Aws

EKS Cluster 만들기

wngnl05 2024. 12. 24. 14:57

Install EKSctl & Kubectl

aws configure

 

EKS Install Link

ARCH=amd64
PLATFORM=$(uname -s)_$ARCH
curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz
sudo mv /tmp/eksctl /usr/local/bin

 

Kubectl Install Link

sudo chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin

 

Eks 클러스터 설정

Inbound : 80, 443

Outbound : All_Trafic

 

Eks Cluster IAM 역활 생성하기

# 역할 생성
aws iam create-role --role-name Eks-Cluster-Role --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Principal": {
            "Service": "eks.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}'
# AmazonEKSClusterPolicy 정책 연결
aws iam attach-role-policy --role-name Eks-Cluster-Role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy

Update cluster

eksctl utils write-kubeconfig --name <클러스터 이름>
aws eks update-kubeconfig --name <클러스터 이름>

Create OIDC <자격 증명 공급자>

eksctl utils associate-iam-oidc-provider --approve --cluster <클러스터 이름>

 

Eks 노드그룹 설정

Inbound : 22, 10250, 443, 1025-65525

Outbound : All_Trafic

 

Eks Nodegroup IAM 역활 생성하기

# 역할 생성
aws iam create-role --role-name Eks-NodeGroup-Role --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Principal": {
            "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}'
# AmazonEKSWorkerNodePolicy 정책 연결
aws iam attach-role-policy --role-name Eks-NodeGroup-Role --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
# AmazonEC2ContainerRegistryReadOnly 정책 연결
aws iam attach-role-policy --role-name Eks-NodeGroup-Role --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
# AmazonEKS_CNI_Policy 정책 연결
aws iam attach-role-policy --role-name Eks-NodeGroup-Role --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy

 

Download Manifest yaml file

curl -o deployment.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/Deployment/deployment.yaml
curl -o service.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/service.yml
curl -o ingress.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/ingress.yml

 

 

 

 

 

 

저작자표시 비영리 변경금지 (새창열림)