- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我想在单个 CloudFormation 堆栈中设置 AWS EKS 集群 (AWS::EKS::Cluster) 和工作线程节点组 (AWS::AutoScaling::AutoScalingGroup)。这是我创建的 CF 定义:
AWSTemplateFormatVersion: "2010-09-09"
Description: Creates API gateway and services for my projects
Parameters:
ClusterName:
Type: String
Description: Cluster name
Default: eks-min-cluster
NodeAutoScalingGroupDesiredCapacity:
Type: Number
Default: 2
Description: Desired capacity of Node Group ASG.
NodeAutoScalingGroupMinSize:
Type: Number
Default: 1
Description: Minimum size of Node Group ASG.
NodeAutoScalingGroupMaxSize:
Type: Number
Default: 3
Description: Maximum size of Node Group ASG. Set to at least 1 greater than NodeAutoScalingGroupDesiredCapacity.
BootstrapArguments:
Type: String
Default: ""
Description: "Arguments to pass to the nodes' bootstrap script. See files/bootstrap.sh in https://github.com/awslabs/amazon-eks-ami"
VpcCidr:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 10.192.0.0/16
PublicSubnet1Cidr:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 10.192.20.0/24
PublicSubnet2Cidr:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 10.192.21.0/24
PrivateSubnet1Cidr:
Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone
Type: String
Default: 10.192.22.0/24
PrivateSubnet2Cidr:
Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone
Type: String
Default: 10.192.23.0/24
NodeImageIdSSMParam:
Type: "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>"
Default: /aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id
Description: AWS Systems Manager Parameter Store parameter of the AMI ID for the worker node instances.
Resources:
InternetGateway:
Type: AWS::EC2::InternetGateway
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
VpcGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref Vpc
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet1Cidr
MapPublicIpOnLaunch: true
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet2Cidr
MapPublicIpOnLaunch: true
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet1Cidr
MapPublicIpOnLaunch: true
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet2Cidr
MapPublicIpOnLaunch: true
SshSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref Vpc
GroupDescription: Enable SSH access via port 22
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
- CidrIp: 0.0.0.0/0
FromPort: 8
IpProtocol: icmp
ToPort: -1
GatewayHostSshPortAddress:
Type: AWS::EC2::EIP
DependsOn: VpcGatewayAttachment
Properties:
Domain: vpc
AssociateGatewayHostSshPort:
Type: AWS::EC2::EIPAssociation
DependsOn: GatewayHostSshPortAddress
Properties:
AllocationId: !GetAtt GatewayHostSshPortAddress.AllocationId
NetworkInterfaceId: !Ref GatewayHostSshNetworkInterface
GatewayHostSshNetworkInterface:
Type: AWS::EC2::NetworkInterface
Properties:
SubnetId: !Ref PublicSubnet1
Description: Interface for controlling traffic such as SSH
GroupSet:
- !Ref SshSecurityGroup
SourceDestCheck: true
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
PrivateSubnet1RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
PrivateSubnet2RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: VpcGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateSubnet1Route:
Type: AWS::EC2::Route
DependsOn:
- VpcGatewayAttachment
- PrivateSubnet1NatGateway
Properties:
RouteTableId: !Ref PrivateSubnet1RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref PrivateSubnet1NatGateway
PrivateSubnet2Route:
Type: AWS::EC2::Route
DependsOn:
- VpcGatewayAttachment
- PrivateSubnet2NatGateway
Properties:
RouteTableId: !Ref PrivateSubnet2RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref PrivateSubnet2NatGateway
PrivateSubnet1NatGateway:
Type: AWS::EC2::NatGateway
DependsOn:
- PrivateSubnet1NatGatewayEIP
- PublicSubnet1
- VpcGatewayAttachment
Properties:
AllocationId: !GetAtt PrivateSubnet1NatGatewayEIP.AllocationId
SubnetId: !Ref PublicSubnet1
