โ๏ธ AWS EKS
- Amazon Elastic Kubernetes Service(Amazon EKS)
- EKS๋ Kubernetes๋ฅผ ์คํํ๋ ๋ฐ ์ฌ์ฉํ ์ ์๋ ๊ด๋ฆฌํ ์๋น์ค์ด๋ค.
- ๋ ธ๋๋ฅผ ์ค์น, ์๋ ๋ฐ ์ ์ง ๊ด๋ฆฌํ ํ์๊ฐ ์๋ค๋ ์ฅ์
https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/what-is-eks.html
โ๏ธ AWS EKS ์ฌ์ฉํด๋ณด๊ธฐ
$ choco install awscli aws-iam-authenticator eksctl kubernetes-helmaws ๊ณ์ ๋ฑ๋ก
$ aws configure$ eksctl create cluster --name myeks --nodes=3 --region=ap-northeast-2โญ Load Balancer Service โ = class lb๋ก์์ฑ๋๊ธฐ ๋๋ฌธ์ nlb๋ก ๋ณ๊ฒฝํด์ฃผ์ด์ผํจ
โญ Ingress: โ
โ๏ธ YAML ํ์ผ์ ์ด์ฉํด์ EKS ๋ฐฐํฌํ๊ธฐ
$ mkdir aws-eks
$ cd aws-eksmyeks.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: myeks-custom # ์ด๋ฆ์ ๊ฐ์ ์ ์๋ค
region: ap-northeast-2
version: "1.22"๊ฐ์ฉ์์ญ ์ง์
- ํ์๋ ์๋๋ ์ผ๋ฐ์ ์ผ๋ก ์ง์ ํ๋ ํธ
# AZ
availabilityZones: ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]eks์ AWS iam๊ณ์ ์ ์ฐ๊ฒฐ ํด ์ฃผ๋ ๋ถ๋ถ
wellKnownPolicies : ๊ณ์ ์ ํด๋น๋๋ ๊ธฐ๋ณธ์ ์ธ ๊ถํ ์ค์
# IAM OIDC & Service Account
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: aws-load-balancer-controller # Addon ์ถ๊ฐํ ๋ ํ์
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
- metadata:
name: ebs-csi-controller-sa
namespace: kube-system
wellKnownPolicies:
ebsCSIController: true
- metadata:
name: cluster-autoscaler
namespace: kube-system
wellKnownPolicies:
autoScaler: trueWorker๋ ธ๋์ ๊ทธ๋ฃน
# Managed Node Groups
managedNodeGroups:
# On-Demand Instance
- name: myeks-ng1
instanceType: t3.medium
minSize: 2
desiredCapacity: 3
maxSize: 4
privateNetworking: true
ssh:
allow: true
publicKeyPath: ./keypair/myeks.pub
availabilityZones: ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]
iam:
withAddonPolicies:
autoScaler: true
albIngress: true
cloudWatch: true
ebs: true# Fargate Profiles
fargateProfiles:
- name: fg-1
selectors:
- namespace: dev
labels:
env: fargate
# CloudWatch Logging
cloudWatch:
clusterLogging:
enableTypes: ["*"]
ํค ์์ฑ
$ mkdir keypair
$ ssh-keygen -f keypair/myssh$ eksctl create cluster -f myeks.yamlโ๏ธ NLB for LoadBalancer Service
โ๏ธ AWS Load Balancer Controller ์ค์น
$ helm repo add eks https://aws.github.io/eks-charts
$ helm repo updateAccount ํ์ธ
$ aws sts get-caller-identity
{
"UserId": "AIxxx",
"Account": "4xxx",
"Arn": "arn:aws:iam::4xxx"
}$ helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=myeks-lunaris --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller --set image.repository=[account]412059376128.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller
NAME: aws-load-balancer-controller
LAST DEPLOYED: Mon May 30 20:56:35 2022
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!์ํ ์ฝ๋
myapp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb-deploy
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: myweb
image: ghcr.io/c1t1d0s7/go-myweb
ports:
- containerPort: 8080`mysvc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb-svc-lb
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
spec:
type: LoadBalancer
selector:
app: web
ports:
- port: 80
targetPort: 8080โ๏ธ Ingress for ALB
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myweb-ing
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/scheme: internet-facing
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myweb-svc-lb
port:
number: 80- alb.ingress.kubernetes.io/target-type
- instance: EC2 ํ๊ฒ
- ip: Pod ํ๊ฒ(Fargate) - alb.ingress.kubernetes.io/scheme
