eksctl
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chineseeksctl Skill
eksctl 技能
This skill enables AWS EKS cluster management using the eksctl CLI tool.
本技能支持使用eksctl CLI工具管理AWS EKS集群。
Environment
环境信息
- Region:
us-east-1 - AWS Account: 830101142436
- eksctl Version: 0.221.0
- 区域:
us-east-1 - AWS账户: 830101142436
- eksctl版本: 0.221.0
Current Cluster
当前集群
| Cluster | Region | Kubernetes Version |
|---|---|---|
| us-east-1 | 1.34 |
| 集群名称 | 区域 | Kubernetes版本 |
|---|---|---|
| us-east-1 | 1.34 |
eksctl vs kubectl
eksctl 与 kubectl 对比
| Tool | Purpose |
|---|---|
| Cluster infrastructure management (create/delete clusters, nodegroups, addons) |
| Workload management (pods, deployments, services) |
Use eksctl for cluster-level operations; use kubectl for application-level operations.
| 工具 | 用途 |
|---|---|
| 集群基础设施管理(创建/删除集群、节点组、插件) |
| 工作负载管理(Pod、Deployment、Service) |
使用eksctl进行集群级操作;使用kubectl进行应用级操作。
Common Operations
常见操作
Cluster Management
集群管理
bash
undefinedbash
undefinedList clusters
List clusters
eksctl get cluster --region us-east-1
eksctl get cluster --region us-east-1
Get cluster info
Get cluster info
eksctl get cluster --name production --region us-east-1
eksctl get cluster --name production --region us-east-1
Update kubeconfig
Update kubeconfig
eksctl utils write-kubeconfig --cluster production --region us-east-1
eksctl utils write-kubeconfig --cluster production --region us-east-1
Describe cluster stacks
Describe cluster stacks
eksctl utils describe-stacks --cluster production --region us-east-1
undefinedeksctl utils describe-stacks --cluster production --region us-east-1
undefinedNodegroup Operations
节点组操作
bash
undefinedbash
undefinedList nodegroups
List nodegroups
eksctl get nodegroup --cluster production --region us-east-1
eksctl get nodegroup --cluster production --region us-east-1
Create nodegroup
Create nodegroup
eksctl create nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--node-type t3.medium
--nodes 2
--nodes-min 1
--nodes-max 4
--cluster production
--region us-east-1
--name <nodegroup-name>
--node-type t3.medium
--nodes 2
--nodes-min 1
--nodes-max 4
eksctl create nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--node-type t3.medium
--nodes 2
--nodes-min 1
--nodes-max 4
--cluster production
--region us-east-1
--name <nodegroup-name>
--node-type t3.medium
--nodes 2
--nodes-min 1
--nodes-max 4
Scale nodegroup
Scale nodegroup
eksctl scale nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--nodes 3
--cluster production
--region us-east-1
--name <nodegroup-name>
--nodes 3
eksctl scale nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--nodes 3
--cluster production
--region us-east-1
--name <nodegroup-name>
--nodes 3
Delete nodegroup
Delete nodegroup
eksctl delete nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--cluster production
--region us-east-1
--name <nodegroup-name>
eksctl delete nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--cluster production
--region us-east-1
--name <nodegroup-name>
Drain nodegroup (for upgrades)
Drain nodegroup (for upgrades)
eksctl drain nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--cluster production
--region us-east-1
--name <nodegroup-name>
undefinedeksctl drain nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--cluster production
--region us-east-1
--name <nodegroup-name>
undefinedAddon Management
插件管理
bash
undefinedbash
undefinedList addons
List addons
eksctl get addon --cluster production --region us-east-1
eksctl get addon --cluster production --region us-east-1
Get addon details
Get addon details
eksctl get addon --cluster production --region us-east-1 --name <addon-name>
eksctl get addon --cluster production --region us-east-1 --name <addon-name>
Create addon
Create addon
eksctl create addon
--cluster production
--region us-east-1
--name <addon-name>
--version <version>
--cluster production
--region us-east-1
--name <addon-name>
--version <version>
eksctl create addon
--cluster production
--region us-east-1
--name <addon-name>
--version <version>
--cluster production
--region us-east-1
--name <addon-name>
--version <version>
Update addon
Update addon
eksctl update addon
--cluster production
--region us-east-1
--name <addon-name>
--version <new-version>
--cluster production
--region us-east-1
--name <addon-name>
--version <new-version>
eksctl update addon
--cluster production
--region us-east-1
--name <addon-name>
--version <new-version>
--cluster production
--region us-east-1
--name <addon-name>
--version <new-version>
Delete addon
Delete addon
eksctl delete addon
--cluster production
--region us-east-1
--name <addon-name>
--cluster production
--region us-east-1
--name <addon-name>
undefinedeksctl delete addon
