事前準備
- AWSアカウントは作っておく
- Terraformを入れておく(1.0.0)
こちらはM1 Mac環境で試しました。
出来上がりのイメージ
- Terraformの既にあるmoduleを使っている
- パラメータを指定してミニマム構成(ノードはt2.smallで)
やったこと
リポジトリのクローンを作成
$ git clone https://github.com/hashicorp/learn-terraform-provision-eks-cluster
カレントディレクトリの移動
$ cd learn-terraform-provision-eks-cluster
初期化して準備
$ terraform init
Initializing modules...
Downloading terraform-aws-modules/eks/aws 13.2.1 for eks...
Apply(10分くらいで完了)
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
...
...
+ kubectl_config = (known after apply)
+ region = "ap-northeast-1"
kubectlに定義
$ aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)
Metrics Serverのデプロイ
$ wget -O v0.3.6.tar.gz https://codeload.github.com/kubernetes-sigs/metrics-server/tar.gz/v0.3.6 && tar -xzf v0.3.6.tar.gz
$ kubectl apply -f metrics-server-0.3.6/deploy/1.8+/
$ kubectl get deployment metrics-server -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
metrics-server 1/1 1 1 4s
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
Dashboardの立ち上げ
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Dashboardへのアクセス
http://127.0.0.1:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
トークンの取得
$ kubectl apply -f https://raw.githubusercontent.com/hashicorp/learn-terraform-provision-eks-cluster/main/kubernetes-dashboard-admin.rbac.yaml
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep service-controller-token | awk '{print $1}')
...
...
Data
====
namespace: 11 bytes
token: eyJhbGciOiJSU...
tokenの出力結果をコピーして、Dashboardのトークンに貼り付けてサインイン
ノードが3つ表示されている
AWS側のユーザにRBACが設定されてないので、AWS側では見えない。
% kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-10-0-1-51.ap-northeast-1.compute.internal Ready <none> 34m v1.20.11-eks-f17b81
ip-10-0-2-236.ap-northeast-1.compute.internal Ready <none> 33m v1.20.11-eks-f17b81
ip-10-0-3-57.ap-northeast-1.compute.internal Ready <none> 34m v1.20.11-eks-f17b81
EKS上にnginxのpodを立てる
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-deployment
spec:
selector:
matchLabels:
app: sample-app
replicas: 1
template:
metadata:
labels:
app: sample-app
spec:
containers:
- name: nginx-container
image: nginx:1.7.9
ports:
- containerPort: 80
applyする
$ kubectl apply -f deployment.yaml
deployment.apps/sample-deployment created
% kubectl get pod
NAME READY STATUS RESTARTS AGE
sample-deployment-766cf7fd9d-r7d9w 1/1 Running 0 14s
service.yaml
apiVersion: v1
kind: Service
metadata:
name: sample-serivce
spec:
type: LoadBalancer
selector:
app: sample-app
ports:
- protocol: TCP
port: 8080
targetPort: 80
applyする
$ kubectl apply -f service.yaml
service/sample-serivce created
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 68m
sample-serivce LoadBalancer 172.20.214.210 xxxxxxxxxx.ap-northeast-1.elb.amazonaws.com 8080:32099/TCP 18
$kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
sample-deployment-766cf7fd9d-r7d9w 1/1 Running 0 11m 10.0.2.17 ip-10-0-2-236.ap-northeast-1.compute.internal <none> <none>
EXTERNAL-IPにポート8080を指定して、接続してみる
今日はとりあえずここまでで
EKSのお掃除
$ terraform destroy