AWS EKS 计算资源自动扩缩之按需申请Fargate[AWS 中国宁夏区]

设置Fargate

创建Amazon EKS Pod execution IAM role

fargate正常运行需要有Amazon EKS Pod execution IAM role，详情可以参考Amazon EKS Pod execution IAM role

编辑policy内容，并保存为pod-execution-role-trust-policy.json,其中region-code和aws-account需要填你真实的内容

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Condition": {
         "ArnLike": {
            "aws:SourceArn": "arn:aws-cn:eks:<region-code>:<aws-account>:fargateprofile/*"
         }
      },
      "Principal": {
        "Service": "eks-fargate-pods.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

创建role，名称可以自定义，我设置为AmazonEKSFargatePodExecutionRole

aws iam create-role --role-name AmazonEKSFargatePodExecutionRole  --assume-role-policy-document file://"pod-execution-role-trust-policy.json"

将AmazonEKSFargatePodExecutionRole和AmazonEKSFargatePodExecutionRolePolicy关联

aws iam attach-role-policy --policy-arn arn:aws-cn:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy --role-name AmazonEKSFargatePodExecutionRole

创建fargate profile

填写自己的fargate-profile名称，并选定刚才创建的AmazonEKSFargatePodExecutionRole 为这个profie填入合适的namespace设置，详情见AWS Fargate profile 检查并创建 创建需要几分钟 创建完成

测试fargate的使用

这里是一个简单的nginx deployment样例，请注意它的namesapce必须要和fargate proflie中的namespace设置相匹配 ,匹配规则为AWS Fargate profile

apiVersion: apps/v1
kind: Deployment
metadata:
  name: eks-sample-linux-deployment
  # 必须和fargate proflie中的namespace设置相匹配,https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
  namespace: prod-fargate
  labels:
    app: eks-sample-linux-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: eks-sample-linux-app
  template:
    metadata:
      labels:
        app: eks-sample-linux-app
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
                      - arm64
      containers:
        - name: nginx
          image: public.ecr.aws/nginx/nginx:1.23
          ports:
            - name: http
              containerPort: 80
          imagePullPolicy: IfNotPresent
      nodeSelector:
        kubernetes.io/os: linux

等待片刻我们发现fargate作为底层计算资源已经运行了正确的nginx

fargate和ec2 node group不一样，只需要你设置好pod的HPA后，pod就可以自动的水平扩展并及时获取对应的fargate计算资源，不再需要autosacler等插件。

关于fargate详情请看：

• AWS fargate
• AWS fargate doc
• 聊聊 AWS Fargate 在容器世界中的角色定位