Slide 1

Slide 1 text

Ansible container In The Kubernetes Presented by @nnao45 Cyber Agent, Inc.

Slide 2

Slide 2 text

ࣗݾ঺հ MY NAME IS NNAO45 ˏnnao45 ✓ 26ࡀ(ฏ੒3೥ੜ·Ε) ✓ ࠓ͸ओʹΫϥ΢υ԰ ✓ \“͑͵ͳ͓\”ͱݺͼ·͢ɻ ✓ ςχεྺ10೥ ✓ ITྺ4೥໨ ✓ Go࠷ߴ!!zsh࠷ߴ!! ✓cndjpษڧձӡӦ ✓גࣜձࣾαΠόʔΤʔδΣϯτॴଐ ✓ ݩISPͷNW͕ϝΠϯ

Slide 3

Slide 3 text

What is Kubernetes? ͳΜ͔࠷͍ۙ͢͝όζͬͯΔ΍ͭɻ ίϯςφ؅ཧʹඞཁͳϚΠΫϩαʔϏε܈ͬͯײ͡ɻ https://www2.wwt.com/all-blog/kubernetes-101/kubernetes-101-3/

Slide 4

Slide 4 text

What is Kubernetes? INTRODUCTION OF START UP THE K8S MONITORING. ཁ͸ɺίϯςφʔͷΦʔέετϨʔλʔɻ ·ͨͦΕΛୡ੒͢ΔͨΊͷϚΠΫϩαʔϏε܈ɻ http://dondocker.com/guardar-nuestras-imagenes-docker/

Slide 5

Slide 5 text

What is Ansible Container AnsibleΛ༻͍ͯɺ೚ҙͷσϓϩΠ ઌʹAnsibleϩʔϧ౳Λద༻͞Εͨ ίϯςφ͕σϓϩΠ͞ΕΔɻ ඪ४Ͱ͸Dockerίϯςφ΁ͷσϓ ϩΠ͕ͩɺࢦఆʹΑͬͯ kubernetes΍openshiftʹग़དྷ· ͢ɻ ࠓ͸version 0.9.2ϦϦʔε ansible/ansible-container

Slide 6

Slide 6 text

What is Ansible Container Πϯετʔϧ sudo pip install ansible-container[docker,k8s] ansible/ansible-container

Slide 7

Slide 7 text

ࠓ೔͸Ͳ͔ͬͪͱ͍͏ͱɺ ansible containerΛ΍ͬ ͯΈͨతͳLTͰ͢

Slide 8

Slide 8 text

Getting Startted Ansible Container Initilize the Ansible container ~/myproject # ansible-container init Ansible Container initialized. ~/myproject # ls ansible-requirements.txt…࣮ߦ͢ΔansibleͷϞδϡʔϧࢦఆ ansible.cfg…΄ͱΜͲ࢖Θͳ͍ container.yml…ຊମ meta.yml…Ansible Garaxyʹొ࿥͢Δͱ͖ʹඞཁ requirements.yml…conainter.ymlͰRoleϞδϡʔϧΛ࢖͏࣌ʹඞཁ

Slide 9

Slide 9 text

ʁ

Slide 10

Slide 10 text

Getting Startted Ansible Container What is container.yaml container.yamlϑΝΠϧ͸σϓϩΠ͢ΔαʔϏεɺ Ϗϧυ࣮ͯ͠ߦ͢Δํ๏ɺͦͯͦ͠ΕΒΛϓογϡ͢ΔϦϙ δτϦͳͲΛهड़͢Δத৺తͳ໾ׂɻ ͱΓ͋͑ͣ͸ɺ͜ͷcontainer.yaml͚ͩॻ͍͓͚ͯ͹͍ͩͨ ͍OKʢͨ·ʹྑ͘ґଘؔ܎ͰŦű͵͔Βͦ͜͸ௐ੔ʣ

