Giter VIP home page Giter VIP logo

eks-aws's Introduction

Instalando e configurando um cluster EKS da AWS

Links

Passos

  1. Antes de iniciar a instalação é necessário:

  • Ter as chaves de acesso ao CLI da AWS e configure as mesmas como variáveis de ambiente ou da maneira que achar melhor, siga esses passos caso tenha dificuldades: Configurar a AWS CLI

  • Permissões abaixo:

    Permissoes

  • Instalar o eksctl

  • Instalar e configurar o AWS CLI

    • Configurar com comando e informar suas chaves e region eu-central-1:
    • Se atente na region, pois tem region que não funciona o EKS.
    aws configure

  1. Instalar seu cluster, modelo de configuração pode ser encontrado neste repositório:

    1. cluster.yaml
    2. mais modelos em: eksctl/examples at main · weaveworks/eksctl (github.com)
    apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: claroclustertest
  region: eu-central-1

nodeGroups:
  - name: ng-1
    instanceType: t2.medium
    desiredCapacity: 1
    volumeSize: 20
  - name: ng-2
    instanceType: t2.medium
    desiredCapacity: 1
    volumeSize: 20

cloudWatch:
    clusterLogging:
        # enable specific types of cluster control plane logs
        enableTypes: ["audit", "authenticator", "controllerManager"]
        # all supported types: "api", "audit", "authenticator", "controllerManager", "scheduler"
        # supported special values: "*" and "all"

  2. Caso ainda não tenha registrado seu dns ou subdomínio, recomendo seguir o passo para fazer a criação do hostedzone via cli conforme abaixo:

    1. criar um subdomain:

      1. Detalhe importante aqui, para seu subdomain funcionar, você precisa adicionar os NS da criação referente ao comando abaixo no seu hosted principal, nesse caso, seria adicionar uma entrada do tipo NS em **site.com.br .** Os valores para NS do subdomain serão listados após sua criação ou estarão listados route53.
      aws route53 create-hosted-zone --name "subdomain.site.com.br." --caller-reference "external-dns-test-$(date +%s)"

      DNS

  3. Criar IAM Policy com o json abaixo:

    1. Ir em IAM, Policy, Create policy: 1.

      Policy Policy

      {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource": [
                "arn:aws:route53:::hostedzone/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:ListResourceRecordSets"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

  4. Criar OIDC para o seu cluster:

    1. use eksctl
    eksctl utils associate-iam-oidc-provider --region=eu-central-1 --cluster=NAME_YOUR_CLUSTER --approve

  5. Criar serviceaccount

    1. use eksctl
    #Observar o nome do cluster e use --override-existing-serviceaccounts caso 
#já exista um serviceaccount para seu cluster
eksctl create iamserviceaccount --override-existing-serviceaccounts --name external-dns --namespace default --cluster NAME_YOUR_CLUSTER --attach-policy-arn ARN_POLICY_STEP_4 --region=eu-central-1 --approve

  6. Criar external-dns para apontamento do DNS aos seus deployments.

    1. dns-external.yaml
    apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
  # If you're using Amazon EKS with IAM Roles for Service Accounts, specify the following annotation.
  # Otherwise, you may safely omit it.
  annotations:
    # Substitute your account ID and IAM service role name below.
    #Procure pela sua role no IAM, terá o nome do seu cluster
    eks.amazonaws.com/role-arn: ARN_ROLE_YOUR_CLUSTER_IAM
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services","endpoints","pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
      # If you're using kiam or kube2iam, specify the following annotation.
      # Otherwise, you may safely omit it.
      annotations:
        iam.amazonaws.com/role: ARN_ROLE_YOUR_CLUSTER_IAM
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:v0.7.6
        args:
        - --source=service
        - --source=ingress
        - --domain-filter=subdomain.seusite.com.br # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id=ID_HOSTEDZONE_IN_USE #Recupere com o comando no passo 3.a ou no Route53 diretamente
      securityContext:
        fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files

  7. Testando seu Cluster, vamos criar um deployment

    1. deploy-nginx-service.yaml

      apiVersion: v1
kind: Service
metadata:
  name: mockfront
  annotations:
    external-dns.alpha.kubernetes.io/hostname: mockfront.eks.renatodesouza.com.br
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  type: LoadBalancer
  ports:
  - port: 80
    name: http
    targetPort: 80
  selector:
    app: mockfront
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: mockfront
  name: mockfront
spec:
  replicas: 2
  selector:
    matchLabels:
      app: mockfront
  template:
    metadata:
      labels:
        app: mockfront
    spec:
      containers:
      - image: nginx
        name: mockfront
        ports:
        - containerPort: 80
          name: http

      b. Deve ser criado seu service e deploy. Após uns 5 min, deve ser criado seu subdomain, que você escolheu no seu service e estará online para você.
      c. Para ter acesso a NGINX que realizamos o deploy, libere seu IP no security-group criado para seu cluster.

  8. Configurando o lets-encrypt para gerar seus certificados HTTPs. (fazendo)

  9. Configurando a criação de seus certificados HTTPS diretamente na AWS. (fazendo)

  10. Deploy do Gitlab usando Helm.

  11. Deploy de uma solução de Mock sem Helm.

eks-aws's People

Contributors

renatovieiradesouza avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.