如何在 CI/CD 中包含 AWS EKS? [英] How to include AWS EKS with CI/CD?
问题描述
我正在研究 AWS (CodePipeline/CodeBuild/CodeDeploy) 上的 CI/CD,并发现它是一个非常好的工具,用于在云上管理管道并管理所有内容(甚至不需要在 EC2 上安装 Jenkins).
我现在正在阅读有关容器构建和部署的信息.对于构建阶段,CodeBuild 支持构建容器镜像.在部署阶段,虽然我可以找到 ECS 集群的 CodeDeploy 解决方案,但 EKS 似乎没有直接的 CodeDeploy 解决方案(如果我错了,请更正).
请问有没有集成EKS集群的解决方案(即部署阶段可以从ECR或dockerhub获取docker镜像并部署到EKS)?我遇到了一些使用 lamda 函数触发集群来执行容器映像滚动更新的想法,但我找不到这方面的分步指南.
============================
(2020 年 9 月 17 日更新)
不知何故设法创建了一个 lambda 函数来触发对 EKS 的更新,以执行 k8s 部署的滚动更新.感谢
(2)更新k8s ConfigMap,在mapRole部分补充lambda执行角色ARN.对应的 k8s 角色应该是有权更新用于 k8s 部署的容器镜像(比如 system:masters)的角色
您可以使用如下命令编辑地图:
kubectl edit -n kube-system configmap/aws-auth即使您的部署在另一个命名空间中,您也不必添加/更新另一个 ConfigMap.也会生效.
示例 lambda 函数调用请求和响应:
Gitab 在 Helm 图表的帮助下提供了 EKS 和部署的内置集成.如果您打算使用其他工具使用 AWS lambda 更新图像是最好的选择!
我已经添加了我的 github 项目.
使用以下代码设置一个 lambda,并在您的 EKS 中授予 RBAC 访问此 lambda 的权限.尝试通过传递所需的信息(如命名空间、部署、图像等)来调用 lambda
lambda 必须需要 EKS:describecluster 策略.
Lambda 角色必须至少提供 EKS 集群中的更新映像 RBAC 角色RBAC 角色设置
I am studying about CI/CD on AWS (CodePipeline/CodeBuild/CodeDeploy) and found it to be a very good tool for managing a pipeline on the cloud with everything managed (don't even need to install Jenkins on EC2).
I am now reading about container building and deployment. For the build phase, CodeBuild supports building container images. For the deploy phase, while I could find a CodeDeploy solution to ECS cluster, it seems there is no direct CodeDeploy solution for EKS (kindly correct if I am wrong).
May I know if there is a solution to integrate EKS cluster (i.e. the deploy phase can fetch the docker image from ECR or dockerhub and deploy to EKS)? I have come across some ideas using lamda functions to trigger the cluster to perform rolling update of the container image, but I could not find a step-by-step guide on this.
=========================
(Update 17 Sep 2020)
Somehow managed to create a lambda function to trigger an update to EKS to perform rolling update of the k8s deployment. Thanks Prashanna for the source base.
Just want to share the key setups in the process.
(1) Update the lambda execution role to include permission to describe EKS clusters
Create a policy with describe EKS cluster access, and attach to the role:
Policy snippet:
...
......
"Action": "eks:Describe*"
...
......
Or you can create a "EKSFullAccess" policy, and attach to the lambda execution role
(2) Update the k8s ConfigMap, and supplement the lambda execution role ARN to the mapRole section. The corresponding k8s role should be a role that has permission to update container images (say system:masters) used for the k8s deployment
You can edit the map with command like below:
kubectl edit -n kube-system configmap/aws-auth
You don't have to add/update another ConfigMap even if your deployment is in another namespace. It will take effect as well.
Sample lambda function call request and response:
Gitab provides the inbuilt integration of EKS and deployment with the help of Helm charts. If you plan to use other tools Using AWS lambda to update the image is the best bet!
I've added my github project.
Setup a lambda with below code and give RBAC access to this lambda in your EKS. Try invoking the lambda by passing the required information like namespace, deployment, image etc
Lambda for Kubernetes image update
The lambda must require EKS:describecluster policy.
The Lambda role must be provided atleast update image RBAC role in EKS clusterRBAC role setup
这篇关于如何在 CI/CD 中包含 AWS EKS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
