管理 Amazon EKS 群集 - Amazon Step Functions
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

管理 Amazon EKS 群集

此示例项目演示如何使用 Step Functions 和 Amazon Elastic Kubernetes Service 创建具有节点组的 Amazon EKS 集群,在 Amazon EKS 上运行作业,然后检查输出。完成后,它将删除节点组和 Amazon EKS 集群。此示例项目创建以下内容:

  • Amazon Elastic Kubernetes Service 集群

  • SNS 主题

  • 相关Amazon Identity and Access Management(IAM) 角色

有关 Step Functions 和 Step Functions 服务集成的更多信息,请参阅以下内容:

注意

此示例项目可能会产生费用。

为新 Amazon 用户提供了免费使用套餐。在此套餐中,低于某种使用水平的服务是免费的。有关 的更多信息Amazon成本和免费套餐,请参阅Amazon EKS 定价

创建状态机并预置资源

  1. 打开Step Functions 控制台,然后选择创建状态机

  2. 选择运行示例项目,然后选择管理 Amazon EKS 群集

    此时将显示状态机 Code (代码)Visual Workflow (可视工作流程)

    
            训练模型工作流程。
  3. 选择 Next

    此时将显示 Deploy resources (部署资源) 页面,其中列出了将创建的资源。对于本示例项目,资源包括:

    • 状态机

    • Amazon EKS 群集

    • SNS 主题

    • 相关 IAM 角色

  4. 选择 Deploy Resources (部署资源)

    注意

    创建这些资源和相关 IAM 权限可能需要长达 25 分钟的时间。当显示 Deploy resources (部署资源) 页面时,您可打开 Stack ID (堆栈 ID) 链接以查看正在预置的资源。

启动新的执行

  1. 打开Step Functions 控制台

  2. 在存储库的状态机页面上,选择EKS 群集管理站点状态机,然后选择开始执行

  3. New execution 页面上,输入执行名称 (可选),然后选择 Start Execution (开始执行)

  4. (可选)为了帮助识别您的执行,您可以在输入执行名称。如果未输入 ID,Step Functions 将自动生成一个唯一 ID。

    注意

    Step Functions 允许您创建包含非 ASCII 字符的状态机、执行和活动名称。这些非 ASCII 名称不适用 Amazon CloudWatch。要确保您可以跟踪 CloudWatch 指标,请选择仅使用 ASCII 字符的名称。

  5. (可选)转到 Step Functions 上新创建的状态机控制面板,然后选择新执行

  6. 执行完成后,您可以在 Visual workflow (可视工作流) 上选择状态,并浏览 Step details (步骤详细信息) 下的 Input (输入)Output (输出)

示例状态机代码

此示例项目中的状态机通过创建 Amazon EKS 集群和节点组与 Amazon EKS 集成,并使用 SNS 主题返回结果。

浏览此示例状态机,了解 Step Functions 如何管理 Amazon EKS 群集和节点组。

有关 Amazon Step Functions 如何控制其他 Amazon 服务的更多信息,请参阅将 Amazon Step Functions 与其他服务一起使用

