EKS
인스턴스 생성
- 이름 : docker
- 보안그룹 : MY-SG-WEB
- 키 : docker-key
리포지토리 생성
- 이름 : web-site
==============================mobaxterm==============================
▶ aws configure
[ec2-user@ip-10-24-6-86 ~]$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: ap-northeast-2
Default output format [None]: json▶ 자격 증명
[ec2-user@ip-10-24-6-86 ~]$ aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/c1w2a5l4
WARNING! Your password will be stored unencrypted in /home/ec2-user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded▶ 이미지 태그
[ec2-user@ip-10-24-6-86 ~]$ docker tag seozzang3/web-site:v2.0 public.ecr.aws/c1w2a5l4/web-site:blue
[ec2-user@ip-10-24-6-86 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
seozzang3/web-site v2.0 c813917c01ba 11 days ago 172MB
public.ecr.aws/c1w2a5l4/web-site blue c813917c01ba 11 days ago 172MB▶ 이미지 다운
[ec2-user@ip-10-24-6-86 ~]$ docker push public.ecr.aws/c1w2a5l4/web-site:blue
The push refers to repository [public.ecr.aws/c1w2a5l4/web-site]
da40fa1d5c53: Pushed
e9144dc49637: Pushed
54a40f4a0798: Pushed
520d1697dc47: Pushed
95129a5fe07e: Pushed
blue: digest: sha256:f1f4c66384788c1733c846c62bd21c0d958faf1e93a7d08a5d3a4b22c728417e size: 1371
====================================================================
클러스터 생성
- 이름 : EKS-CLUSTER
- 버전 : 1.22
- 역할 : eksClusterRole
- VPC : MY-VPC
- 서브넷 : MY-PUBLIC-SUBNET-2A / MY-PUBLIC-SUBNET-2C
- 보안그룹 : MY-SG-WEB
- 로깅 전체 활성화
노드그룹 생성
- 이름 : NODEGROUP
- 역할 : nodeGroupRole
- 용량 유형 : On-Demand
- 유형 : t2.micro
- 노드 그룹 조정 구성 : 5 / 5 / 10
==============================mobaxterm==============================
▶ 로그인
[ec2-user@ip-10-24-6-86 ~]$ aws eks --region ap-northeast-2 update-kubeconfig --name EKS-CLUSTER
Added new context arn:aws:eks:ap-northeast-2:050722723154:cluster/EKS-CLUSTER to /home/ec2-user/.kube/config▶ kubectl 설치
[ec2-user@ip-10-24-6-86 ~]$ curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.22.6/2022-03-09/bin/linux/amd64/kubectl
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 44.7M 100 44.7M 0 0 3139k 0 0:00:14 0:00:14 --:--:-- 3971k▶ 권한부여
[ec2-user@ip-10-24-6-86 ~]$ chmod +x ./kubectl
[ec2-user@ip-10-24-6-86 ~]$ ls
kubectl
[ec2-user@ip-10-24-6-86 ~]$ sudo mv ./kubectl /usr/local/bin-> ls 했을때 녹색
▶ 자동완성
[ec2-user@ip-10-24-6-86 ~]$ source <(kubectl completion bash)
[ec2-user@ip-10-24-6-86 ~]$ echo "source <(kubectl completion bash)" >> ~/.bashrc▶ 볼륨생성
[ec2-user@ip-10-24-6-86 ~]$ aws ec2 create-volume --availability-zone=ap-northeast-2a --size=1 --volume-type=gp2
{
"AvailabilityZone": "ap-northeast-2a",
"CreateTime": "2022-07-25T02:22:49+00:00",
"Encrypted": false,
"Size": 1,
"SnapshotId": "",
"State": "creating",
"VolumeId": "vol-0d573205ff6e906cd",
"Iops": 100,
"Tags": [],
"VolumeType": "gp2",
"MultiAttachEnabled": false
}▶
====================================================================
