1、部署网站环境
[ec2-user@ip-172-31-32-32 ~]$ curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11156 100 11156 0 0 11132 0 0:00:01 0:00:01 --:--:-- 11133
[ec2-user@ip-172-31-32-32 ~]$ chmod 700 get_helm.sh
[ec2-user@ip-172-31-32-32 ~]$ ./get_helm.sh
Downloading https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
helm installed into /usr/local/bin/helm
[ec2-user@ip-172-31-32-32 ~]$ helm version
version.BuildInfo{Version:"v3.9.0", GitCommit:"7ceeda6c585217a19a1131663d8cd1f7d641b2a7", GitTreeState:"clean", GoVersion:"go1.17.5"}
[ec2-user@ip-172-31-32-32 ~]$ helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
[ec2-user@ip-172-31-32-32 ~]$ helm -n wordpress-cwi install understood-zebu bitnami/wordpress
NAME: understood-zebu
LAST DEPLOYED: Thu Jun 16 01:25:56 2022
NAMESPACE: wordpress-cwi
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: wordpress
CHART VERSION: 15.0.1
APP VERSION: 6.0.0
** Please be patient while the chart is being deployed **
Your WordPress site can be accessed through the following DNS name from within your cluster:
understood-zebu-wordpress.wordpress-cwi.svc.cluster.local (port 80)
To access your WordPress site from outside the cluster follow the steps below:
1. Get the WordPress URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace wordpress-cwi -w understood-zebu-wordpress'
export SERVICE_IP=$(kubectl get svc --namespace wordpress-cwi understood-zebu-wordpress --include "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}")
echo "WordPress URL: http://$SERVICE_IP/"
echo "WordPress Admin URL: http://$SERVICE_IP/admin"
2. Open a browser and access WordPress using the obtained URL.
3. Login with the following credentials below to see your blog:
echo Username: user
echo Password: $(kubectl get secret --namespace wordpress-cwi understood-zebu-wordpress -o jsonpath="{.data.wordpress-password}" | base64 -d)
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ echo ${AWS_REGION}
[ec2-user@ip-172-31-32-32 ~]$ export AWS_REGION=ap-southeast-1
[ec2-user@ip-172-31-32-32 ~]$ echo ${AWS_REGION}
ap-southeast-1
[ec2-user@ip-172-31-32-32 ~]$ aws eks update-kubeconfig --name eksctl-eks-workshop-cluster
An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name: eksctl-eks-workshop-cluster.
[ec2-user@ip-172-31-32-32 ~]$ ls
2048_full.yaml aws awscliv2.zip cluster.yaml get_helm.sh iam-policy.json ingress_alb.yaml nodegroup.yaml v2_2_1_full.yaml
[ec2-user@ip-172-31-32-32 ~]$ more cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: eks-workshop
region: ap-southeast-1
version: "1.20"
vpc:
id: "vpc-75da3113"
subnets:
private:
private-b:
id: "subnet-015ac1ef15878b449"
private-a:
id: "subnet-099952df6f0c29019"
public:
public-a:
id: "subnet-902ce0d8"
public-b:
id: "subnet-7c9e411a"
[ec2-user@ip-172-31-32-32 ~]$ aws eks update-kubeconfig --name eks-workshop
Added new context arn:aws:eks:ap-southeast-1:XXXXXXX:cluster/eks-workshop to /home/ec2-user/.kube/config
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ STACK_NAME=$(eksctl get nodegroup --cluster eksworkshop-eksctl -o json | jq -r '.[].StackName')
lResourceId')
echo "export ROLE_NAME=${ROLE_NAME}" | tee -a ~/.bash_profile
Error: unable to describe cluster control plane: operation error EKS: DescribeCluster, https response error StatusCode: 404, RequestID: 35ce45e8-a882-4689-a6d6-6b38efd7ba1e, ResourceNotFoundException: No cluster found for name: eksworkshop-eksctl.
[ec2-user@ip-172-31-32-32 ~]$ ROLE_NAME=$(aws cloudformation describe-stack-resources --stack-name $STACK_NAME | jq -r '.StackResources[] | select(.ResourceType=="AWS::IAM::Role") | .PhysicalResourceId')
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument --stack-name: expected one argument
[ec2-user@ip-172-31-32-32 ~]$ echo "export ROLE_NAME=${ROLE_NAME}" | tee -a ~/.bash_profile
export ROLE_NAME=
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ STACK_NAME=$(eksctl get nodegroup --cluster eks-workshop -o json | jq -r '.[].StackName')
rceId')
echo "export ROLE_NAME=${ROLE_NAME}" | tee -a ~/.bash_profile[ec2-user@ip-172-31-32-32 ~]$ ROLE_NAME=$(aws cloudformation describe-rces[] | select(.ResourceType=="AWS::IAM::Role") | .PhysicalResourceId')
[ec2-user@ip-172-31-32-32 ~]$ echo "export ROLE_NAME=${ROLE_NAME}" | tee -a ~/.bash_profile
export ROLE_NAME=eksctl-eks-workshop-nodegroup-ng-NodeInstanceRole-1IYL9G8NVR8G8
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ test -n "$ROLE_NAME" && echo ROLE_NAME is "$ROLE_NAME" || echo ROLE_NAME is not set
ROLE_NAME is eksctl-eks-workshop-nodegroup-ng-NodeInstanceRole-1IYL9G8NVR8G8
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ aws iam attach-role-policy \
> --role-name $ROLE_NAME \
> --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$
[ec2-user@ip-172-31-32-32 ~]$ aws iam list-attached-role-policies --role-name $ROLE_NAME | grep CloudWatchAgentServerPolicy || echo 'Policy not found'
"PolicyName": "CloudWatchAgentServerPolicy",
"PolicyArn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
[ec2-user@ip-172-31-32-32 ~]$
2、部署Pod监控的容器
[ec2-user@ip-172-31-32-32 ~]$ curl -s https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/quickstart/cwagent-fluentd-quickstart.yaml | sed "s/{{cluster_name}}/eksworkshop-eksctl/;s/{{region_name}}/${AWS_REGION}/" | kubectl apply -f -
namespace/amazon-cloudwatch created
serviceaccount/cloudwatch-agent created
clusterrole.rbac.authorization.k8s.io/cloudwatch-agent-role created
clusterrolebinding.rbac.authorization.k8s.io/cloudwatch-agent-role-binding created
configmap/cwagentconfig created
daemonset.apps/cloudwatch-agent created
configmap/cluster-info created
serviceaccount/fluentd created
clusterrole.rbac.authorization.k8s.io/fluentd-role created
clusterrolebinding.rbac.authorization.k8s.io/fluentd-role-binding created
configmap/fluentd-config created
daemonset.apps/fluentd-cloudwatch created
[ec2-user@ip-172-31-32-32 ~]$
打开容器视图如下404报错,使用地址如下:
如上404报错是BUG 页面不存在,直接在cloudwatch里面手动查看。
3、验证监控指标