{ "Comment": "An example of the Amazon States Language for running Amazon EKS Cluster", "StartAt": "Create an EKS cluster", "States": { "Create an EKS cluster": { "Type": "Task", "Resource": "arn:aws:states:::eks:createCluster.sync", "Parameters": { "Name": "ExampleCluster", "ResourcesVpcConfig": { "SubnetIds": [ "subnet-0aacf887d9f00e6a7", "subnet-0e5fc41e7507194ab" ] }, "RoleArn": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE" }, "Retry": [{ "ErrorEquals": [ "States.ALL" ], "IntervalSeconds": 30, "MaxAttempts": 2, "BackoffRate": 2 }], "ResultPath": "$.eks", "Next": "Create a node group" }, "Create a node group": { "Type": "Task", "Resource": "arn:aws:states:::eks:createNodegroup.sync", "Parameters": { "ClusterName": "ExampleCluster", "NodegroupName": "ExampleNodegroup", "NodeRole": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterMan-NodeInstanceRole-ANPAJ2UCCR6DPCEXAMPLE", "Subnets": [ "subnet-0aacf887d9f00e6a7", "subnet-0e5fc41e7507194ab"] }, "Retry": [{ "ErrorEquals": [ "States.ALL" ], "IntervalSeconds": 30, "MaxAttempts": 2, "BackoffRate": 2 }], "ResultPath": "$.nodegroup", "Next": "Run a job on EKS" }, "Run a job on EKS": { "Type": "Task", "Resource": "arn:aws:states:::eks:runJob.sync", "Parameters": { "ClusterName": "ExampleCluster", "CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data", "Endpoint.$": "$.eks.Cluster.Endpoint", "LogOptions": { "RetrieveLogs": true }, "Job": { "apiVersion": "batch/v1", "kind": "Job", "metadata": { "name": "example-job" }, "spec": { "backoffLimit": 0, "template": { "metadata": { "name": "example-job" }, "spec": { "containers": [ { "name": "pi-20", "image": "perl", "command": [ "perl" ], "args": [ "-Mbignum=bpi", "-wle", "print '{ ' . '\"pi\": '. bpi(20) . ' }';" ] } ], "restartPolicy": "Never" } } } } }, "ResultSelector": { "status.$": "$.status", "logs.$": "$.logs..pi" }, "ResultPath": "$.RunJobResult", "Next": "Examine output" }, "Examine output": { "Type": "Choice", "Choices": [ { "And": [ { "Variable": "$.RunJobResult.logs[0]", "NumericGreaterThan": 3.141 }, { "Variable": "$.RunJobResult.logs[0]", "NumericLessThan": 3.142 } ], "Next": "Send expected result" } ], "Default": "Send unexpected result" }, "Send expected result": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE", "Message": { "Input.$": "States.Format('Saw expected value for pi: {}', $.RunJobResult.logs[0])" } }, "ResultPath": "$.SNSResult", "Next": "Delete job" }, "Send unexpected result": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE", "Message": { "Input.$": "States.Format('Saw unexpected value for pi: {}', $.RunJobResult.logs[0])" } }, "ResultPath": "$.SNSResult", "Next": "Delete job" }, "Delete job": { "Type": "Task", "Resource": "arn:aws:states:::eks:call", "Parameters": { "ClusterName": "ExampleCluster", "CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data", "Endpoint.$": "$.eks.Cluster.Endpoint", "Method": "DELETE", "Path": "/apis/batch/v1/namespaces/default/jobs/example-job" }, "ResultSelector": { "status.$": "$.ResponseBody.status" }, "ResultPath": "$.DeleteJobResult", "Next": "Delete node group" }, "Delete node group": { "Type": "Task", "Resource": "arn:aws:states:::eks:deleteNodegroup.sync", "Parameters": { "ClusterName": "ExampleCluster", "NodegroupName": "ExampleNodegroup" }, "Next": "Delete cluster" }, "Delete cluster": { "Type": "Task", "Resource": "arn:aws:states:::eks:deleteCluster.sync", "Parameters": { "Name": "ExampleCluster" }, "End": true } } }

有关在将 Step Functions 与其他Amazon服务,请参阅集成服务的 IAM 策略

IAM 示例

这些示例Amazon Identity and Access Management(IAM) 策略包括执行状态机和相关资源所需的最小权限。我们建议在 IAM 策略中仅包含这些必需的权限。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "eks:CreateCluster" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "eks:DescribeCluster", "eks:DeleteCluster" ], "Resource": "arn:aws:eks:sa-east-1:111122223333:cluster/*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE" ], "Condition": { "StringEquals": { "iam:PassedToService": "eks.amazonaws.com" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE" ] } ] }

有关在将 Step Functions 与其他Amazon服务,请参阅集成服务的 IAM 策略