volume (pv와 pvc 연결)
==============================mobaxterm==============================
▶ 폴더 생성
[ec2-user@ip-10-24-6-86 ~]$ mkdir volume && cd $_
[ec2-user@ip-10-24-6-86 volume]$▶ aws-vol.yaml (퍼시스턴트 볼륨)
[ec2-user@ip-10-24-6-86 volume]$ vi aws-vol.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-aws
labels:
type: local
spec:
storageClassName: gp2
capacity:
storage: 1Gi
persistentVolumeReclaimPolicy: Retain
accessModes:
- ReadWriteOnce
awsElasticBlockStore:
fsType: ext4
volumeID: vol-0d573205ff6e906cd
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-aws
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
selector:
matchLabels:
type: local
---
apiVersion: v1
kind: Pod
metadata:
name: pod-aws
namespace: default
labels:
app: pod-aws
spec:
containers:
- name: test
image: nginx
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: pvc
nodeName: ip-10-24-15-125.ap-northeast-2.compute.internal //저장소 남은 노드로 선택
volumes:
- name: pvc
persistentVolumeClaim:
claimName: pvc-aws
---
apiVersion: v1
kind: Service
metadata:
name: nodeport-service-pod
spec:
type: NodePort
selector:
app: pod-aws
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30080
[ec2-user@ip-10-24-6-86 volume]$ k apply -f aws-vol.yaml
persistentvolume/pv-aws created
persistentvolumeclaim/pvc-aws created
pod/pod-aws created▶ vi aws-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp2
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
fsType: ext4
[ec2-user@ip-10-24-6-86 volume]$ k apply -f aws-sc.yaml
storageclass.storage.k8s.io/gp2 created
[ec2-user@ip-10-24-6-86 volume]$ k get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
gp2 (default) kubernetes.io/aws-ebs Delete Immediate false 12s-> immediate 나오면 정상
▶ 해당 인스턴스 ip로 세션 열기
▶ 마운트하기
[ec2-user@ip-10-24-15-125 ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 20G 0 disk
└─xvda1 202:1 0 20G 0 part /
xvdba 202:13312 0 1G 0 disk /mnt
[ec2-user@ip-10-24-34-221 ~]$ sudo mount /dev/xvdba /mnt
[ec2-user@ip-10-24-34-221 ~]$ sudo vi /mnt/index.html
HELLO WORLD
====================================================================
▶ 보안그룹(eks-remoteAccess) 인바운드 규칙에서 30080 열어주기
pv와 pvc 연결없이 다이렉트로 ebs 연결
▶ 볼륨 생성
[ec2-user@ip-10-24-6-86 volume]$ aws ec2 create-volume --availability-zone=ap-northeast-2c --size=1 --volume-type=gp2
{
"AvailabilityZone": "ap-northeast-2c",
"CreateTime": "2022-07-25T06:38:02+00:00",
"Encrypted": false,
"Size": 1,
"SnapshotId": "",
"State": "creating",
"VolumeId": "vol-00af5fe5f41392900",
"Iops": 100,
"Tags": [],
"VolumeType": "gp2",
"MultiAttachEnabled": false
}▶ test-ebs.yaml (쿠버네티스 볼륨)
apiVersion: v1
kind: Pod
metadata:
name: test-ebs
labels:
app: test-ebs
spec:
containers:
- image: nginx
name: test-container
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: test-volume
nodeName: ip-10-24-34-221.ap-northeast-2.compute.internal
volumes:
