云原生之旅 - 4）基础设施即代码使用 Terraform 创建 Kubernetes( 三 ) _生活百科

locals.tf 这里为了安全性，最好给cluster api server endpoint 加好白名单来访问，否则 0.0.0.0/0代表全开
locals {cluster_name= "test-eks-2022"cluster_version = "1.22"region= "cn-north-1"vpc = {cidr = "10.0.0.0/16"private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]public_subnets= ["10.0.4.0/24", "10.0.5.0/24"]}master_authorized_networks =["4.14.xxx.xx/32",# allow office 1"64.124.xxx.xx/32", # allow office 2"0.0.0.0/0"# allow all access master node]# Extend cluster security group rules examplecluster_security_group_additional_rules = {egress_nodes_ephemeral_ports_tcp = {description= "To node 1025-65535"protocol= "tcp"from_port= 1025to_port= 65535type= "egress"source_node_security_group = true}}node_group_default = {ami_type= "AL2_x86_64"min_size= 1max_size= 5desired_size = 1}dmz_group = {}app_group = {instance_types = ["t3.small"]disk_size= 50# example rules added for app node groupsecurity_group_rules = {egress_1 = {description = "Hello CloudFlare"protocol= "udp"from_port= 53to_port= 53type= "egress"cidr_blocks = ["1.1.1.1/32"]}}}}
vpc.tf
module "vpc" {source= "terraform-aws-modules/vpc/aws"version = "3.14.2"name = "wade-test-vpc"cidr = local.vpc.cidrazs= slice(data.aws_availability_zones.available.names, 0, 2)private_subnets = local.vpc.private_subnetspublic_subnets= local.vpc.public_subnetsenable_nat_gateway= truesingle_nat_gateway= trueenable_dns_hostnames = truepublic_subnet_tags = {"kubernetes.io/cluster/${local.cluster_name}" = "shared""kubernetes.io/role/elb"= 1}private_subnet_tags = {"kubernetes.io/cluster/${local.cluster_name}" = "shared""kubernetes.io/role/internal-elb"= 1}}
output.tf
output "cluster_id" {description = "EKS cluster ID"value= https://www.huyubaike.com/biancheng/module.wade-eks.cluster_id}output"cluster_endpoint" {description = "Endpoint for EKS control plane"value= https://www.huyubaike.com/biancheng/module.wade-eks.cluster_endpoint}output"region" {description = "EKS region"value= https://www.huyubaike.com/biancheng/local.region}output"cluster_name" {description = "AWS Kubernetes Cluster Name"value= https://www.huyubaike.com/biancheng/local.cluster_name}文件结构如下

文章插图
### 本文首发于博客园 https://www.cnblogs.com/wade-xu/p/16839468.html
部署配置aws account key/secret
Option 1: Export AWS access and security to environment variables
export AWS_ACCESS_KEY_ID=xxxexport AWS_SECRET_ACCESS_KEY=xxxOption 2: Add a profile to your AWS credentials file
aws configure# orvim ~/.aws/credentials[default]aws_access_key_id=xxxaws_secret_access_key=xxx可以使用如下命令来验证当前用的是哪个credentials
aws sts get-caller-identity
部署tf资源
terraform initterraform planterraform apply
成功之后有如下输出

文章插图
配置连接EKS集群#### Adding the cluster to your contextaws eks --region $(terraform output -raw region) update-kubeconfig \--name $(terraform output -raw cluster_name)使用同上面，需要下载kubectl
Example 命令：
kubectl cluster-infokubectl get nodes
感谢阅读，如果您觉得本文的内容对您的学习有所帮助，您可以打赏和推荐，您的鼓励是我创作的动力