本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
管理 Amazon EKS 群集
此示例项目演示如何使用 Step Functions 和 Amazon Elastic Kubernetes Service 创建具有节点组的 Amazon EKS 集群,在 Amazon EKS 上运行作业,然后检查输出。完成后,它将删除节点组和 Amazon EKS 集群。此示例项目创建以下内容:
-
Amazon Elastic Kubernetes Service 集群
-
SNS 主题
-
相关Amazon Identity and Access Management(IAM) 角色
有关 Step Functions 和 Step Functions 服务集成的更多信息,请参阅以下内容:
此示例项目可能会产生费用。
为新 Amazon 用户提供了免费使用套餐。在此套餐中,低于某种使用水平的服务是免费的。有关 的更多信息Amazon成本和免费套餐,请参阅Amazon EKS 定价
创建状态机并预置资源
-
打开Step Functions 控制台
,然后选择创建状态机。 -
选择运行示例项目,然后选择管理 Amazon EKS 群集。
此时将显示状态机 Code (代码) 和 Visual Workflow (可视工作流程)。
-
选择 Next。
此时将显示 Deploy resources (部署资源) 页面,其中列出了将创建的资源。对于本示例项目,资源包括:
-
状态机
-
Amazon EKS 群集
-
SNS 主题
-
相关 IAM 角色
-
-
选择 Deploy Resources (部署资源)。
注意 创建这些资源和相关 IAM 权限可能需要长达 25 分钟的时间。当显示 Deploy resources (部署资源) 页面时,您可打开 Stack ID (堆栈 ID) 链接以查看正在预置的资源。
启动新的执行
-
在存储库的状态机页面上,选择EKS 群集管理站点状态机,然后选择开始执行。
-
在 New execution 页面上,输入执行名称 (可选),然后选择 Start Execution (开始执行)。
-
(可选)为了帮助识别您的执行,您可以在输入执行名称。如果未输入 ID,Step Functions 将自动生成一个唯一 ID。
注意 Step Functions 允许您创建包含非 ASCII 字符的状态机、执行和活动名称。这些非 ASCII 名称不适用 Amazon CloudWatch。要确保您可以跟踪 CloudWatch 指标,请选择仅使用 ASCII 字符的名称。
-
(可选)转到 Step Functions 上新创建的状态机控制面板,然后选择新执行。
-
执行完成后,您可以在 Visual workflow (可视工作流) 上选择状态,并浏览 Step details (步骤详细信息) 下的 Input (输入) 和 Output (输出)。
示例状态机代码
此示例项目中的状态机通过创建 Amazon EKS 集群和节点组与 Amazon EKS 集成,并使用 SNS 主题返回结果。
浏览此示例状态机,了解 Step Functions 如何管理 Amazon EKS 群集和节点组。
有关 Amazon Step Functions 如何控制其他 Amazon 服务的更多信息,请参阅将 Amazon Step Functions 与其他服务一起使用。
{
"Comment": "An example of the Amazon States Language for running Amazon EKS Cluster",
"StartAt": "Create an EKS cluster",
"States": {
"Create an EKS cluster": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:createCluster.sync",
"Parameters": {
"Name": "ExampleCluster",
"ResourcesVpcConfig": {
"SubnetIds": [
"subnet-0aacf887d9f00e6a7",
"subnet-0e5fc41e7507194ab"
]
},
"RoleArn": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE"
},
"Retry": [{
"ErrorEquals": [ "States.ALL" ],
"IntervalSeconds": 30,
"MaxAttempts": 2,
"BackoffRate": 2
}],
"ResultPath": "$.eks",
"Next": "Create a node group"
},
"Create a node group": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:createNodegroup.sync",
"Parameters": {
"ClusterName": "ExampleCluster",
"NodegroupName": "ExampleNodegroup",
"NodeRole": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterMan-NodeInstanceRole-ANPAJ2UCCR6DPCEXAMPLE",
"Subnets": [
"subnet-0aacf887d9f00e6a7",
"subnet-0e5fc41e7507194ab"]
},
"Retry": [{
"ErrorEquals": [ "States.ALL" ],
"IntervalSeconds": 30,
"MaxAttempts": 2,
"BackoffRate": 2
}],
"ResultPath": "$.nodegroup",
"Next": "Run a job on EKS"
},
"Run a job on EKS": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:runJob.sync",
"Parameters": {
"ClusterName": "ExampleCluster",
"CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data",
"Endpoint.$": "$.eks.Cluster.Endpoint",
"LogOptions": {
"RetrieveLogs": true
},
"Job": {
"apiVersion": "batch/v1",
"kind": "Job",
"metadata": {
"name": "example-job"
},
"spec": {
"backoffLimit": 0,
"template": {
"metadata": {
"name": "example-job"
},
"spec": {
"containers": [
{
"name": "pi-20",
"image": "perl",
"command": [
"perl"
],
"args": [
"-Mbignum=bpi",
"-wle",
"print '{ ' . '\"pi\": '. bpi(20) . ' }';"
]
}
],
"restartPolicy": "Never"
}
}
}
}
},
"ResultSelector": {
"status.$": "$.status",
"logs.$": "$.logs..pi"
},
"ResultPath": "$.RunJobResult",
"Next": "Examine output"
},
"Examine output": {
"Type": "Choice",
"Choices": [
{
"And": [
{
"Variable": "$.RunJobResult.logs[0]",
"NumericGreaterThan": 3.141
},
{
"Variable": "$.RunJobResult.logs[0]",
"NumericLessThan": 3.142
}
],
"Next": "Send expected result"
}
],
"Default": "Send unexpected result"
},
"Send expected result": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE",
"Message": {
"Input.$": "States.Format('Saw expected value for pi: {}', $.RunJobResult.logs[0])"
}
},
"ResultPath": "$.SNSResult",
"Next": "Delete job"
},
"Send unexpected result": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE",
"Message": {
"Input.$": "States.Format('Saw unexpected value for pi: {}', $.RunJobResult.logs[0])"
}
},
"ResultPath": "$.SNSResult",
"Next": "Delete job"
},
"Delete job": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:call",
"Parameters": {
"ClusterName": "ExampleCluster",
"CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data",
"Endpoint.$": "$.eks.Cluster.Endpoint",
"Method": "DELETE",
"Path": "/apis/batch/v1/namespaces/default/jobs/example-job"
},
"ResultSelector": {
"status.$": "$.ResponseBody.status"
},
"ResultPath": "$.DeleteJobResult",
"Next": "Delete node group"
},
"Delete node group": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:deleteNodegroup.sync",
"Parameters": {
"ClusterName": "ExampleCluster",
"NodegroupName": "ExampleNodegroup"
},
"Next": "Delete cluster"
},
"Delete cluster": {
"Type": "Task",
"Resource": "arn:aws:states:::eks:deleteCluster.sync",
"Parameters": {
"Name": "ExampleCluster"
},
"End": true
}
}
}有关在将 Step Functions 与其他Amazon服务,请参阅集成服务的 IAM 策略。
IAM 示例
这些示例Amazon Identity and Access Management(IAM) 策略包括执行状态机和相关资源所需的最小权限。我们建议在 IAM 策略中仅包含这些必需的权限。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:CreateCluster"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:DeleteCluster"
],
"Resource": "arn:aws:eks:sa-east-1:111122223333:cluster/*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "eks.amazonaws.com"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE"
]
}
]
}有关在将 Step Functions 与其他Amazon服务,请参阅集成服务的 IAM 策略。