PrivateSubnet2NatGateway:
Type: AWS::EC2::NatGateway
DependsOn:
- PrivateSubnet2NatGatewayEIP
- PublicSubnet2
- VpcGatewayAttachment
Properties:
AllocationId: !GetAtt PrivateSubnet2NatGatewayEIP.AllocationId
SubnetId: !Ref PublicSubnet2
PrivateSubnet1NatGatewayEIP:
DependsOn:
- VpcGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PrivateSubnet2NatGatewayEIP:
DependsOn:
- VpcGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PublicRouteTableToPublicSubnet1Association:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
PublicRouteTableToPublicSubnet2Association:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet2
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
GatewayHost:
Type: AWS::EC2::Instance
DependsOn: [AssociateGatewayHostSshPort]
Properties:
ImageId: ami-03c3a7e4263fd998c
InstanceType: t2.nano
AvailabilityZone: !Select [ 0, !GetAZs '' ]
KeyName: jd-system
NetworkInterfaces:
-
NetworkInterfaceId: !Ref GatewayHostSshNetworkInterface
DeviceIndex: 0
Metadata:
AWS::CloudFormation::Init:
config:
files:
/etc/kong/kong.yml:
content: test-jd
#source:
mode: "000644"
owner: "root"
group: "root"
EksIamRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- 'sts:AssumeRole'
RoleName: EksIamRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
################### CONTROL PLANE ###################
ClusterControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId: !Ref Vpc
EksCluster:
Type: AWS::EKS::Cluster
Properties:
Name: !Ref ClusterName
RoleArn: !GetAtt EksIamRole.Arn
ResourcesVpcConfig:
SecurityGroupIds:
- !Ref SshSecurityGroup
- !Ref ClusterControlPlaneSecurityGroup
SubnetIds:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
DependsOn: [EksIamRole, PublicSubnet1, PublicSubnet2, PrivateSubnet1, PrivateSubnet2, SshSecurityGroup]
################### WORKER NODES ###################
NodeSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: Security group for all nodes in the cluster
Tags:
- Key: !Sub kubernetes.io/cluster/${ClusterName}
Value: owned
VpcId: !Ref Vpc
NodeSecurityGroupIngress:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow node to communicate with each other
FromPort: 0
GroupId: !Ref NodeSecurityGroup
IpProtocol: "-1"
SourceSecurityGroupId: !Ref NodeSecurityGroup
ToPort: 65535
ClusterControlPlaneSecurityGroupIngress:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow pods to communicate with the cluster API Server
FromPort: 443
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref NodeSecurityGroup
ToPort: 443
ControlPlaneEgressToNodeSecurityGroup:
Type: "AWS::EC2::SecurityGroupEgress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow the cluster control plane to communicate with worker Kubelet and pods
DestinationSecurityGroupId: !Ref NodeSecurityGroup
FromPort: 1025
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
ToPort: 65535
ControlPlaneEgressToNodeSecurityGroupOn443:
Type: "AWS::EC2::SecurityGroupEgress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow the cluster control plane to communicate with pods running extension API servers on port 443
DestinationSecurityGroupId: !Ref NodeSecurityGroup
FromPort: 443
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
ToPort: 443
NodeSecurityGroupFromControlPlaneIngress:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
FromPort: 1025
GroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
ToPort: 65535
NodeSecurityGroupFromControlPlaneOn443Ingress:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow pods running extension API servers on port 443 to receive communication from cluster control plane
FromPort: 443
GroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
ToPort: 443
NodeInstanceRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
- "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
- "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
Path: /
NodeInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: /
Roles:
- Ref: NodeInstanceRole
NodeLaunchConfig:
Type: "AWS::AutoScaling::LaunchConfiguration"
Properties:
AssociatePublicIpAddress: "true"
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: true
VolumeSize: 10
VolumeType: gp2
IamInstanceProfile: !Ref NodeInstanceProfile
#ImageId: ami-03c3a7e4263fd998c
ImageId: !Ref NodeImageIdSSMParam
InstanceType: t2.nano
KeyName: jd-system
SecurityGroups:
- Ref: NodeSecurityGroup
UserData: !Base64
"Fn::Sub": |
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh ${ClusterName} ${BootstrapArguments}
/opt/aws/bin/cfn-signal --exit-code $? \
--stack ${AWS::StackName} \
--resource NodeGroup \
--region ${AWS::Region}
NodeGroup:
Type: "AWS::AutoScaling::AutoScalingGroup"
DependsOn:
- EksCluster
- Vpc
Properties:
DesiredCapacity: !Ref NodeAutoScalingGroupDesiredCapacity
LaunchConfigurationName: !Ref NodeLaunchConfig
MaxSize: !Ref NodeAutoScalingGroupMaxSize
MinSize: !Ref NodeAutoScalingGroupMinSize
Tags:
- Key: Name
PropagateAtLaunch: "true"
Value: !Sub ${ClusterName}-NodeGroup-Node
- Key: !Sub kubernetes.io/cluster/${ClusterName}
PropagateAtLaunch: "true"
Value: owned
VPCZoneIdentifier:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
UpdatePolicy:
AutoScalingRollingUpdate:
MaxBatchSize: "1"
MinInstancesInService: !Ref NodeAutoScalingGroupDesiredCapacity
PauseTime: PT5M
Outputs:
GatewayHostPublicIp:
Description: Gateway host public ip
Value: !GetAtt GatewayHost.PublicIp
EksClusterEndpoint:
Description: EksCluster endpoint
Value: !GetAtt EksCluster.Endpoint
堆栈创建后,我看不到任何工作节点:
$ kubectl get nodes
No resources found
也没有创建 Pod:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-59b69b4849-l97bq 0/1 Pending 0 7m15s
kube-system coredns-59b69b4849-zwtql 0/1 Pending 0 7m15s
kube-system metrics-server-7949d47784-2xjck 0/1 Pending 0 8s
我阅读了通过一个 CF 堆栈创建 EKS 集群并通过另一个 CF 堆栈创建工作节点组的教程。我想通过单个脚本设置一切。我怀疑工作节点组创建得太快,但是,我是 CF 和 EKS 的新手,无法确认这一点。请指教。
最佳答案
我尝试重现该错误,并修改了您的测试模板。修改后的模板如下,需要的 friend 可以查看一下。如果您想使用它,您还必须根据您的设置进行调整。为了简单起见,我将所有内容都放在公共(public)子网中,但我认为这不是这里的关键问题。
我认为核心问题是您没有设置 aws-auth-cm.yaml
来禁止节点实例向集群注册。
要设置 aws-auth-cm.yaml
,请查看 To enable nodes to join your cluster部分。完成后,使用下面的模板时,我可以在 kubectl getnodes
中看到我的节点。
我在本地工作站上运行 kubectl
,而不是在您创建的堡垒主机上运行。我只测试了加入集群的节点,没有测试任何 Pod 的功能。此外,EKS AWS 控制台不显示节点,但 kubectl getnodes
显示它们。
AWSTemplateFormatVersion: "2010-09-09"
Description: Creates API gateway and services for my projects
Parameters:
ClusterName:
Type: String
Description: Cluster name
Default: eks-min-cluster
NodeAutoScalingGroupDesiredCapacity:
Type: Number
Default: 1
Description: Desired capacity of Node Group ASG.
NodeAutoScalingGroupMinSize:
Type: Number
Default: 1
Description: Minimum size of Node Group ASG.
KeyPair:
Type: AWS::EC2::KeyPair::KeyName
Default: jd-system
NodeAutoScalingGroupMaxSize:
Type: Number
Default: 3
Description: Maximum size of Node Group ASG. Set to at least 1 greater than NodeAutoScalingGroupDesiredCapacity.
BootstrapArguments:
Type: String
Default: ""
Description: "Arguments to pass to the nodes' bootstrap script. See files/bootstrap.sh in https://github.com/awslabs/amazon-eks-ami"
VpcCidr:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 10.192.0.0/16
PublicSubnet1Cidr:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 10.192.20.0/24
PublicSubnet2Cidr:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 10.192.21.0/24
PrivateSubnet1Cidr:
Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone
Type: String
Default: 10.192.22.0/24
PrivateSubnet2Cidr:
Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone
Type: String
Default: 10.192.23.0/24
NodeImageIdSSMParam:
Type: "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>"
Default: /aws/service/eks/optimized-ami/1.18/amazon-linux-2/recommended/image_id
Description: AWS Systems Manager Parameter Store parameter of the AMI ID for the worker node instances.