--cluster production
--region us-east-1
--name <addon-name>
--cluster production
--region us-east-1
--name <addon-name>
undefinedCurrent Addons (production cluster)
当前插件(production集群)
| Addon | Version | Status |
|---|---|---|
| adot | v0.141.0-eksbuild.1 | ACTIVE |
| amazon-cloudwatch-observability | v4.8.0-eksbuild.1 | ACTIVE |
| aws-efs-csi-driver | v2.1.15-eksbuild.1 | ACTIVE |
| aws-network-flow-monitoring-agent | v1.1.1-eksbuild.1 | ACTIVE |
| cert-manager | v1.19.2-eksbuild.1 | ACTIVE |
| eks-pod-identity-agent | v1.3.10-eksbuild.2 | ACTIVE |
| metrics-server | v0.8.0-eksbuild.6 | ACTIVE |
| 插件名称 | 版本 | 状态 |
|---|---|---|
| adot | v0.141.0-eksbuild.1 | ACTIVE |
| amazon-cloudwatch-observability | v4.8.0-eksbuild.1 | ACTIVE |
| aws-efs-csi-driver | v2.1.15-eksbuild.1 | ACTIVE |
| aws-network-flow-monitoring-agent | v1.1.1-eksbuild.1 | ACTIVE |
| cert-manager | v1.19.2-eksbuild.1 | ACTIVE |
| eks-pod-identity-agent | v1.3.10-eksbuild.2 | ACTIVE |
| metrics-server | v0.8.0-eksbuild.6 | ACTIVE |
IAM & OIDC
IAM 与 OIDC
bash
undefinedbash
undefinedAssociate OIDC provider
Associate OIDC provider
eksctl utils associate-iam-oidc-provider
--cluster production
--region us-east-1
--approve
--cluster production
--region us-east-1
--approve
eksctl utils associate-iam-oidc-provider
--cluster production
--region us-east-1
--approve
--cluster production
--region us-east-1
--approve
Create IAM service account
Create IAM service account
eksctl create iamserviceaccount
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--attach-policy-arn <policy-arn>
--approve
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--attach-policy-arn <policy-arn>
--approve
eksctl create iamserviceaccount
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--attach-policy-arn <policy-arn>
--approve
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--attach-policy-arn <policy-arn>
--approve
List IAM service accounts
List IAM service accounts
eksctl get iamserviceaccount --cluster production --region us-east-1
eksctl get iamserviceaccount --cluster production --region us-east-1
Delete IAM service account
Delete IAM service account
eksctl delete iamserviceaccount
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
undefinedeksctl delete iamserviceaccount
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
--cluster production
--region us-east-1
--namespace <namespace>
--name <sa-name>
undefinedPod Identity Associations
Pod身份关联
bash
undefinedbash
undefinedCreate pod identity association
Create pod identity association
eksctl create podidentityassociation
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--role-arn <role-arn>
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--role-arn <role-arn>
eksctl create podidentityassociation
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--role-arn <role-arn>
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--role-arn <role-arn>
List pod identity associations
List pod identity associations
eksctl get podidentityassociation --cluster production --region us-east-1
eksctl get podidentityassociation --cluster production --region us-east-1
Delete pod identity association
Delete pod identity association
eksctl delete podidentityassociation
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
undefinedeksctl delete podidentityassociation
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
--cluster production
--region us-east-1
--namespace <namespace>
--service-account-name <sa-name>
undefinedCluster Upgrades
集群升级
bash
undefinedbash
undefinedCheck available upgrades
Check available upgrades
eksctl upgrade cluster
--cluster production
--region us-east-1
--dry-run
--cluster production
--region us-east-1
--dry-run
eksctl upgrade cluster
--cluster production
--region us-east-1
--dry-run
--cluster production
--region us-east-1
--dry-run
Upgrade control plane
Upgrade control plane
eksctl upgrade cluster
--cluster production
--region us-east-1
--version <new-version>
--approve
--cluster production
--region us-east-1
--version <new-version>
--approve
eksctl upgrade cluster
--cluster production
--region us-east-1
--version <new-version>
--approve
--cluster production
--region us-east-1
--version <new-version>
--approve
Upgrade nodegroup
Upgrade nodegroup
eksctl upgrade nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--kubernetes-version <new-version>
--cluster production
--region us-east-1
--name <nodegroup-name>
--kubernetes-version <new-version>
undefinedeksctl upgrade nodegroup
--cluster production
--region us-east-1
--name <nodegroup-name>
--kubernetes-version <new-version>
--cluster production
--region us-east-1
--name <nodegroup-name>
--kubernetes-version <new-version>
undefinedAccess Management
