EKS
AWS 에서 실행
사용자 데이터
#!/bin/bash
cd /tmp
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
amazon-linux-extras install docker -y
systemctl enable --now docker
curl https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker -o /etc/bash_completion.d/docker.sh
usermod -a -G docker ec2-userIAM
사용자 추가
- 사용자 이름 : docker
- AWS 액세스 유형: 액세스키, 암호 체크, 콘솔비밀번호; 사용자 지정 비밀 번호
- 권한 : 기존 정책 직접 연결; AdministratorAccess
역할 생성
- AWS 서비스, EC2
- 권한 정책 s3, AmazonS3FullAccess 선택
- 역할 이름 : s3-role
버킷 생성
- 버킷 이름 : s3.hyejin36.shop
- 객체 소유권 : ACL 비활성화됨
- 버킷 버전 관리 : 활성화
- 기본 암호화 : 활성화
- 역할 수정
ECR-리포지토리
public 리포지토리 생성
- 리포지토리 이름 : public.ecr.aws/registry-alias/web-site
- 푸시 명령 보기
mobaxterm에서 실행
[ec2-user@ip-10-24-39-34 ~]$ aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/c1w2a5l4
WARNING! Your password will be stored unencrypted in /home/ec2-user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded- 이미지 다운
[ec2-user@ip-10-24-39-34 ~]$ docker push public.ecr.aws/c1w2a5l4/web-site:v1.0
The push refers to repository [public.ecr.aws/c1w2a5l4/web-site]
da40fa1d5c53: Pushed
e9144dc49637: Pushed
54a40f4a0798: Pushed
520d1697dc47: Pushed
95129a5fe07e: Pushed
v1.0: digest: sha256:f1f4c66384788c1733c846c62bd21c0d958faf1e93a7d08a5d3a4b22c728417e size: 1371IAM 사용자로 로그인(firefox에서)
EKS
클러스터 생성
- 이름 : EKS-CLUSTER
- 버전 : 1.19
- IAM 역할 만들고 다시 진행
- 클러스터 서비스 역할 : eksClusterRole
- VPC : MY-VPC
- 서브넷 : MY-PUBLIC-SUBNET-2A / MY-PUBLIC-SUBNET-2C
- 보안 그룹 : MY-SG-WEB
IAM 역할 생성
- AWS 서비스, EKS-Cluster
- 역할 이름 : eksClusterRole
mobaxterm에서 실행
kubectl 내려받기
[ec2-user@ip-10-24-39-34 ~]$ curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.19.6/2021-01-05/bin/linux/amd64/kubectl
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 57.4M 100 57.4M 0 0 3519k 0 0:00:16 0:00:16 --:--:-- 5209k
[ec2-user@ip-10-24-39-34 ~]$ ls
kubectl
[ec2-user@ip-10-24-39-34 ~]$ chmod +x ./kubectl설정
$ aws eks --region ap-northeast-2 update-kubeconfig --name EKS-CLUSTER
$ curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/kubectl
$ chmod +x ./kubectl
$ sudo mv ./kubectl /usr/local/bin
$ source <(kubectl completion bash)
$ echo "source <(kubectl completion bash)" >> ~/.bashrc
$ kubectl version --short --client
$ kubectl get svc노드그룹 생성
- EKS > 컴퓨팅 > 노드그룹 추가
- 이름 : NODEGROUP
- IAM 역할 만들고 다시 진행
- 노드 IAM 역할 : nodeGroupRole
- 인스턴스 유형 : t2.micro
- 서브넷 : MY-PUBLIC-SUBNET 2A / MY-PUBLIC-SUBNET 2C
- 노드에 대한 SSH 액세스 구성 활성화
- SSH 키 페어 : docker-key
- SSH 원격 액세스 권한 허용 대상 : 모두
노드역할 생성
- AWS 서비스, EC2
- AmazonEKSWorkerNodePolicy, AmazonEC2ContainerRegistryReadOnly, AmazonEKS_CNI_Policy 권한 추가
- 이름 : nodeGroupRole
- 인스턴스 확인
worker node 확인
[ec2-user@ip-10-24-39-34 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-10-24-38-218.ap-northeast-2.compute.internal Ready <none> 7m52s v1.19.15-eks-9c63c4
ip-10-24-8-167.ap-northeast-2.compute.internal Ready <none> 7m51s v1.19.15-eks-9c63c4pod 생성
[ec2-user@ip-10-24-39-34 ~]$ mkdir workspace && cd $_
[ec2-user@ip-10-24-39-34 workspace]$ kubectl run nginx-pod --image=nginx
pod/nginx-pod created
[ec2-user@ip-10-24-39-34 workspace]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-pod 0/1 ContainerCreating 0 8s <none> ip-10-24-38-218.ap-northeast-2.compute.internal <none> <none>하나 더 생성
[ec2-user@ip-10-24-39-34 workspace]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-pod 1/1 Running 0 103s 10.24.38.186 ip-10-24-38-218.ap-northeast-2.compute.internal <none> <none>
nginx-pod2 1/1 Running 0 19s 10.24.10.103 ip-10-24-8-167.ap-northeast-2.compute.internal <none> <none>
-> 서로 다른 노드에 만들어짐
- 서비스 제공
[ec2-user@ip-10-24-39-34 workspace]$ kubectl expose pod nginx-pod --name clusterip --type ClusterIP --port 80
service/clusterip exposed
[ec2-user@ip-10-24-39-34 workspace]$ kubectl expose pod nginx-pod --name nodeport --type NodePort --port 80
service/nodeport exposed
[ec2-user@ip-10-24-39-34 workspace]$ kubectl expose pod nginx-pod --name loadbalancer --type LoadBalancer --external-ip 13.124.207.162 --port 8080
service/loadbalancer exposed- 터미널 안들어가고 수정
$ kubectl exec nginx-pod -- sh -c "echo 'Hello World' > /usr/share/nginx/html/index.html"- yaml 파일
vi pod-loadbalancer.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-web
labels:
app: nginx-pod
spec:
containers:
- name: nginx-pod-container
image: public.ecr.aws/c1w2a5l4/web-site:v1.0
---
apiVersion: v1
kind: Service
metadata:
name: loadbalancer-service-pod
spec:
type: LoadBalancer
# externalIPs:
# - 192.168.1.191
selector:
app: nginx-pod
ports:
- protocol: TCP
port: 80
targetPort: 80
$ kubectl apply -f pod-loadbalancer.yaml- 확인
[ec2-user@ip-10-24-39-34 workspace]$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-pod 1/1 Running 0 74m
pod/nginx-pod-web 1/1 Running 0 41s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/clusterip ClusterIP 172.20.150.163 <none> 80/TCP 73m
service/kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 167m
service/loadbalancer LoadBalancer 172.20.219.171 a7f81934009804bdea3c808be27ab5c8-1632944213.ap-northeast-2.elb.amazonaws.com,13.124.207.162 80:30950/TCP 20m
service/loadbalancer-service-pod LoadBalancer 172.20.118.116 ae9ea68ae2d1f480cba04dcfa367afb4-228092223.ap-northeast-2.elb.amazonaws.com 80:30694/TCP 41s
service/nodeport NodePort 172.20.228.24 <none> 80:30235/TCP 68m
- 레코드 생성 (web.hyejin36.shop)