Slide 11

Slide 11 text

Getting Startted Ansible Container What is container.yaml project_name: myproject # deployment_output_path: ./ansible-deployment k8s_auth: # path to a K8s config file config_file: # name of a context found within the config file context: # URL for accessing the K8s API host: # An API authentication token api_key: # Path to a ca cert file ssl_ca_cert: # Path to a cert file cert_file: # Path to a key file key_file: # boolean, indicating if SSL certs should be validated #verify_ssl: k8s_namespace: name: description: display_name: services: { ɹ//σϓϩΠ͢ΔઌͷαʔϏεΛॻ͍͓ͯ͘ɻ } registries: { //͜͜ͰCDϥΠϯͰϏϧυޙʹొ࿥͢ΔϨϙδτ ϦΛॻ͍͓ͯ͘ɻ }

Slide 12

Slide 12 text

Getting Startted Ansible Container What is container.yaml project_name: myproject # deployment_output_path: ./ansible-deployment k8s_auth: # path to a K8s config file config_file: # name of a context found within the config file context: # URL for accessing the K8s API host: # An API authentication token api_key: # Path to a ca cert file ssl_ca_cert: # Path to a cert file cert_file: # Path to a key file key_file: # boolean, indicating if SSL certs should be validated #verify_ssl: k8s_namespace: name: description: display_name: services: { ɹ//σϓϩΠ͢ΔઌͷαʔϏεΛॻ͍͓ͯ͘ɻ } registries: { //͜͜ͰCDϥΠϯͰϏϧυޙʹొ࿥͢ΔϨϙδτ ϦΛॻ͍͓ͯ͘ɻ }

Slide 13

Slide 13 text

Getting Startted Ansible Container What is container.yaml services: web: from: "ubuntu:xenial" ports: - "80:80" command: ["/usr/sbin/nginx", "-g", "daemon off;"] roles: - “apache-container" wordpress-db: from: "mysql:latest" expose: [3306] environment: MYSQL_MAJOR: 5.7 MYSQL_VERSION: 5.7.18-1debian8 MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: foobar MYSQL_ROOT_PASSWORD: foobar services ωετͨ͠1൪໨ͷkey͕group໊ʹͳΓ·͢ɻ from ͲͷίϯςφΛϕʔεʹ͢Δ͔Λࢦఆ͠·͢ɻv0.4.0ͷࠒ͸imageͰ͕ͨ͠ɺ௚ײత ʹ෼͔Δkey໊ʹͳΓ·ͨ͠Ͷɻ ports ֎෦͔Βࢀরͤ͞ΔͨΊͷϙʔτΛࢦఆ͠·͢ɻ಺֎Ͱಉ͡ϙʔτΛ࢖͏৔߹Ͱ΋ɺ ෼͔Γ΍͘͢"80:80"ͷΑ͏ʹॻ͍͓ͯ͘ͱྑ͍͔ͱࢥ͍·͢ɻ command ίϯςφىಈ࣌ͷίϚϯυΛࢦఆ͠·͢ɻσϞͰ͸ɺNginx͸"/etc/init.d/nginx start" ͸όοΫάϥ΢ϯυͰͷ࣮ߦʹͳͬͯ͠·͍ίϯςφ͕͙͢མͪͯ͠·͏ͷͰɺϑΥ Ξάϥ΢ϯυͰ࣮ߦ͞ΕΔΑ͏ʹ"-g daemon off;"ΛҾ਺ʹ͢ΔΑ͏ʹࢦఆ͍ͯ͠· ͢ɻ roles ίϯςφʹର࣮ͯ͠ߦ͢ΔRoleΛࢦఆ͠·͢ɻRoleΛAnsible GalaxyΑΓऔಘ͢Δ ৔߹͸requirements.ymlʹ΋هࡌ͢Δඞཁ͕͋Γ·͢ɻ dev_overrides ansible-container runͷ৔߹ʹͷΈద༻͞Εɺbuild, deploy࣮ߦ࣌͸ແࢹ͞Ε·͢ɻ ϩʔΧϧ΍։ൃ؀ڥͰͷΈࢼ͢͜ͱ͕͋Δ৔߹ʹ༗༻Ͱ͢ɻྫ͑͹ɺ։ൃ؀ڥͷΈϙʔ τΛม͑ͯΈΔɺͱ͔ɺίϯϑΟά͕feature flagsͷΑ͏ͳ࡞Γʹͳ͍ͬͯΔ࣌ʹ։ൃ Λࣔ͢؀ڥม਺Λ༩͑Δɺͱ͍͏͜ͱ͕ՄೳͰ͢ɻσϞͰ͸هࡌ͋Γ·ͤΜ͕ɺॏཁ ͳύϥϝʔλͷͨΊ঺հ͠·ͨ͠ɻ https://qiita.com/komattaka/items/698f47358bb945ec125e

