67 lines
2.5 KiB
Markdown
67 lines
2.5 KiB
Markdown
---
|
|
title: CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone
|
|
type: cloud-learning
|
|
source-type: video
|
|
category: DevOps & SRE/04_EKS
|
|
tags:
|
|
- AWS
|
|
- EKS
|
|
- Kubernetes
|
|
- Landing-Zone
|
|
- CTP
|
|
date-added: 2026-04-14
|
|
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4
|
|
audio-source: ""
|
|
status: summarized (Gemini 摘要)
|
|
---
|
|
|
|
# CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone
|
|
|
|
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 39_ Implementing EKS in the AWS Lab Landing Zone.mp4`
|
|
|
|
**Type:** VIDEO | **Category:** 04_EKS
|
|
|
|
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
|
|
|
---
|
|
|
|
## 摘要
|
|
|
|
> Spencer and Guy discuss implementing Elastic Kubernetes Service (EKS) in the AWS landing zone, focusing on a use case with Octane, a Microfocus SaaS application that is IP-hungry. They faced challenges with the limited range of IP addresses in AWS labs run on the Microfocus network.
|
|
|
|
The solution involved creating a private subnet within their own space, not connected to the main subnet, to provide a large number of IPs for EKS to use. *The problem was was that this wasn't supported in the EKS sort of solution that was given to us.* They utilized Terraform and Terragrunt modules to create the lab, working with SRE to enable EKS to create its own subnet and use its own IPs within each pod.
|
|
|
|
Key points:
|
|
* The EKS module has a flag for custom networking configuration to control IP allocation.
|
|
* They demonstrated how to call the EKS module within Terraform code, specifying the subnet and mappings between federated accounts/roles.
|
|
* They showed how to access the EKS cluster, get pods, and access both internal Microfocus network resources and external resources from within a pod.
|
|
* *Within the spec configuration, we basically have to put host network equals true.*
|
|
* They addressed a question about container hardening guidelines, explaining that they had discussions with security teams and implemented strong security measures.
|
|
* They mentioned that AWS may have contributed to the idea of this solution.
|
|
* Atlantis cannot currently deploy EKS clusters; a Terragrunt module on Jenkins is used instead.
|
|
* Mapping roles allows connection to the cluster and visibility of EKS components in the AWS console.
|
|
* The number of node groups is currently hardcoded but will be made configurable in future versions.
|
|
|
|
|
|
---
|
|
|
|
## 关键概念
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 行动项
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 相关视频
|
|
|
|
> 配对视频笔记链接(生成后填入)
|
|
|
|
---
|
|
|
|
*最后更新: 2026-04-14*
|