aws使用kops方式部署k8s
作者:互联网
1.基础准备
yum install wget
安装kops wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install ./epel-release-latest-*.noarch.rpm yum -y install python-pip
pip install --upgrade pip
pip install awscli
安装kubectl
curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
2.配置aws cli
aws configure AWS Access Key ID [None]: 账号》用户》访问密钥 AWS Secret Access Key [None]: 账号》用户》访问密钥 Default region name [None]: 默认的地区名称 Default output format [None]:
3.创建aws-group
aws iam create-group --group-name kops
4.给 kops组授权
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops
5.创建aws用户
aws iam create-user --user-name kops
6.把kops用户加入kops组
aws iam add-user-to-group --user-name kops --group-name kops
7.给kops用户创建accesskey
aws iam create-access-key --user-name kops ====保存acessid和key
8.用kops用户登录
aws configure ===填入accesskey等
9.创建s3存储桶,Kops把K8s集群的配置存储在AWS的S3中,每一个集群的配置对应于一个S3文件,创建一个S3的bucket用于存储集群的配置。
export BUCKET=clust.k8s.local aws s3api create-bucket \ --bucket clust.k8s.local \ --region cn-north-1 \ --create-bucket-configuration LocationConstraint=cn-north-1 aws s3api put-bucket-versioning --bucket clust.k8s.local --versioning-configuration Status=Enabled
10.定义配置的url
export KOPS_STATE_STORE=s3://clust.k8s.local
11.生成客户ssh-key
ssh-keygen -t rsa -C "your_email@example.com"
12.部署集群
/usr/local/bin/kops create cluster \ --name=clust.k8s.local \ --image=ami-025b59ca46aee99dd \ --zones=cn-north-1b \ --master-count=3 \ --master-size="c5d.large" \ --node-count=1 \
--node-size="m4.4xlarge" \ --vpc=vpc-0c5c4664b4b258e79 \ --networking=calico \ --ssh-public-key="~/.ssh/id_rsa.pub"
13.修改配置
kops edit cluster clust.k8s.local
spec: sshKeyName: <your ssh key name>
14.创建kops update cluster clust.k8s.local --yes
15.查看
[root@ip-10-1-1-130 ~]# kops get ig Using cluster from kubectl context: clust.k8s.local NAME ROLE MACHINETYPE MIN MAX ZONES master-cn-north-1b-1 Master c5d.large 1 1 cn-north-1b master-cn-north-1b-2 Master c5d.large 1 1 cn-north-1b master-cn-north-1b-3 Master c5d.large 1 1 cn-north-1b nodes Node m4.4xlarge 1 1 cn-north-1b
-----------
标签:iam,group,name,aws,policy,kops,k8s 来源: https://www.cnblogs.com/liuchunling/p/10979383.html