eks 使用案例 部署jenkins

https://aws.amazon.com/cn/blogs/storage/deploying-jenkins-on-amazon-eks-with-amazon-efs/

這個鏈接挺好的，包含了，使用aws cli
創建 eks
創建安全組
創建EFS存儲
掛在存儲
使用helm安裝jenkins等， helm的網址https://artifacthub.io/packages/helm/bitnami/jenkins

前期准備工作：

1）有一個aws賬戶
不贅述

2）在賬戶中購買一個迷你主機，並在主機上安裝aws cli，並且配置aws configure

安裝aws cli

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

**配置aws cli憑證, 如何獲取憑證，這里不多贅述，主要是在iam用戶中設置

$ aws configure
AWS Access Key ID [None]: <AKIAIOSFODNN7EXAMPLE>
AWS Secret Access Key [None]: <wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY>
Default region name [None]: <region-code>
Default output format [None]: <json>

3） 安裝aws-iam-authenticator

curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator
chmod +x ./aws-iam-authenticator
mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc

4）安裝EKS 的命令行管理工具 kubectl

curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
kubectl version --short --client

5）安裝eksctl (一個可以通過命令簡單創建和管理 Amazon EKS的工具)

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

6）安裝Helm

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

正式開始

1）創建Amazon EKS cluster

eksctl create cluster --name faberbeta --region ap-east-1 --zones \
ap-east-1a,ap-east-1b,ap-east-1c --managed --nodegroup-name mynodegroup001

該命令會在ap-east-1創建一個新的EKS cluster（faberbeta）並且創建一個EKS-managed nodegroup(mynodegroup001)
nodegroup默認會創建兩個m5.large實例的ec2 , 硬盤80G
該provisioning需要大概10-15分鍾

測試kubectl 配置是否正確

kubectl get svc

輸出

NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   6m20s

2）創建一個Amazon EFS 文件系統

1）獲取你新建eks 集群所生成的 VPC ID （IP段是192.168.0.0/16）
aws ec2 describe-vpcs
2) 為你的Amazon EFS mount target設置一個安全組

aws ec2 create-security-group \
--region ap-east-1 \
--group-name efs-mount-sg \
--description "Amazon EFS for EKS, SG for mount target" \
--vpc-id vpc-009e248a7d4834f00  

3）給剛才新建的安全組設置規則
給inbound 流量開放 NFS port (2049)

aws ec2 authorize-security-group-ingress \
--group-id sg-0ee2e7fd637999755 \
--region ap-east-1 \
--protocol tcp \
--port 2049 \
--cidr 192.168.0.0/16

4. 創建Amazon EFS 文件系統

aws efs create-file-system \
--creation-token creation-token \
--performance-mode generalPurpose \
--throughput-mode bursting \
--region ap-east-1 \
--tags Key=Name,Value=MyEFSFileSystem \
--encrypted

5）獲取你新建的EKS下的實例的 VPC subnet IDs

aws ec2 describe-instances \
 --filters Name=vpc-id,Values=vpc-009e248a7d4834f00 \
 --query 'Reservations[*].Instances[].SubnetId'

因為新建了兩個EC2實例，並且這兩個實例分屬獨立的k8s虛擬網絡subnet中
會得到兩個 subnet ID
輸出結果

[
    "subnet-0f8061a97f9e96d11",
    "subnet-02266afc033a04a26"
]

6. 建立兩個 Amazon EFS mount targets
   第一個

aws efs create-mount-target \
--file-system-id fs-f2ae293f \
--subnet-id subnet-0f8061a97f9e96d11 \
--security-group sg-0ee2e7fd637999755 \
--region ap-east-1

第二個

aws efs create-mount-target \
--file-system-id fs-f2ae293f \
--subnet-id subnet-02266afc033a04a26 \
--security-group sg-0ee2e7fd637999755 \
--region ap-east-1

*注意在剛才獲取的兩個可用區都創建Amazon EFS mount targets
7) 現在創建Amazon EFS access point
Now that you have your file system, let’s create an Amazon EFS Access Point. Amazon EFS access points are application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets or, in our case, configuration. Regardless of how a container is built, access points can enforce a user identity, including the user’s POSIX groups, for all file system requests that are made through them. For our purposes, let’s create a Jenkins-specific EFS access point and choose to enforce user ID and a group ID of 1000 using the following command:

aws efs create-access-point --file-system-id fs-f2ae293f \
--posix-user Uid=1000,Gid=1000 \
--root-directory "Path=/jenkins,CreationInfo={OwnerUid=1000,OwnerGid=1000,Permissions=777}"

記錄 access point ID (that is, fsap-0123456abc987634a) 給之后使用

給EKS集群部署 Amazon EFS CSI driver

1） 部署Amazon EFS CSI driver,

sudo yum install git -y
kubectl apply -k "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"

輸出

serviceaccount/efs-csi-controller-sa created
clusterrole.rbac.authorization.k8s.io/efs-csi-external-provisioner-role created
clusterrolebinding.rbac.authorization.k8s.io/efs-csi-provisioner-binding created
deployment.apps/efs-csi-controller created
daemonset.apps/efs-csi-node created
csidriver.storage.k8s.io/efs.csi.aws.com configured

2. 創建efs-sc storage class YAML 文件
   隨着Amazon EFS CSI driver 的安裝，您可以創建一個存儲類，使您能夠配置持久卷，以允許pod使用amazon efs文件系統。
   復制下面的配置，並且保存為storageclass.yaml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: efs-sc
provisioner: efs.csi.aws.com

3）創建efs-pv persistent volume YAML 文件
讓我們繼續為我們的Jenkins應用程序創建一個persistent volume和一個persistent volume claim。首先，復制以下配置並將其保存到名為persistentvolume.yaml 確保將volumeHandle參數修改為file system ID and access point ID:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efs-pv
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-sc
  csi:
    driver: efs.csi.aws.com
    volumeHandle: identifier for our file system::identifier for our 
access point (i.e. fs-123b45fa::fsap-12345678910ab12cd34)

4. 創建efs-claim persistent volume claim YAML 文件
   復制下面的，並且命名為persistentvolumeclaim.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: efs-claim
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: efs-sc
  resources:
    requests:
      storage: 5Gi

注意：因為amazon EFS是一個彈性文件系統，所以它不強制執行任何文件系統容量限制。創建文件系統時不使用持久卷和持久卷聲明中的實際存儲容量值。但是，由於存儲容量是Kubernetes中的必填字段，因此必須指定有效值，例如本例中的5Gi。此值不限制Amazon EFS文件系統的大小。

5. 部署efs-sc storage class, efs-pv persistent volume, and efs-claim persistent volume claim

kubectl apply -f \
storageclass.yaml,persistentvolume.yaml,persistentvolumeclaim.yaml

6. 確保Kubernetes 的資源已經創建

部署 Jenkins 到 Amazon EKS 中

在本章節中將使用 HELM（Kubernetes的包管理器，幫助您在Kubernetes集群上安裝和管理應用程序。）部署jenkins 到amazon EKS中
1） 添加Helm stable chart repository
helm repo add bitnami https://charts.bitnami.com/bitnami
2） 在你的EKS cluster上安裝jenkins

helm install jenkins bitnami/jenkins --set \
rbac.create=true,master.servicePort=80,master.serviceType=NodePort,persistence.existingClaim=efs-claim

3. 獲取ingress loadbalancer name