mytaskDefinition.taskDefinitionArn });}
}module.exports = { EcsCdkStack }