Slide 14

Slide 14 text

Getting Startted Ansible Container container.yaml in kubernetes config example Serviceͷઃఆ k8s: service: force: false cluster_ip: 10.0.171.239 load_balancer_ip: 78.11.24.19 type: LoadBalancer metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-ssl- cert: arn:aws:acm:us-east-1:123456789012:certificate/ 12345678-1234-1234-1234-123456789012 Deploymentͷઃఆ k8s: deployment: force: false replicas: 2 security_context: run_as_user: root strategy: type: Rolling rolling_params: timeout_seconds: 120 max_surge: "20%" max_unavailable: "10%" pre: {} post: {} triggers: - type: "ImageChange" image_change_params: automatic: true from: kind: "ImageStreamTag" name: "test-mkii-web:latest" container_names: - “web” And volumes, routes…

Slide 15

Slide 15 text

Getting Startted Ansible Container How it build? > ansible-container build Conductor container Target container image ίϯμΫλʔίϯςφ͕ίϯςφϥϯλΠϜΛհͯ͠ʢଟ෼execͱ ͔ͯ͠ΔΜ͡ΌͶʣansible͕࣮ߦ͢ΔͷͰɺ໨ඪͷίϯςφΛσϓ ϩΠ͢Δͷʹssh΍ೝূΛߟ͑ͯͳͯ͘Α͘ͳΔ(࠷େͷಛ௃͔΋Ͷ) ansible-container build͸ɺ —debug͚࣮ͭͯߦ͢Δͱॲ ཧશମ͕ΈΕͯΦεεϝΑ

Slide 16

Slide 16 text

Getting Startted Ansible Container How conductor container works Conductor container ίϯμΫλʔίϯςφ͸σϑΥϧτͰϕʔ ε͸centos:7͕ͩɺଞͷOSʹม͑Δࣄ͕Ͱ ͖Δɻࣗ࡞ͷίϯςφΠϝʔδͰ΋౰વ OK ansible-requiment.txtΛॻ͖׵͑ΔࣄͰί ϯμΫλʔίϯςφ಺ͷansibleͰ࢖ΘΕΔ ύοέʔδͷόʔδϣϯ΋ม͑ΒΕΔɻ ansible-containerͰ͸σϑΥϧτͰ gather_facts͕༗ޮʹͳ͍ͬͯΔ͕ɺ͜Ε ΋ansible.cfgʹهࡌ͢Ε͹ࢭΊΒΕΔɻ

Slide 17

Slide 17 text

Getting Startted Ansible Container How it build? > ansible-container snipet > ansible-playbook *.yml Target kubernetes service Ansible-container snipetίϚϯυͰansible-playbookͰ࣮ߦՄೳͳܗࣜ ʹdeployment΍roleͳͲΛม׵ͯ͠ɺansible-playbookͰ࣮ߦ͢ΔࣄͰ kubernetes্ʹల։ग़དྷ·͢ɻ

Slide 18

Slide 18 text

Getting Startted Ansible Container For example summary. # Init the project $ ansible-container init # Make Role or Install the jenkins-container role $ ansible-container install awasilyev.jenkins-container # Build the images on the ADB virtual machine $ ansible-container --no-selinux build # Generate the deployment playbook and role $ ansible-container --no-selinux shipit k8s --local-images # Set the working directory to ansible $ cd ansible # Run the playbook $ ansible-playbook shipit-k8s.yml

