77 lines
3.4 KiB
Markdown
77 lines
3.4 KiB
Markdown
---
|
|
title: CTP Topic 70 EKS deployment using IAC
|
|
type: cloud-learning
|
|
source-type: video
|
|
category: DevOps & SRE/04_EKS
|
|
tags:
|
|
- AWS
|
|
- EKS
|
|
- IaC
|
|
- Kubernetes
|
|
- CTP
|
|
date-added: 2026-04-14
|
|
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4
|
|
audio-source: ""
|
|
status: summarized (Gemini 摘要)
|
|
---
|
|
|
|
# CTP Topic 70 EKS deployment using IAC
|
|
|
|
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 70_ EKS deployment using IAC.mp4`
|
|
|
|
**Type:** VIDEO | **Category:** 04_EKS
|
|
|
|
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
|
|
|
---
|
|
|
|
## 摘要
|
|
|
|
> ## EKS Deployment Using Infrastructure As Code
|
|
|
|
This session covers EKS cluster deployment via Infrastructure as Code (IAC), focusing on managing containers and worker nodes using the SRE EKS module. Key capabilities include cluster autoscaling, ingress controller, and custom networking. The agenda includes comparing containers and VMs, discussing EKS features, and demonstrating EKS deployment via Terraform and Service Catalog. Monitoring the EKS stack and containers for proactive alerting is also covered.
|
|
|
|
The discussion begins with the differences between VMs and containers, highlighting the benefits of containers such as reduced boot time, memory efficiency, and portability. Kubernetes is presented as a framework for running distributed systems resiliently, automating rollouts/rollbacks, load balancing, and horizontal pod scaling.
|
|
|
|
EKS, a managed Kubernetes service by Amazon, offers features like fully managed control planes and autoscaling worker nodes. *Zero downtime rolling deployments for worker node updates* and IAM RBAC mapping for least privilege access are implemented. The SRE EKS module integrates an ALB ingress controller for traffic management and EMI custom networking for pods to handle CIDR limitations.
|
|
|
|
### Deployment Methods
|
|
|
|
Two deployment methods are detailed:
|
|
|
|
1. **Terraform:** Using a `tera-grant.scl` file, users can define environment variables, EKS cluster version, and worker node types (CPU, GPU, or default). Integration with AWS Secret Manager is included for engineering contact notifications.
|
|
2. **Service Catalog:** This method allows users to create EKS clusters via a module with version selection and worker node type configuration. It provides more control over security and permissions.
|
|
|
|
*Service Catalog allows creating, organizing, and governing AWS resources with permission control.*
|
|
|
|
### Custom Networking and Autoscaling
|
|
|
|
Custom networking for pods addresses CIDR limitations by adding a virtual EMI to assign IP addresses to pods. The Kubernetes cluster autoscaler automatically scales worker nodes based on resource needs. Future implementation of Carpenter is being considered for more efficient instance type creation based on pod requirements.
|
|
|
|
### Monitoring
|
|
|
|
Monitoring is achieved using CloudWatch agent and FluentBit deployed as demon sets. Container Insights needs to be enabled to publish metrics to CloudWatch. The process involves applying manifest files within the cluster to set up CloudWatch logs and metrics. AWS Open Telemetry can also be used for monitoring. Centralized Grafana instances are available for visualizing metrics via templated dashboards, including an EKS-specific dashboard.
|
|
|
|
|
|
---
|
|
|
|
## 关键概念
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 行动项
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 相关视频
|
|
|
|
> 配对视频笔记链接(生成后填入)
|
|
|
|
---
|
|
|
|
*最后更新: 2026-04-14*
|