如何为 EKS 配置子网?
How to configure the subnets for EKS?
我目前正在学习如何部署 EKS(通过 Terraform),并希望了解如何设置所需的子网数量,以及它们是 public 还是私有的。这是我的 EKS 代码的片段:
module "eks_cluster" {
source = "terraform-aws-modules/eks/aws"
version = "13.2.1"
cluster_name = "${var.project_name}-meow-${var.environment}"
cluster_version = "1.18"
vpc_id = module.vpc.vpc_id
cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
enable_irsa = true
subnets = [module.vpc.subnet_a_private_id, module.vpc.subnet_b_private_id, module.vpc.subnet_a_public_id]
}
重新表述我的问题,我希望了解:
- 我需要将 EKS 部署到多少个子网?我应该将它部署在 VPC 中的所有子网上吗?
- 如果我将 EKS 部署到所有 public 或所有私有子网,会有什么不同?
我建议您查看 AWS docs,其中解释了在您创建 EKS 集群时 VPC 的作用。根据link,回答您的问题如下:
How many subnets do I need to deploy EKS to? Should I deploy it on all the
subnets in the VPC?
在 至少两个子网 在不同的可用性区域。使用所有子网是 AWS 控制台中的默认行为。
What difference does it make if I deploy EKS to all public or all private subnets?
来自 EKS 中 VPC 上的 AWS docs:
Private-only: Everything runs in a private subnet and Kubernetes cannot create internet-facing load balancers for your pods.
Public-only: Everything runs in a public subnet, including your nodes.
另外:
We recommend a VPC with public and private subnets so that Kubernetes can create public load balancers in the public subnets that load balance traffic to pods running on nodes that are in private subnets.
我目前正在学习如何部署 EKS(通过 Terraform),并希望了解如何设置所需的子网数量,以及它们是 public 还是私有的。这是我的 EKS 代码的片段:
module "eks_cluster" {
source = "terraform-aws-modules/eks/aws"
version = "13.2.1"
cluster_name = "${var.project_name}-meow-${var.environment}"
cluster_version = "1.18"
vpc_id = module.vpc.vpc_id
cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
enable_irsa = true
subnets = [module.vpc.subnet_a_private_id, module.vpc.subnet_b_private_id, module.vpc.subnet_a_public_id]
}
重新表述我的问题,我希望了解:
- 我需要将 EKS 部署到多少个子网?我应该将它部署在 VPC 中的所有子网上吗?
- 如果我将 EKS 部署到所有 public 或所有私有子网,会有什么不同?
我建议您查看 AWS docs,其中解释了在您创建 EKS 集群时 VPC 的作用。根据link,回答您的问题如下:
How many subnets do I need to deploy EKS to? Should I deploy it on all the subnets in the VPC?
在 至少两个子网 在不同的可用性区域。使用所有子网是 AWS 控制台中的默认行为。
What difference does it make if I deploy EKS to all public or all private subnets?
来自 EKS 中 VPC 上的 AWS docs:
Private-only: Everything runs in a private subnet and Kubernetes cannot create internet-facing load balancers for your pods.
Public-only: Everything runs in a public subnet, including your nodes.
另外:
We recommend a VPC with public and private subnets so that Kubernetes can create public load balancers in the public subnets that load balance traffic to pods running on nodes that are in private subnets.