- name: test-volume
# This AWS EBS volume must already exist.
awsElasticBlockStore:
volumeID: "vol-00af5fe5f41392900"
fsType: ext4
---
apiVersion: v1
kind: Service
metadata:
name: test-ebs-svc
spec:
type: NodePort
selector:
app: test-ebs
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30080▶ 해당 인스턴스 ip로 세션 열기
▶ 마운트하기
[ec2-user@ip-10-24-34-221 ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 20G 0 disk
└─xvda1 202:1 0 20G 0 part /
xvdbt 202:18176 0 1G 0 disk /var/lib/kubelet/pods/5be306b9-c988-4bcc-9925-76e7e4d41290/volumes/kubernetes.io~aws-ebs/tes
[ec2-user@ip-10-24-34-221 ~]$ sudo mount /dev/xvdbt /mnt
[ec2-user@ip-10-24-34-221 ~]$ sudo vi /mnt/index.html
ALOHA
====================================================================
▶ 보안그룹(eks-remoteAccess) 인바운드 규칙에서 30088 열어주기
wordpress
==============================mobaxterm==============================
▶ configmap-wordpress.yaml
[ec2-user@ip-10-24-6-86 wordpress]$ vi configmap-wordpress.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: config-wordpress
namespace: default
data:
MYSQL_ROOT_HOST: '%'
MYSQL_ROOT_PASSWORD: kosa0401
MYSQL_DATABASE: wordpress
MYSQL_USER: wpuser
MYSQL_PASSWORD: wppass
[ec2-user@ip-10-24-6-86 wordpress]$ k apply -f configmap-wordpress.yaml
configmap/config-wordpress created▶ configmap-wordpress.yaml
[ec2-user@ip-10-24-6-86 wordpress]$ vi mysql-pod-svc.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql-pod
labels:
app: mysql-pod
spec:
containers:
- name: mysql-container
image: mysql:5.7
envFrom: # 컨피그맵 설정 전체를 한꺼번에 불러와서 사용
- configMapRef:
name: config-wordpress
ports:
- containerPort: 3306
---
apiVersion: v1
kind: Service
metadata:
name: mysql-svc
spec:
type: ClusterIP
selector:
app: mysql-pod
ports:
- protocol: TCP
port: 3306
targetPort: 3306
[ec2-user@ip-10-24-6-86 wordpress]$ k apply -f mysql-pod-svc.yaml
pod/mysql-pod created
service/mysql-svc created▶ wordpress-pod-svc.yaml
apiVersion: v1
kind: Pod
metadata:
name: wordpress-pod
labels:
app: wordpress-pod
spec:
containers:
- name: wordpress-container
image: wordpress
env:
- name: WORDPRESS_DB_HOST
value: mysql-svc:3306
- name: WORDPRESS_DB_USER
valueFrom:
configMapKeyRef:
name: config-wordpress
key: MYSQL_USER
- name: WORDPRESS_DB_PASSWORD
valueFrom:
configMapKeyRef:
name: config-wordpress
key: MYSQL_PASSWORD
- name: WORDPRESS_DB_NAME
valueFrom:
configMapKeyRef:
name: config-wordpress
key: MYSQL_DATABASE
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-svc
spec:
type: LoadBalancer
externalIPs:
- 192.168.2.0
selector:
app: wordpress-pod
ports:
- protocol: TCP
port: 80
targetPort: 80
[ec2-user@ip-10-24-6-86 wordpress]$ k apply -f wordprss-pod-svc.yaml
pod/wordpress-pod created
service/wordpress-svc created====================================================================
로드밸런서 리스너 편집
연결된 보안그룹 인바운드 규칙 편집 (HTTPS 추가)
route53 레코드 생성
- blog.hyejin36.shop 추가
RDS 생성
- 엔진 유형: MySQL
- 버전 : MySQL 5.7.22
- 템플릿 : 프리 티어
- 마스터 사용자 이름 : seoes
- 마스터 암호: kosa0401
- db.t2.micro 선택
- VPC : MY-VPC
- 서브넷 그룹 : default
- 보안그룹 : MY-SG-DB, ap-northeast-2b (새로 생성)
- 초기 데이터베이스 이름 : wordpress
- 인바운드 규칙 편집 : 소스 -> 10.24.0.0/16
==============================mobaxterm================================
======================================================================
configmap-wordpress.yaml
