cdk 和 eks

使用cdk版本2.45通过cdk创建eks集群

const cdk = require("aws-cdk-lib");
const eks = require("aws-cdk-lib/aws-eks");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");class EksCdkStack extends cdk.Stack {constructor(scope, id, props) {super(scope, id, props);//引用已有的vpcvar myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {region: 'cn-north-1',vpcId: 'vpc-07xxxxxx0d0'})// 将已有的role配置为集群adminvar masterrole = iam.Role.fromRoleArn(this, "mymasterrole", 'arn:aws-cn:iam::xxxxxxxxx:role/xxxxxxxxx', {})var mycluster = new eks.Cluster(this, 'WorklearnCLuster', {endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE,version: '1.23',vpc: myvpc,// 默认启动容量类型为managednode，默认实例类型为m5.large// defaultCapacityInstance: 't3.large',// defaultCapacityType: eks.DefaultCapacityType.EC2,defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,vpcSubnets: [{ subnetId: 'subnet-xxxxxxxx' }, { subnetId: 'subnet-xxxxxxxx' }],// 默认启动数量为2defaultCapacity: 1,mastersRole: masterrole,outputMastersRoleArn: true});// 安装ebs驱动// new eks.CfnAddon(this, 'MyEbsAddon', {//   addonName: 'aws-ebs-csi-driver',//   clusterName: mycluster.clusterName// })new cdk.CfnOutput(this, 'clusterArn', {value: mycluster.clusterArn});new cdk.CfnOutput(this, 'clusterName', {value: mycluster.clusterName});new cdk.CfnOutput(this, 'matserRoleName', {value: masterrole.roleArn});}
}module.exports = { EksCdkStack }

通过cdk创建eks集群最终会创建4个堆栈（嵌套堆栈），按照时间顺序排列，2和4是嵌套堆栈

• 堆栈1：角色（eks集群角色，节点角色，创建集群的角色），节点组，ssm参数，eks集群，堆栈2，堆栈3
• 堆栈2：角色（lambda执行角色），StepFunctions状态机，5个lambda函数（获取集群信息，处理自定义命令），将额外配置的master role加入aws-auth就是由这个lambda完成的
• 堆栈3：角色（cfn上传），s3桶（存放cdk资料）
• 堆栈4：角色（lambda执行角色），2个lambda函数

lambda实际上就是cfn的自定义资源，有一个关键的lambda函数处理客户的自定义逻辑

import json
import loggingfrom apply import apply_handler
from helm import helm_handler
from patch import patch_handler
from get import get_handlerdef handler(event, context):print(json.dumps(dict(event, ResponseURL='...')))resource_type = event['ResourceType']if resource_type == 'Custom::AWSCDK-EKS-KubernetesResource':return apply_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-HelmChart':return helm_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-KubernetesPatch':return patch_handler(event, context)if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue':return get_handler(event, context)raise Exception("unknown resource type %s" % resource_type)

我们可以在相应的cw logs中看到具体的执行逻辑

例如helm安装的命令解析如下

['helm', 'upgrade', 'tekscdkstackworklearnclusterchartnginxingress00e4b90f', 'aws-ebs-csi-driver', '--install', '--create-namespace', '--repo', 'https://kubernetes-sigs.github.io/aws-ebs-csi-driver', '--values', '/tmp/values.yaml', '--namespace', 'kube-system', '--kubeconfig', '/tmp/kubeconfig']

cdk 和 ecs

通过cdk部署ecs服务比较简单

引用已经存在的资源避免重复创建

const cdk = require("aws-cdk-lib");
const ecs = require("aws-cdk-lib/aws-ecs");
const ec2 = require("aws-cdk-lib/aws-ec2");
const iam = require("aws-cdk-lib/aws-iam");
const aws = require("aws-cdk-lib");class EcsCdkStack extends cdk.Stack {constructor(scope, id, props) {super(scope, id, props);//引用已经存在的vpcvar myvpc = ec2.Vpc.fromLookup(this, 'Vpc', {region: 'cn-north-1',vpcId: 'vpc-xxxxxxxxx'})//引用已经存在的ecs集群var ecscluster = ecs.Cluster.fromClusterAttributes(this, 'myecscluster', {clusterName: 'xxxxxxx',securityGroups: ['sg-xxxxxxxx'],vpc: myvpc,clusterArn: 'arn:aws-cn:ecs:cn-north-1:xxxxx:cluster/xxxxxx'})// 引用已存在的角色var taskrole = iam.Role.fromRoleArn(this, "mytaskrole", 'arn:aws-cn:iam::xxxxx:role/ecsTaskRole', {})var taskexecrole = iam.Role.fromRoleArn(this, "mytaskexecrole", 'arn:aws-cn:iam::xxxxxxx:role/ecsTaskExecutionRole', {})const mytaskDefinition = new ecs.Ec2TaskDefinition(this, 'myTaskDef', {// 指定任务网络模式为awsvpcnetworkMode: ecs.NetworkMode.AWS_VPC,// networkMode: ecs.NetworkMode.BRIDGE,taskRole: taskrole,executionRole: taskexecrole,});// 向任务定义添加containervar nginxContainer = mytaskDefinition.addContainer('myNginxContainer', {containerName: 'nginx',image: ecs.ContainerImage.fromRegistry('nginx:latest'),memoryLimitMiB: 256,});nginxContainer.addPortMappings({containerPort: 80,protocol: ecs.Protocol.TCP})var mysg = ec2.SecurityGroup.fromSecurityGroupId(this, 'mysg', 'sg-xxxxxxx')// 创建ecs服务new ecs.Ec2Service(this, 'myEC2Service', {cluster: ecscluster,taskDefinition: mytaskDefinition,desiredCount: 1,securityGroups: [mysg],// assignPublicIp: true,vpcSubnets: {subnetType: ec2.SubnetType.PUBLIC}});new cdk.CfnOutput(this, 'clusterArn', { value: ecscluster.clusterArn });new cdk.CfnOutput(this, 'clusterName', { value: ecscluster.clusterName });new cdk.CfnOutput(this, 'matserRoleName', { value: mytaskDefinition.taskDefinitionArn });}
}module.exports = { EcsCdkStack }