k8s
组件 资源清单
pod 生命周期
pod 控制器
服务发现
runcher
KubeSphere
Helm
helm命令
helm 常用内置对象
helm 内置函数
helm 的逻辑 和 流程控制
helm 中变量在作用域、列表、元祖、字典中的引用
helm 使用define定义子模版、template和include调用
helm 获取其他文件的内容和文件名
社区的Helm chart仓库
helm几个常用仓库
存储 configMap
进入k8s pod
k8s Node节点的调试
k8s 部署
sealos 部署
kubeadm 1.28部署
增加 node 节点
在aws 上自建k8s
利用NFS动态提供Kubernetes后端存储卷
rook-ceph
CephFS挂载
Ceph Dashboard
ingress
k8s集成kube-prometheus
ServiceMonitor 添加配置
Prometheus 长期远程存储方案 VictoriaMetrics
解决ControllerManager、Scheduler、watchdog监控问题
抓取配置说明
kubernetes配置imagePullSecrets秘钥来拉取镜像
在 Kubernetes 裡跑 curl 來測試內部服務
MetalLB
cloudflare-tunnel-ingress-controller
K8S kubectl 自动补全
argocd
helm部署redis-culster集群
改变默认 StorageClass
自定义指标HPA
istio
kiali
k8s接入graylog
Labels
DNS
HPA
ConfigMap挂载导致容器目录覆盖的问题
污点容忍度
身份认证与权限 RBAC
command
运行crictl ps -a 报错
etcd
cka证书
cert-manager
Kubernetes 创建普通账号
部署 metrics-server 指标
deployment 重启
Kubernetes中如何优雅的解决Pod时区问题
alertmanager
oom killed
eks挂载efs
eks创建集群
eksctl awscli kubectl
污点和容忍度
Kubernetes 删除namespace Terminating解决脚本
k8s 部署 kafka 集群
ack ingress获取客户端客户端真实IP
ingress 反向代理 ws
本文档使用 MrDoc 发布
-
+
首页
在aws 上自建k8s
# k8s 常规搭建过程省略 # 使用 Amazon VPC CNI 插件搭建自定义网络环境的 Kubernetes 集群 在默认网络配置模式下,主机的主网络接口将被分配到子网内多个IP,只有一个IP供主机使用。附加的其它网络接口也将被分配到同一子网内多个IP,除一个主机IP外,剩下IP都会分配给Pod使用。 ## aws vpc cni github https://github.com/aws/amazon-vpc-cni-k8s ``` #IAM 角色 策略 AmazonEC2ContainerRegistryReadOnly AmazonEKS_CNI_Policy AmazonEKSWorkerNodePolicy ``` ``` kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.18.1/config/master/aws-k8s-cni.yaml ``` `需要注意的是有可能拉取镜像失败(拉取权限问题),需要去aws公共镜像站查询具体镜像下载地址` https://gallery.ecr.aws/eks/aws-network-policy-agent ``` image: public.ecr.aws/eks/amazon-k8s-cni-init:v1.15.1-linux_amd64 image: public.ecr.aws/eks/amazon-k8s-cni:v1.15.1-linux_amd64 image: public.ecr.aws/eks/aws-network-policy-agent:v1.1.1 ```   ## 子网发现 Public subnets kubernetes.io/role/elb 1 or `` Private subnets kubernetes.io/role/internal-elb 1 or `` ## 安装 AWS LOAD BALANCER CONTROLLER ``` # IAM 所需权限, 创建策略,以 附加策略的形式 ,附加到IAM角色上 curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.6.0/docs/install/iam_policy.json ``` ``` helm repo add eks https://aws.github.io/eks-charts wget https://raw.githubusercontent.com/aws/eks-charts/master/stable/aws-load-balancer-controller/crds/crds.yaml kubectl apply -f crds.yaml helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=<cluster-name> # name随意填写 ``` 测试 ``` cat <<EOF | kubectl create -f - apiVersion: apps/v1 kind: Deployment metadata: name: nginx-lb-1 spec: selector: matchLabels: run: nginx-lb-1 replicas: 2 template: metadata: annotations: v1.multus-cni.io/default-network: "default/ipvlan-ens5" labels: run: nginx-lb-1 spec: containers: - name: nginx-lb-1 image: nginx ports: - containerPort: 80 EOF ``` ``` cat <<EOF | kubectl create -f - apiVersion: v1 kind: Service metadata: name: nginx-svc-lb-1 labels: run: nginx-lb-1 annotations: service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true # service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack spec: type: LoadBalancer ports: - port: 80 protocol: TCP selector: run: nginx-lb-1 EOF ``` ## ingress ``` apiVersion: apps/v1 kind: Deployment metadata: name: nginx-ingress spec: selector: matchLabels: run: nginx-ingress replicas: 2 template: metadata: annotations: v1.multus-cni.io/default-network: "default/ipvlan-ens6" labels: run: nginx-ingress spec: containers: - name: nginx-ingress image: nginx ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx-svc-ingress labels: run: nginx-ingress spec: type: NodePort ports: - port: 80 protocol: TCP selector: run: nginx-ingress --- apiVersion: apps/v1 kind: Deployment metadata: name: echoserver spec: selector: matchLabels: app: echoserver replicas: 2 template: metadata: annotations: v1.multus-cni.io/default-network: "default/ipvlan-ens6" labels: app: echoserver spec: containers: - image: k8s.gcr.io/e2e-test-images/echoserver:2.5 imagePullPolicy: Always name: echoserver ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: echoserver spec: ports: - port: 80 targetPort: 8080 protocol: TCP type: NodePort selector: app: echoserver --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: k8s-app-ingress annotations: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/scheme: internet-facing # alb.ingress.kubernetes.io/ip-address-type: dualstack spec: ingressClassName: alb rules: - http: paths: - path: / pathType: Exact backend: service: name: nginx-svc-ingress port: number: 80 - http: paths: - path: /echo pathType: Exact backend: service: name: echoserver port: number: 80 ``` # 参考文档 https://docs.daocloud.io/network/modules/spiderpool/public-cloud/awscloud.html#_7 https://aws.amazon.com/cn/blogs/china/use-amazon-vpc-cni-build-default-net-kubernetes-groups/ https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/
admin
2024年5月24日 17:19
转发文档
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
Markdown文件
分享
链接
类型
密码
更新密码