jialechan · October 17, 2020 07:37
diff --git a/cdk_eks_add_node_group.ts b/cdk_eks_add_node_group.ts
 const userData = ec2.UserData.forLinux();
 userData.addCommands(
  'set -o xtrace',
  `/etc/eks/bootstrap.sh ${cluster.clusterName} --kubelet-extra-args "--node-labels lifecycle=OnDemand --node-labels normal=true" --docker-config-json '{"bridge":"none","log-driver":"json-file","log-opts":{"max-size":"100m","max-file":"10"},"live-restore":true,"max-concurrent-downloads":10}'`,
  'sudo mkfs -t ext4 /dev/nvme1n1',
  'sudo mkdir -p /data/log',
  'sudo mount /dev/nvme1n1 /data/log',
  `echo -ne "
  * soft     nproc          800000    
  * hard     nproc          800000   
  * soft     nofile         800000   
  * hard     nofile         800000
  root soft     nproc          800000    
  root hard     nproc          800000   
  root soft     nofile         800000   
  root hard     nofile         800000
  " >>/etc/security/limits.conf`
 );

 const launchTemplte = new ec2.CfnLaunchTemplate(scope, 'standard-workers-launch-template', {
  launchTemplateData: {
    imageId: new eks.EksOptimizedImage().getImage(scope).imageId,
    instanceType: ec2.InstanceType.of(vskitEnv.standardInstanceClass, vskitEnv.standardInstanceSize).toString(),
    keyName: vskitEnv.keyName,
    blockDeviceMappings: [
      {
        deviceName: "/dev/xvda",
        ebs: { deleteOnTermination: true, volumeSize: 50 }
      }, {
        deviceName: "/dev/xvdb",
        ebs: { deleteOnTermination: true, volumeSize: vskitEnv.videoProcessDataVolumeSize }
      }
    ],
    userData: cdk.Fn.base64(userData.render()),
  }
 });

 const ng = cluster.addNodegroupCapacity('standard-workers', {
  nodegroupName: 'standard-workers',
  subnets: vskitEnv.vpcSubnets,
  minSize: vskitEnv.standardMinCapacity,
  maxSize: vskitEnv.standardMaxCapacity,
  labels: { normal: 'true' },
  tags: {
    SourceType: 'standard-workers'
  },
  launchTemplateSpec: {
    id: launchTemplte.ref,
    version: launchTemplte.attrDefaultVersionNumber
  }
 });

 // 设置可以写入x-ray权限
 ng.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSXRayDaemonWriteAccess'));
 // 设置cloudwatch agent权限
 ng.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('CloudWatchAgentAdminPolicy'));
	const userData = ec2.UserData.forLinux();
	userData.addCommands(
	'set -o xtrace',
	`/etc/eks/bootstrap.sh ${cluster.clusterName} --kubelet-extra-args "--node-labels lifecycle=OnDemand --node-labels normal=true" --docker-config-json '{"bridge":"none","log-driver":"json-file","log-opts":{"max-size":"100m","max-file":"10"},"live-restore":true,"max-concurrent-downloads":10}'`,
	'sudo mkfs -t ext4 /dev/nvme1n1',
	'sudo mkdir -p /data/log',
	'sudo mount /dev/nvme1n1 /data/log',
	`echo -ne "
	* soft nproc 800000
	* hard nproc 800000
	* soft nofile 800000
	* hard nofile 800000
	root soft nproc 800000
	root hard nproc 800000
	root soft nofile 800000
	root hard nofile 800000
	" >>/etc/security/limits.conf`
	);

	const launchTemplte = new ec2.CfnLaunchTemplate(scope, 'standard-workers-launch-template', {
	launchTemplateData: {
	imageId: new eks.EksOptimizedImage().getImage(scope).imageId,
	instanceType: ec2.InstanceType.of(vskitEnv.standardInstanceClass, vskitEnv.standardInstanceSize).toString(),
	keyName: vskitEnv.keyName,
	blockDeviceMappings: [
	{
	deviceName: "/dev/xvda",
	ebs: { deleteOnTermination: true, volumeSize: 50 }
	}, {
	deviceName: "/dev/xvdb",
	ebs: { deleteOnTermination: true, volumeSize: vskitEnv.videoProcessDataVolumeSize }
	}
	],
	userData: cdk.Fn.base64(userData.render()),
	}
	});

	const ng = cluster.addNodegroupCapacity('standard-workers', {
	nodegroupName: 'standard-workers',
	subnets: vskitEnv.vpcSubnets,
	minSize: vskitEnv.standardMinCapacity,
	maxSize: vskitEnv.standardMaxCapacity,
	labels: { normal: 'true' },
	tags: {
	SourceType: 'standard-workers'
	},
	launchTemplateSpec: {
	id: launchTemplte.ref,
	version: launchTemplte.attrDefaultVersionNumber
	}
	});

	// 设置可以写入x-ray权限
	ng.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSXRayDaemonWriteAccess'));
	// 设置cloudwatch agent权限
	ng.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('CloudWatchAgentAdminPolicy'));