Slide 19

Slide 19 text

Conclustion ansibleΛ࢖ͬͯίϯςφͷϏϧυʹΑΔίϯςϯπσϦόϦΛ͠ ͍ͨ࣌͸ansible-containerΛ࢖ͬͯΈΑ͏ɻ kubernetesͰίϯςϯπσϦόϦΛkubectlΛհͣ͞ansibleͰ౷߹ ؅ཧͨ࣌͠ʹ༗༻͔΋Ͷɻ Ͱ΋kubernetesͰ࢖͏ʹ͸kubectlͷ൒୺͡Όͳ͍๛෋ͳίϯςϯ πσϦόϦͱൺ΂ΔͱݟྼΓ͢Δ͔΋Ͷʢkubectl drainΈ͍ͨͳ ͷͱ͔ʣ ݸਓతʹ͸͍͖ͳΓશ෦k8sͰ؅ཧ͢ΔΘ͚ʹ΋͍͔ͳ͍͠VMͷ ؅ཧΛansibleͰͭͭ͠ɺϙΠϯτϙΠϯτͰίϯςφ؅ཧ΋ ansible-conanerʹ΋೚ͤͯͬͯײ͡ͳΒʁ υΩϡϝϯτɾɾɾkubernetesʹ΋༏͘͠ॻ͍ͨํ͕ɾɾɾɻ

Slide 20

Slide 20 text

Addition ࠓճ͸EKSΛAnsibleͰཱͯͯΈͨͷͰɺ ͦ͜Β΁Μͷ࿩Λπϥπϥͱ͍ͤͯͩ͘͞͞ ͜Ε͚ͩ͡Όई͕଍Βͳͦ͏ͳͷͰɻ

Slide 21

Slide 21 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 22

Slide 22 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 23

Slide 23 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ - name: "copy" copy: src: ./eks-roles-policy.json dest: /root/eks-roles-policy.json owner: root group: root mode: 0600 register: result - name: "create-role" shell: | aws iam create-role --role-name eks --assume-role-policy-document file://eks-roles-policy.json register: result - name: "attach-role1" shell: | aws iam attach-role-policy --role-name eks --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy register: result - name: "attach-role2" shell: | aws iam attach-role-policy --role-name eks --policy-arn arn:aws:iam::aws:policy/AmazonEKSServicePolicy register: result Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] eks-roles-policy.json

Slide 24

Slide 24 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 25

Slide 25 text

Addition Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ - name: "create eks-demo-vpc deploy" shell: aws cloudformation create-stack --stack-name eks-vpc --region us-east-1 --template-url https://amazon-eks.s3-us- west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-vpc- sample.yaml register: result - debug: var=result.stdout_lines when: result | success tags: - always Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 26

Slide 26 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 27

Slide 27 text

Addition Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ - name: "download" become: yes shell: curl {{ KUBECTL_CLI.URL }} -o {{ GET_URL_TEMP_DIRECTORY }}/ {{ KUBECTL_CLI.FILE_NAME }} - name: "chmod" become: yes shell: chmod +x {{ GET_URL_TEMP_DIRECTORY }}/{{ KUBECTL_CLI.FILE_NAME }} - name: "cp" become: yes shell: cp {{ GET_URL_TEMP_DIRECTORY }}/{{ KUBECTL_CLI.FILE_NAME }} /bin/ {{ KUBECTL_CLI.FILE_NAME }} Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 28

Slide 28 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 29

Slide 29 text

Addition Amazon EKS ΫϥελʔΛ࡞੒͢Δ - name: "regist var1" shell: aws cloudformation describe-stacks --stack-name eks-vpc --query 'Stacks[0].Outputs[?OutputKey==`SubnetIds`] [].OutputValue' --output text register: var1 - name: "regist var2" shell: aws cloudformation describe-stacks --stack-name eks-vpc --query 'Stacks[0].Outputs[? OutputKey==`SecurityGroups`][].OutputValue' --output text register: var2 - name: "regist var3" shell: aws iam get-role --role-name eks --query 'Role.Arn' --output text register: var3 - name: "create cluster" shell: | aws eks create-cluster --name test-cluster --role-arn {{ var3.stdout }} --resources-vpc-config subnetIds={{ var1.stdout }},securityGroupIds={{ var2.stdout }} register: result Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 30

