본문 바로가기

퍼블릭 클라우드

[AWS] Amazon EKS(Amazon Elastic Kubernetes Service) 구성

728x90

Amazon EKS(Amazon Elastic Kubernetes Service) 구성

ECR 리포지토리 생성

EKS 생성

EKS IAM 계정 생성

- eksuser 생성

IAM eksuser 계정으로 웹 콘솔 로그인합니다.

eksAdmin(EC2 인스턴스) 생성

리눅스에 AWS 키 등록하기

$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

$ aws --version
aws-cli/1.18.147 Python/2.7.18 Linux/4.14.246-187.474.amzn2.x86_64 botocore/1.18.6
$ aws configure 
AWS Access Key ID [None]: AKIA-AccessKey
AWS Secret Access Key [None]: IRCB-SecretAccessKey
Default region name [None]: ap-northeast-2
Default output format [None]: json
$ aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************OR5I shared-credentials-file    
secret_key     ****************nbSt shared-credentials-file    
    region           ap-northeast-2      config-file    ~/.aws/config

K8S 도구 설치

- kubectl 설치

 : https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/install-kubectl.html

$ sudo mkdir -p ~/.kube
  
$ sudo curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
  
$ sudo chmod +x ./kubectl
  
$ sudo mv ./kubectl /usr/local/bin/kubectl
  
$ source <(kubectl completion bash)

$ echo "source <(kubectl completion bash)" >> ~/.bashrc

$ kubectl version --short --client
Client Version: v1.22.3

- eksctl 설치

 : https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/eksctl.html

$ curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

$ sudo mv /tmp/eksctl /usr/local/bin/

$ eksctl version
0.70.0

-  aws-iam-authenticator 설치

 : https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/install-aws-iam-authenticator.html

$ curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator

$ chmod +x aws-iam-authenticator

$ sudo mv aws-iam-authenticator /usr/local/bin/

$ aws-iam-authenticator version
{"Version":"v0.5.0","Commit":"1cfe2a90f68381eacd7b6dcfa2bf689e76eb8b4b"}

EKS Cluster용 Role 생성

역할 만들기

- 신뢰할 수 있는 유형의 개체 선택 : AWS 서비스

사용 사례 선택 : EKS

사용 사례 선택 : EKS - Cluster

정책 : AmazonEKSClusterPolicy

정책 이름 : SCByun-eksClusterRole

Amazon ECS 클러스터 생성

이름 : SCByun-eksCluster

역할 : SCByun-eksClusterRole

- 보안 그룹 생성

 

eksAdmin(EC2 인스턴스)에서 작업

$ aws eks --region ap-northeast-2 update-kubeconfig --name SCByun-eksCluster
$ kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   28m
$ kubectl get nodes
No resources found

$ kubectl get ns
NAME              STATUS   AGE
default           Active   5m53s
kube-node-lease   Active   5m55s
kube-public       Active   5m55s
kube-system       Active   5m55s

EKS Worker Node용 Role 생성

역할 : SCByun-eksClusterRole

- AmazonEKS_CNI_Policy
- AmazonEKSWorkerNodePolicy
- AmazonEC2ContainerRegistryReadOnly

노드 그룹 구성

$ kubectl get nodes
NAME                                               STATUS     ROLES    AGE   VERSION
ip-172-31-15-216.ap-northeast-2.compute.internal   NotReady   <none>   13s   v1.21.4-eks-033ce7e
ip-172-31-50-31.ap-northeast-2.compute.internal    NotReady   <none>   12s   v1.21.4-eks-033ce7e
728x90