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
Resources:
InternetGateway:
Type: AWS::EC2::InternetGateway
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: !Sub "kubernetes.io/cluster/${ClusterName}"
Value: shared
- Key: Name
Value: MyEksVpc
VpcGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref Vpc
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet1Cidr
MapPublicIpOnLaunch: true
Tags:
- Key: kubernetes.io/role/elb
Value: 1
Tags:
- Key: !Sub "kubernetes.io/cluster/${ClusterName}"
Value: shared
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet2Cidr
MapPublicIpOnLaunch: true
Tags:
- Key: kubernetes.io/role/elb
Value: 1
- Key: !Sub "kubernetes.io/cluster/${ClusterName}"
Value: shared
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet1Cidr
MapPublicIpOnLaunch: true
Tags:
- Key: kubernetes.io/role/internal-elb
Value: 1
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet2Cidr
MapPublicIpOnLaunch: true
Tags:
- Key: kubernetes.io/role/internal-elb
Value: 1
SshSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref Vpc
GroupDescription: Enable SSH access via port 22
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
- CidrIp: 0.0.0.0/0
FromPort: 8
IpProtocol: icmp
ToPort: -1
GatewayHostSshPortAddress:
Type: AWS::EC2::EIP
DependsOn: VpcGatewayAttachment
Properties:
Domain: vpc
AssociateGatewayHostSshPort:
Type: AWS::EC2::EIPAssociation
DependsOn: GatewayHostSshPortAddress
Properties:
AllocationId: !GetAtt GatewayHostSshPortAddress.AllocationId
NetworkInterfaceId: !Ref GatewayHostSshNetworkInterface
GatewayHostSshNetworkInterface:
Type: AWS::EC2::NetworkInterface
Properties:
SubnetId: !Ref PublicSubnet1
Description: Interface for controlling traffic such as SSH
GroupSet:
- !Ref SshSecurityGroup
SourceDestCheck: true
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
PrivateSubnet1RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
PrivateSubnet2RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
DefaultPublicRoute:
Type: AWS::EC2::Route
#DependsOn: VpcGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateSubnet1Route:
Type: AWS::EC2::Route
#DependsOn:
# - VpcGatewayAttachment
# - PrivateSubnet1NatGateway
Properties:
RouteTableId: !Ref PrivateSubnet1RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref PrivateSubnet1NatGateway
PrivateSubnet2Route:
Type: AWS::EC2::Route
#DependsOn:
# - VpcGatewayAttachment
# - PrivateSubnet2NatGateway
Properties:
RouteTableId: !Ref PrivateSubnet2RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref PrivateSubnet2NatGateway
PrivateSubnet1NatGateway:
Type: AWS::EC2::NatGateway
#DependsOn:
# - PrivateSubnet1NatGatewayEIP
#- PublicSubnet1
#- VpcGatewayAttachment
Properties:
AllocationId: !GetAtt PrivateSubnet1NatGatewayEIP.AllocationId
SubnetId: !Ref PublicSubnet1
PrivateSubnet2NatGateway:
Type: AWS::EC2::NatGateway
# DependsOn:
# - PrivateSubnet2NatGatewayEIP
# - PublicSubnet2
# - VpcGatewayAttachment
Properties:
AllocationId: !GetAtt PrivateSubnet2NatGatewayEIP.AllocationId
SubnetId: !Ref PublicSubnet2
PrivateSubnet1NatGatewayEIP:
DependsOn:
- VpcGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PrivateSubnet2NatGatewayEIP:
DependsOn:
- VpcGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PublicRouteTableToPublicSubnet1Association:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
PublicRouteTableToPublicSubnet2Association:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet2
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
# GatewayHost:
# Type: AWS::EC2::Instance
# DependsOn: [AssociateGatewayHostSshPort]
# Properties:
# ImageId: !Ref LatestAmiId
# InstanceType: t2.nano
# AvailabilityZone: !Select [ 0, !GetAZs '' ]
# KeyName: !Ref KeyPair
# NetworkInterfaces:
# -
# NetworkInterfaceId: !Ref GatewayHostSshNetworkInterface
# DeviceIndex: 0
# # Metadata:
# # AWS::CloudFormation::Init:
# # config:
# # files:
# # /etc/kong/kong.yml:
# # content: test-jd
# # #source:
# # mode: "000644"
# # owner: "root"
# # group: "root"
EksIamRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- 'sts:AssumeRole'
#RoleName: EksIamRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
################### CONTROL PLANE ###################
ClusterControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId: !Ref Vpc
EksCluster:
Type: AWS::EKS::Cluster
Properties:
Name: !Ref ClusterName
RoleArn: !GetAtt EksIamRole.Arn
ResourcesVpcConfig:
SecurityGroupIds:
#- !Ref SshSecurityGroup
- !Ref ClusterControlPlaneSecurityGroup
SubnetIds:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
#- !Ref PrivateSubnet1
#- !Ref PrivateSubnet2
#DependsOn: [EksIamRole, PublicSubnet1, PublicSubnet2, PrivateSubnet1, PrivateSubnet2, SshSecurityGroup]
################### WORKER NODES ###################
NodeSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: Security group for all nodes in the cluster
Tags:
- Key: !Sub kubernetes.io/cluster/${ClusterName}
Value: owned
VpcId: !Ref Vpc
NodeSecurityGroupIngress:
Type: "AWS::EC2::SecurityGroupIngress"
DependsOn: NodeSecurityGroup
Properties:
Description: Allow node to communicate with each other
FromPort: 0
GroupId: !Ref NodeSecurityGroup
IpProtocol: "-1"
SourceSecurityGroupId: !Ref NodeSecurityGroup
ToPort: 65535
ClusterControlPlaneSecurityGroupIngress:
Type: "AWS::EC2::SecurityGroupIngress"
#DependsOn: NodeSecurityGroup
Properties:
Description: Allow pods to communicate with the cluster API Server
FromPort: 443
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref NodeSecurityGroup
ToPort: 443
ControlPlaneEgressToNodeSecurityGroup:
Type: "AWS::EC2::SecurityGroupEgress"
#DependsOn: NodeSecurityGroup
Properties:
Description: Allow the cluster control plane to communicate with worker Kubelet and pods
DestinationSecurityGroupId: !Ref NodeSecurityGroup
FromPort: 1025
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
ToPort: 65535
ControlPlaneEgressToNodeSecurityGroupOn443:
Type: "AWS::EC2::SecurityGroupEgress"
#DependsOn: NodeSecurityGroup
Properties:
Description: Allow the cluster control plane to communicate with pods running extension API servers on port 443
DestinationSecurityGroupId: !Ref NodeSecurityGroup
FromPort: 443
GroupId: !Ref ClusterControlPlaneSecurityGroup
IpProtocol: tcp
ToPort: 443
NodeSecurityGroupFromControlPlaneIngress:
Type: "AWS::EC2::SecurityGroupIngress"
#DependsOn: NodeSecurityGroup
Properties:
Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
FromPort: 1025
GroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
ToPort: 65535
NodeSecurityGroupFromControlPlaneOn443Ingress:
Type: "AWS::EC2::SecurityGroupIngress"
#DependsOn: NodeSecurityGroup
Properties:
Description: Allow pods running extension API servers on port 443 to receive communication from cluster control plane
FromPort: 443
GroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
ToPort: 443
NodeInstanceRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
- "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
- "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
Path: /
NodeInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: /
Roles:
- Ref: NodeInstanceRole
NodeLaunchConfig:
Type: "AWS::AutoScaling::LaunchConfiguration"
Properties:
AssociatePublicIpAddress: "true"
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: true
VolumeSize: 20
VolumeType: gp2
IamInstanceProfile: !Ref NodeInstanceProfile
#ImageId: ami-03c3a7e4263fd998c
ImageId: !Ref NodeImageIdSSMParam
InstanceType: t2.micro
KeyName: !Ref KeyPair
SecurityGroups:
- Ref: NodeSecurityGroup
UserData: !Base64
"Fn::Sub": |
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh ${ClusterName} ${BootstrapArguments}
/opt/aws/bin/cfn-signal --exit-code $? \
--stack ${AWS::StackName} \
--resource NodeGroup \
--region ${AWS::Region}
NodeGroup:
Type: "AWS::AutoScaling::AutoScalingGroup"
DependsOn:
- EksCluster
# - Vpc
Properties:
DesiredCapacity: !Ref NodeAutoScalingGroupDesiredCapacity
LaunchConfigurationName: !Ref NodeLaunchConfig
MaxSize: !Ref NodeAutoScalingGroupMaxSize
MinSize: !Ref NodeAutoScalingGroupMinSize
Tags:
- Key: Name
PropagateAtLaunch: "true"
Value: !Sub ${ClusterName}-MyNodeGroup-Node
- Key: !Sub kubernetes.io/cluster/${ClusterName}
PropagateAtLaunch: "true"
Value: owned
VPCZoneIdentifier:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
#- !Ref PrivateSubnet1
#- !Ref PrivateSubnet2
# CreationPolicy:
# AutoScalingCreationPolicy:
# MinSuccessfulInstancesPercent: !Ref NodeAutoScalingGroupDesiredCapacity
# ResourceSignal:
# Count: !Ref NodeAutoScalingGroupDesiredCapacity
# Timeout: PT5M
# UpdatePolicy:
# AutoScalingRollingUpdate:
# MaxBatchSize: "1"
# MinInstancesInService: !Ref NodeAutoScalingGroupDesiredCapacity
# PauseTime: PT5M
Outputs:
# GatewayHostPublicIp:
# Description: Gateway host public ip
# Value: !GetAtt GatewayHost.PublicIp
NodeInstanceRoleArn:
Value: !GetAtt NodeInstanceRole.Arn
EksClusterEndpoint:
Description: EksCluster endpoint
Value: !GetAtt EksCluster.Endpoint
关于amazon-web-services - 无法通过单个 AWS CloudFormation 堆栈创建 AWS EKS 集群和工作线程节点组,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65928546/
出于好奇 - 我知道有 LAMP - Linux、Apache、MySQL 和 PHP。但是还有哪些其他 Web 堆栈替代方案的缩写呢?像 LAMR - Linux、Apache、MySQL Ruby
我有以下代码。 var stackMapIn = []; var stackMapOut = []; var stackBack = []; stackMapOut.push("m1"); $scop
我遇到了导致我的堆栈无法恢复的情况,我别无选择,只能将其删除。使用完全相同的模板,我继续创建了另一个同名的堆栈。 The following resource(s) failed to create:
这是我第一次查看 Node 堆栈,自从我学习使用 Ruby on Rails 进行 Web 开发以来,我对一些基本的东西有点困惑。我了解 Rails 目录是什么样的。 demo/ ..../app .