Slide 30 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 31

Slide 31 text

Addition Amazon EKS ͷ kubectl Λઃఆ͢Δ - name: "mkdir" file: path=/root/.kube state=directory owner=root group=root mode=700 - name: "regist var1" shell: aws eks describe-cluster --name test-cluster --query cluster.endpoint register: endpoint - name: "regist var2" shell: aws eks describe-cluster --name test-cluster --query cluster.certificateAuthority.data register: base64 - name: "template" template: src=template/config-test-cluster.j2 dest=/root/.kube/config-test-cluster owner=root group=root mode=0600 Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 32

Slide 32 text

Addition Amazon EKS ͷ kubectl Λઃఆ͢Δ - name: "mkdir" file: path=/root/.kube state=directory owner=root group=root mode=700 - name: "regist var1" shell: aws eks describe-cluster --name test-cluster --query cluster.endpoint register: endpoint - name: "regist var2" shell: aws eks describe-cluster --name test-cluster --query cluster.certificateAuthority.data register: base64 - name: "template" template: src=template/config-test-cluster.j2 dest=/root/.kube/config-test-cluster owner=root group=root mode=0600 Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ apiVersion: v1 clusters: - cluster: server: {{ endpoint.stdout }} certificate-authority-data: {{ base64.stdout }} name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws current-context: aws kind: Config preferences: {} users: - name: aws user: exec: apiVersion: client.authentication.k8s.io/ v1alpha1 command: aws-iam-authenticator args: - "token" - “-i" - "test-cluster" config-test-cluster.j2

Slide 33

Slide 33 text

Addition Amazon EKS αʔϏεϩʔϧΛ࡞੒͢Δ Amazon EKS Ϋϥελʔ VPC Λ࡞੒͢Δ Amazon EKS ͷ kubectl ΛΠϯετʔϧ͠ɺઃఆ͢Δ Amazon EKS ͷ aws-iam-authenticator ΛΠϯετʔϧ͢Δ ࠷৽ͷ AWS CLI Λμ΢ϯϩʔυ͠ɺΠϯετʔϧ͢Δ Amazon EKS ΫϥελʔΛ࡞੒͢Δ Amazon EKS ͷ kubectl Λઃఆ͢Δ Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 34

Slide 34 text

Addition Amazon EKS ϫʔΧʔϊʔυΛىಈͯ͠ઃఆ͢Δ - name: "regist subnet” shell: aws cloudformation describe-stacks --stack-name eks-vpc --query 'Stacks[0].Outputs[?OutputKey==`SubnetIds`] [].OutputValue' --output text register: subnet - name: "regist vpc” shell: aws cloudformation describe-stacks --stack-name eks-vpc --query 'Stacks[0].Outputs[?OutputKey==`VpcIds`] [].OutputValue' --output text register: vpc - name: "regist sg” shell: aws cloudformation describe-stacks --stack-name eks-vpc --query 'Stacks[0].Outputs[?OutputKey==`SecurityGroups`] [].OutputValue' --output text register: sg - name: "create eks-demo-vpc deploy" shell: aws cloudformation create-stack --stack-name eks-vpc --region us-east-1 --template-url https://amazon-eks.s3-us- west-2.amazonaws.com/1.10.3/2018-07-26/amazon-eks-nodegroup.yaml —parameters ClusterName=test- cluster,ClusterControlPlaneSecurityGroup={{ sg.output }},NodeGroupName=test- cluster,NodeAutoScalingGroupMinSize=1,NodeAutoScalingGroupMaxSize=1,NodeInstanceType=t2.large,NodeImageId=ami-048 486555686d18a0,VpcId={{ vpc.output }},Subnets={{ subnet.output }} register: result Լ४උ͚ͩͰ͜Μ͚ͩɾɾɾ

Slide 35

Slide 35 text

Ansiblerͷ օ͞·΋ϙϙϯͱ EKSࢼͯ͠Έͯ͘ ͍ͩ͞

Slide 36

Slide 36 text

HACKER PM/PL サイバーエージェントでは エンジニアを募集しております. ※k8s,OpenStack,AWS,GCP触れるよ. http://rickandmorty.wikia.com/wiki/File:Rick_and_morty_wanted.png

Slide 37

Slide 37 text

Thx.