我使用地形来设置EKS集群,我需要确保我的工作节点将被放置在专用子网上,并且我的公用子网将用于我的负载均衡器,但我实际上不知道如何在集群中注入公用和专用子网,因为我只使用专用子网。
resource "aws_eks_cluster" "master_node" {
name = "my-cluster"
role_arn = aws_iam_role.master_iam_role.arn
version = "1.14"
vpc_config {
security_group_ids = [aws_security_group.master_security_group.id]
subnet_ids = var.private_subnet_eks_ids
}
depends_on = [
aws_iam_role_policy_attachment.main-cluster-AmazonEKSClusterPolicy,
aws_iam_role_policy_attachment.main-cluster-AmazonEKSServicePolicy,
]
}
resource "aws_autoscaling_group" "eks_autoscaling_group" {
desired_capacity = var.desired_capacity
launch_configuration = aws_launch_configuration.eks_launch_config.id
max_size = var.max_size
min_size = var.min_size
name = "my-autoscaling-group"
vpc_zone_identifier = var.private_subnet_eks_ids
depends_on = [
aws_efs_mount_target.efs_mount_target
]
}
我使用VPC模块在VPC上创建公共和私有子网。然后,我使用EKS模块创建EKS集群,并引用vpc数据。
示例
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["eu-north-1a", "eu-north-1b", "eu-north-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
}
然后是EKS集群,我使用module.vpc.private_subnets和module.vpc.vpc_id:指代VPC子网
module "eks-cluster" {
source = "terraform-aws-modules/eks/aws"
cluster_name = "my-eks-cluster"
cluster_version = "1.17"
subnets = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id
worker_groups = [
{
instance_type = "t3.small"
asg_max_size = 2
}
]
}
只为您的eks集群提供私有子网,但在此之前,请确保您已经标记了公共子网,以便:
Key: kubernetes.io/role/elb
value: 1
如下所述:https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/
EKS将通过标记查询来发现放置负载平衡器的公共子网。