创建EKS集群

本节先创建一个EKS集群, 并在里面部署应用,后面我们会将应用的OpenTelemetry数据发送到X-Ray

进入到Cloud 9。

提前安装好以下工具, 这些工具大部分是创建一个EKS集群前必备的,如果已经安装好可以跳过:

# upgrade pip
sudo pip install --upgrade pip

# upgrade npm
npm install -g npm@9.6.3 t

# Install jq
sudo yum -y -q install jq

# Update awscli
pip install --user --upgrade awscli

# Install awscli v2
curl -O "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" 
unzip -o awscli-exe-linux-x86_64.zip
sudo ./aws/install
rm awscli-exe-linux-x86_64.zip


# Install bash-completion
sudo yum -y install jq gettext bash-completion moreutils

# Install kubectl 1.22.6
curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.1/2023-04-19/bin/linux/amd64/kubectl

chmod +x kubectl && sudo mv kubectl /usr/local/bin/
echo "source <(kubectl completion bash)" >> ~/.bashrc

# Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin

# Install helm
curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

将region和帐号ID信息保存为环境变量:

export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region')
echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile
echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile
aws configure set default.region ${AWS_REGION}
aws configure get default.region

在cloud 9中将managed temporary credentials关掉:

image-20230824214102104

配置自己帐号的AK/SK, 确保原来机器的Role已不生效:

image-20230824213930555

下载代码库:

git clone https://github.com/aws-samples/one-observability-demo 

部署EKS集群及应用

进入到代码库中:

cd one-observability-demo/PetAdoptions/cdk/pet_stack

安装好依赖的npm包:

npm install

创建集群及应用:

# 访问EKS console的权限。 In order to have full access to the new Console, some permissions needs to be granted inside the EKS Cluster RBAC as described in https://docs.aws.amazon.com/eks/latest/userguide/view-workloads.html. This command adds permissions to access the EKS Console.
CONSOLE_ROLE_ARN=$(../../getrole.sh)  


# 获取当前的role. 形式如arn:aws:iam::145197526627:user/kongpingfan
EKS_ADMIN_ARN=$(../../getrole.sh)


cdk bootstrap

cdk deploy --context admin_role=$EKS_ADMIN_ARN Services --context dashboard_role_arn=$CONSOLE_ROLE_ARN --require-approval never

cdk deploy Applications --require-approval never

CDK创建将创建完整套资源:

Architecture

执行以下命令更新kubeconfig,以和创建出来的EKS集群后面进行交互:

aws eks update-kubeconfig --name PetSite --region $AWS_REGION            
kubectl get nodes   

image-20230824214708984