- internal: ๋ด๋ถ
- internet-facing: ์ธ๋ถ
โ๏ธ EBS for CSI
EBS ์ค๋
์ท
EBS ํฌ๊ธฐ ๋ณ๊ฒฝ
$ eksctl get iamserviceaccount --cluster myeks-custom
NAMESPACE NAME ROLE ARN
kube-system aws-load-balancer-controller arn:aws:iam::xxxxx:role/eksctl-myeks-custom-addon-iamserviceaccount-Role1-11N0OKMVG2DYY
kube-system aws-node arn:aws:iam::xxxx:role/eksctl-myeks-custom-addon-iamserviceaccount-Role1-CLMK7A6K5NL3
kube-system cluster-autoscaler arn:aws:iam::xxxx:role/eksctl-myeks-custom-addon-iamserviceaccount-Role1-1S02W28MZOSL4
kube-system ebs-csi-controller-sa arn:aws:iam::xxxx:role/eksctl-myeks-custom-addon-iamserviceaccount-Role1-15HLE8HBOD9CN$ eksctl create addon --name aws-ebs-csi-driver --cluster myeks-lunaris--service-account-role-arn arn:aws:iam::xxxx:role/eksctl-myeks-lunaris-addon-iamserviceaccount-Role1-15HLE8HBOD9CN --forceโ๏ธ Metrics Server
$ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yamlโ๏ธ Cluster Autoscaler
โ๏ธ ์๋ ์ค์ผ์ผ๋ง
$ eksctl scale nodegroup --name myeks-ng1 --cluster myeks-lunaris --nodes 2โ๏ธ์๋ ์ค์ผ์ผ๋ง
$ curl -o cluster-autoscaler-autodiscover.yaml https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yamlcluster-autoscaler-autodiscover.yaml
...
163: - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/myeks-lunaris
...$ kubectl apply -f cluster-autoscaler-autodiscover.yaml$ kubectl patch deployment cluster-autoscaler -n kube-system -p '{"spec":{"template":{"metadata":{"annotations":{"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"}}}}}'$ kubectl -n kube-system edit deployment.apps/cluster-autoscaler - command:
- ./cluster-autoscaler
- --v=4
- --stderrthreshold=info
- --cloud-provider=aws
- --skip-nodes-with-local-storage=false
- --expander=least-waste
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/myeks-custom
- --balance-similar-node-groups
- --skip-nodes-with-system-pods=false
image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.22.6์์
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/myeks-custom
- --balance-similar-node-groups
- --skip-nodes-with-system-pods=false
- image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.22.2
$ kubectl set image deployment cluster-autoscaler -n kube-system cluster-autoscaler=k8s.gcr.io/autoscaling/cluster-autoscaler:v1.22.2์ํ ์ฝ๋
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb-deploy
spec:
replicas: 2
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: myweb
image: ghcr.io/c1t1d0s7/go-myweb:alpine
ports:
- containerPort: 8080
resources:
requests:
cpu: 200m
memory: 200M
limits:
cpu: 200m
memory: 200Mโ๏ธCloudWatch Container Insight
ClusterName=myeks-custom
RegionName=ap-northeast-2
FluentBitHttpPort='2020'
FluentBitReadFromHead='Off'
[[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On'
[[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On'
curl https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/quickstart/cwagent-fluent-bit-quickstart.yaml | sed 's/{{cluster_name}}/'${ClusterName}'/;s/{{region_name}}/'${RegionName}'/;s/{{http_server_toggle}}/"'${FluentBitHttpServer}'"/;s/{{http_server_port}}/"'${FluentBitHttpPort}'"/;s/{{read_from_head}}/"'${FluentBitReadFromHead}'"/;s/{{read_from_tail}}/"'${FluentBitReadFromTail}'"/' | kubectl apply -f - โ๏ธ ํด๋ฌ์คํฐ ์ญ์
eksctl delete cluster -f .\myeks.yaml --force --disable-nodegroup-eviction
How R U Today :)