EKS Fargate 간단 설치

유정훈·2023년 4월 25일
aws
0

AWS

목록 보기
3/4

VPC 설치

CloudFormation으로 VPC 생성

  • URL
https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml

EKS Console에서 생성

EKS Cluster 역할

  • 아래 링크를 참고하여 역할 생성 후 EKS Cluster에 적용
https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/service_IAM_role.html#create-service-role

VPC 설정

  • 서브넷 private 두개로 설정
  • cluster endpoint - private
    :private로 하여 외부에서 접근을 못하게 함.

EC2(Bastion) 생성

  • VPC - 이전에 만든 vpc-public으로 생성 후 join
  • inbound 추가 ( eks cluster security group에 inbound sg-ec2 추가)

cli 설정

aws configure
export aws_access_key_id= ,,,

aws cli 설치

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
export PATH=/usr/local/bin:$PATH
source ~/.bash_profile

#aws --version
#2.* version

jq 설치

sudo yum install -y jq

bash completion(skip)

sudo yum install -y bash-completion

git 설치

sudo yum install git -y

Helm 설치

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

kubectl 설치

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.14/2023-01-30/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
kubectl version --short --client

eksctl 설치

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

update kubeconfig : kubectl 설정

aws eks update-kubeconfig --region ap-northeast-2 --name test-cicd-eks

region, name 설정

EKS Fargate Profile 생성(console)

name: Kube-dns-profile
subnet : private 두개
pod excution role : 콘솔 안 링크 참고해서 생성 후 적용
namespace : kube-system

  • k8s-app : kube-dns

name: default-profile
subnet: private 두개
pod excrution role : 콘솔 안 링크 참고해서 생성 후 적용
namespace :

  • kube-node-lease
  • kube-public
  • kube-system
  • default
  • cert-manager

CoreDNS 재시작 (fargate)

kubectl patch deployment coredns \
    -n kube-system \
    --type json \
    -p='[{"op": "remove", "path": "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type"}]'
kubectl rollout restart -n kube-system deployment coredns

ALB Ingress 생성

위에 cert-manager 네임스페이스의 fargate를 생성하지 않았다면 생성

IAM 정책 & K8S ServiceAccount 생성

  • oidc
    eksctl utils associate-iam-oidc-provider --cluster $CLUSTERNAME --approve
  • iam policy download
    curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/install/iam_policy.json
  • iam policy creation
    aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json
    eksctl create iamserviceaccount \
  --cluster=$CLUSTERNAME \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::$AWS_ACCOUNT_ID:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --approve
    # 확인
kubectl get serviceaccount aws-load-balancer-controller --namespace kube-system

AWS Load Balancer Controller 설치

  • Helm Repository 추가
helm repo add eks https://aws.github.io/eks-charts
  • TargetGroupBinding CRD 설치
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
  • Helm Chart로 LoadBalancer 설치
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
    --set clusterName=$CLUSTERNAME \
    --set serviceAccount.create=false \
    --set region=ap-northeast-2 \
    --set vpcId=$VPC_ID \
    --set serviceAccount.name=aws-load-balancer-controller \
    -n kube-system

Sample app - Game2048

Fargate profile

eksctl create fargateprofile \
--cluster $CLUSTERNAME \
--region ap-northeast-2 \
--name sample-app \
--namespace game-2048

yaml

cat <<EOF> sample-app.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: game-2048
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: game-2048
  name: deployment-2048
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: app-2048
  replicas: 1
  template:
    metadata:
      labels:
        app.kubernetes.io/name: app-2048
    spec:
      containers:
        - image: alexwhen/docker-2048
          imagePullPolicy: Always
          name: app-2048
          resources:
            limits:
              cpu: 1
              memory: 1024Mi
            requests:
              cpu: 1
              memory: 1024Mi
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  namespace: game-2048
  name: service-2048
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app.kubernetes.io/name: app-2048
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: service-2048
                port:
                  number: 80
EOF
kubectl apply -f sample-app.yaml

배포 후 ingress 확인

kubectl get ingress/ingress-2048 -n game-2048
profile
유정훈
안녕하세요!
이전 포스트

[Github Action] AWS IAM Role로 접근 + Github Enterprise

다음 포스트

Prometheus-Grafana 설치(EKS)

0개의 댓글