Я пытаюсь написать высокоуровневую конструкцию CDK, которую можно использовать для развертывания приложений Django с помощью EKS. У меня есть большинство манифестов k8s, определенных для приложения, но я борюсь с частью Ingress. Рассматривая различные варианты, я решил попробовать установить контроллер AWS Load Balancer ( https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/ ). В их документации есть инструкции по установке контроллера с помощью интерфейса командной строки AWS и инструмента командной строки eksctl, поэтому я пытаюсь перевести их в код CDK. Вот что у меня есть до сих пор:
import * as ec2 from '@aws-cdk/aws-ec2';
import * as eks from '@aws-cdk/aws-eks';
import * as iam from '@aws-cdk/aws-iam';
import * as cdk from '@aws-cdk/core';
import { ApplicationVpc } from './vpc';
var request = require('sync-request');
export interface DjangoEksProps {
readonly vpc: ec2.IVpc;
}
export class DjangoEks extends cdk.Construct {
public vpc: ec2.IVpc;
public cluster: eks.Cluster;
constructor(scope: cdk.Construct, id: string, props: DjangoEksProps) {
super(scope, id);
this.vpc = props.vpc;
// allow all account users to assume this role in order to admin the cluster
const mastersRole = new iam.Role(this, 'AdminRole', {
assumedBy: new iam.AccountRootPrincipal(),
});
this.cluster = new eks.Cluster(this, "MyEksCluster", {
version: eks.KubernetesVersion.V1_19,
vpc: this.vpc,
mastersRole,
defaultCapacity: 2,
});
// Adopted from comments in this issue: https://github.com/aws/aws-cdk/issues/8836
const albServiceAccount = this.cluster.addServiceAccount('aws-alb-ingress-controller-sa', {
name: 'aws-load-balancer-controller',
namespace: 'kube-system',
});
const awsAlbControllerPolicyUrl = 'https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/install/iam_policy.json';
const policyJson = request('GET', awsAlbControllerPolicyUrl).getBody('utf8');
((JSON.parse(policyJson))['Statement'] as any[]).forEach(statement => {
albServiceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(statement))
})
// This is where I am stuck
// https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/#add-controller-to-cluster
// I tried running this
// kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
this.cluster.addHelmChart('aws-load-balancer-controller-helm-chart', {
repository: 'https://aws.github.io/eks-charts',
chart: 'eks/aws-load-balancer-controller',
release: 'aws-load-balancer-controller',
version: '2.2.0',
namespace: 'kube-system',
values: {
clusterName: this.cluster.clusterName,
serviceAccount: {
create: false,
name: 'aws-load-balancer-controller',
},
},
});
}
}
Вот ошибки, которые я вижу в CDK, когда делаю cdk deploy:
Received response status [FAILED] from custom resource. Message returned: Error: b'WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /tmp/kubeconfig\nWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /tmp/kubeconfig\nRelease "aws-load-balancer-controller" does not exist. Installing it now.\nError: chart "eks/aws-load-balancer-controller" version "2.2.0" not found in https://aws.github.io/eks-charts repository\n' Logs: /aws/lambda/DjangoEks-awscdkawseksKubectlProvi-Handler886CB40B-6yld0A8rw9hp at invokeUserFunction (/var/task/framework.js:95:19) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async onEvent (/var/task/framework.js:19:27) at async Runtime.handler (/var/task/cfn-response.js:48:13) (RequestId: ec066bb2-4cc1-48f6-8a88-c6062c27ed0f)
и связанная ошибка:
Received response status [FAILED] from custom resource. Message returned: Error: b'error: no objects passed to create\n' Logs: /aws/lambda/DjangoEks-awscdkawseksKubectlProvi-Handler886CB40B-6yld0A8rw9hp at invokeUserFunction (/var/task/framework.js:95:19) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async onEvent (/var/task/framework.js:19:27) at async Runtime.handler (/var/task/cfn-response.js:48:13) (RequestId: fe2c4c04-4de9-4a71-b18a-ab5bc91d180a)
В документации CDK EKS говорится, что addHelmChartбудет установлена предоставленная Helm Chart с расширением helm upgrade --install.
The AWS Load Balancer Controller installation instructions also say:
Install the TargetGroupBinding CRDs if upgrading the chart via helm upgrade.
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
I'm not sure how I can do this part in CDK. The link to github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master gives a 404, but that command does work when I run it against my EKS cluster, and I can install those CRDs. Running the deploy command after manually installing those CRDs also fails with the same message.
I think the error in my code comes from the HelmChartOptions that I pass to the addHelmChart command, and I have tried several options, and referenced similar CDK projects that install Helm charts from the same repo, but I keep getting failures.
Is anyone else installing the AWS Load Balancer Controller with CDK like I am trying to do here? One project that I have been trying to reference is https://github.com/neilkuan/cdk8s-aws-load-balancer-controller.
There is also discussion in this GitHub issue: https://github.com/aws/aws-cdk/issues/8836 that might help as well, but a lot of the discussion is around cert manager manager which doesn't seem to be relevant for what I'm trying to do.
Solution of the problem
I got some help on the CDK.dev slack channel. I had the wrong version. It should be 1.2.0, the version of the Helm Chart. 2.2.0 is the version of the Controller.
Вот официальный пример того, как это сделать из aws-samplesрепозитория GitHub: https://github.com/aws-samples/nexus-oss-on-aws/blob/d3a092d72041b65ca1c09d174818b513594d3e11/src/lib/sonatype-nexus3-stack.ts# L207-L242
Комментариев нет:
Отправить комментарий