访问管理
bash
undefinedbash
undefinedGet access entries
Get access entries
eksctl get accessentry --cluster production --region us-east-1
eksctl get accessentry --cluster production --region us-east-1
Create access entry
Create access entry
eksctl create accessentry
--cluster production
--region us-east-1
--principal-arn <arn>
--cluster production
--region us-east-1
--principal-arn <arn>
eksctl create accessentry
--cluster production
--region us-east-1
--principal-arn <arn>
--cluster production
--region us-east-1
--principal-arn <arn>
Delete access entry
Delete access entry
eksctl delete accessentry
--cluster production
--region us-east-1
--principal-arn <arn>
--cluster production
--region us-east-1
--principal-arn <arn>
undefinedeksctl delete accessentry
--cluster production
--region us-east-1
--principal-arn <arn>
--cluster production
--region us-east-1
--principal-arn <arn>
undefinedFargate Profiles
Fargate 配置文件
bash
undefinedbash
undefinedList Fargate profiles
List Fargate profiles
eksctl get fargateprofile --cluster production --region us-east-1
eksctl get fargateprofile --cluster production --region us-east-1
Create Fargate profile
Create Fargate profile
eksctl create fargateprofile
--cluster production
--region us-east-1
--name <profile-name>
--namespace <namespace>
--cluster production
--region us-east-1
--name <profile-name>
--namespace <namespace>
eksctl create fargateprofile
--cluster production
--region us-east-1
--name <profile-name>
--namespace <namespace>
--cluster production
--region us-east-1
--name <profile-name>
--namespace <namespace>
Delete Fargate profile
Delete Fargate profile
eksctl delete fargateprofile
--cluster production
--region us-east-1
--name <profile-name>
--cluster production
--region us-east-1
--name <profile-name>
undefinedeksctl delete fargateprofile
--cluster production
--region us-east-1
--name <profile-name>
--cluster production
--region us-east-1
--name <profile-name>
undefinedCluster Creation (Reference)
集群创建(参考)
For creating new clusters (typically done via Terraform in this project):
bash
undefined创建新集群(本项目通常通过Terraform完成):
bash
undefinedCreate cluster with config file
Create cluster with config file
eksctl create cluster -f cluster-config.yaml
eksctl create cluster -f cluster-config.yaml
Create cluster with CLI options
Create cluster with CLI options
eksctl create cluster
--name <cluster-name>
--region us-east-1
--version 1.34
--nodegroup-name <ng-name>
--node-type t3.medium
--nodes 2
--managed
--name <cluster-name>
--region us-east-1
--version 1.34
--nodegroup-name <ng-name>
--node-type t3.medium
--nodes 2
--managed
undefinedeksctl create cluster
--name <cluster-name>
--region us-east-1
--version 1.34
--nodegroup-name <ng-name>
--node-type t3.medium
--nodes 2
--managed
--name <cluster-name>
--region us-east-1
--version 1.34
--nodegroup-name <ng-name>
--node-type t3.medium
--nodes 2
--managed
undefinedOutput Formatting
输出格式
bash
undefinedbash
undefinedJSON output
JSON output
eksctl get cluster --region us-east-1 -o json
eksctl get cluster --region us-east-1 -o json
YAML output
YAML output
eksctl get cluster --region us-east-1 -o yaml
undefinedeksctl get cluster --region us-east-1 -o yaml
undefinedTroubleshooting
故障排查
Check CloudFormation Stacks
检查CloudFormation堆栈
eksctl uses CloudFormation under the hood:
bash
undefinedeksctl底层使用CloudFormation:
bash
undefinedDescribe stacks
Describe stacks
eksctl utils describe-stacks --cluster production --region us-east-1
eksctl utils describe-stacks --cluster production --region us-east-1
Check for stack issues
Check for stack issues
aws cloudformation describe-stack-events
--stack-name eksctl-production-cluster
--region us-east-1
--stack-name eksctl-production-cluster
--region us-east-1
undefinedaws cloudformation describe-stack-events
--stack-name eksctl-production-cluster
--region us-east-1
--stack-name eksctl-production-cluster
--region us-east-1
undefinedCommon Issues
常见问题
| Issue | Cause | Solution |
|---|---|---|
| Nodegroups managed by Karpenter | Use |
| Resource being modified | Wait and retry |
| Missing IAM permissions | Check IAM roles |
| 问题 | 原因 | 解决方案 |
|---|---|---|
| 节点组由Karpenter管理 | 改用 |
| 资源正在被修改 | 等待后重试 |
| 缺少IAM权限 | 检查IAM角色 |
Integration Notes
集成说明
- Karpenter: This cluster uses Karpenter for node provisioning instead of managed nodegroups
- kubectl: Use kubectl skill for workload operations (k1 for production, k2 for staging)
- ArgoCD/Kargo: Use GitOps skills for application deployments
- AWS CLI: Use aws-cli skill for other AWS resource management
- Karpenter: 本集群使用Karpenter进行节点配置,而非托管节点组
- kubectl: 工作负载操作请使用kubectl技能(k1对应生产环境,k2对应预发布环境)
- ArgoCD/Kargo: 应用部署请使用GitOps技能
- AWS CLI: 其他AWS资源管理请使用aws-cli技能