本文实例讲述了C语言使用深度优先搜索算法解决迷宫问题。分享给大家供大家参考,具体如下: 深度优先搜索 伪代码 (Pseudocode)如下: ?
我正在按照指南 here ,它告诉我: The stack setup will download the compiler if necessary in an isolatedlocation (
同时 trying to debug a different question ,我安装了一个似乎与我安装的其他一些软件包冲突的软件包。 我跑了 $ stack install regex-pcre-
我花了几个小时创建了一个方法,该方法将从堆栈 s1 中获取 null 元素,并将它们放入 s2 中。然后该类应该打印堆栈。方法如下 import net.datastructures.ArraySta
我有一个类Floor,它有一个Stack block ,但我不知道如何初始化它。我曾尝试过这样的: public class Floor { private Stack stack;
我知道这个问题已经问过很多次了,但搜索一个小时后我仍然遇到问题。 我想使用一个 lifo 堆栈,它可以存储最大数量的元素。达到最大数量后,首先删除该元素并将其替换为新元素,这样在第一次弹出时我可以获取
我需要编写一个方法,压缩以执行以下操作; 目标compress方法是从栈s1中移除所有null元素。剩余(非空)元素应按其初始顺序保留在 s1 上。辅助堆栈 s2 应用作s1 中元素的临时存储。在该方
我正在尝试验证以下代码发生的顺序。 function square(n) { return n * n; } setTimeout(function(){ console.log("H
我需要一个字符数组,其中包含基于特定文件夹中文件数量的动态数量的字符数组。我能够通过初始化 char (*FullPathNames)[MAX_FILENAME_AND_PATHNAME_LENGTH
我正在编写一些日志逻辑并想要进行一些缩进。了解是否存在任何函数调用或某个函数是否已完成的最简单方法是查看堆栈/帧的当前地址。让我们假设堆栈颠倒增长。然后,如果 log() 调用中的堆栈地址小于前一次调
所以内存分段在x86-64中被放弃了,但是当我们使用汇编时,我们可以在代码中指定.code和.data段/段,并且还有堆栈指针寄存器。 还有堆栈段、数据段和代码段寄存器。 代码/数据/堆栈的划分是如何
void main() { int x = 5; // stack-allocated Console.WriteLine(x); } 我知道 x 是堆栈分配的。但是关于 x 的堆栈中
这是我关于 SO 的第一个问题。这可能是一个愚蠢的问题,但到目前为止我还没弄明白。 考虑下面的程序 Reader.java: public class Reader { public
java中有没有一种快速的方法来获取嵌套/递归级别? 我正在编写一个函数来创建组及其成员的列表。成员也可以是团体。我们最终可能会得到一组循环的组/成员。 我想在某个任意级别停止。 我知道我可以将变量保
考虑以下代码: struct A{...}; A a[100]; A* pa = new A[100]; delete[] pa; a/pa 元素的销毁顺序是由标准定义的还是实现定义的(对于第二种情况
我在下面有一些代码。此代码是一个基本的压入/弹出堆栈类,我将其创建为模板以允许某人压入/弹出堆栈。我有一个家庭作业,我现在要做的是创建一个具有多个值的堆栈。 所以我希望能够创建一个基本上可以发送三个整
我是一名优秀的程序员,十分优秀!