Cluster Network 설정
eks cluster endpoint access private 으로 변경
- 확인
EKS kubeconfig 적용
aws eks --region <region-code> update-kubeconfig --name <cluster_name>
홈 디렉토리 .kube/config 파일 확인
AWS Endpoint 생성
private endpoint 접근을 위한 endpoint 생성
- com.amazonaws.ap-northeast-2.rds
- com.amazonaws.ap-northeast-2.eks
- com.amazonaws.ap-northeast-2.ecr.dkr
- com.amazonaws.ap-northeast-2.elasticloadbalancing
- com.amazonaws.ap-northeast-2.autoscaling
- com.amazonaws.ap-northeast-2.ebs
- com.amazonaws.ap-northeast-2.s3 ( gateway )
Cluster Security Group 설정
- Cluster sg : cluster resources 들이 가지는 sg
- All Port Cluster 내부 cidr 에 대하여 open
- Additional sg : Controlplane 이 가지는 sg
- 443 Port Cluster 내부 cidr 에 대하여 open
AWS Loadbalancer Controller 설치
oidc provider 설치
eksctl utils associate-iam-oidc-provider --cluster eks-devops-cluster-10 --approve --region ap-northeast-2
[devops@ip~]$ eksctl utils associate-iam-oidc-provider --cluster eks-devops-cluster-10 --approve --region ap-northeast-2
2023-10-02 09:09:14 [ℹ] will create IAM Open ID Connect provider for cluster "eks-devops-cluster-10" in "ap-northeast-2"
2023-10-02 09:09:15 [✔] created IAM Open ID Connect provider for cluster "eks-devops-cluster-10" in "ap-northeast-2"
iam 정책 생성
링크참조
k8s 서비스 계정 생성
eksctl create iamserviceaccount \
--cluster=my-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \
--approveAdd-on 설치
aws console 화면에서 설치 진행
Hello Worlds!