๋กœ์ผ“๐Ÿพ
article thumbnail

๐Ÿ”— eksctl ๊นƒํ—™

๐Ÿ”— eksctl ๊ณต์‹ ๋ฌธ์„œ

๐Ÿ”— eksctl config file example

 

eksctl ์„ค์น˜

curl --silent --location "<https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$>(uname -s)_arm64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

EKS ๊ตฌ์„ฑ

eks ๋Š” ์•„๋งˆ์กด์˜ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ์„œ๋น„์Šค์ด๋ฉฐ, eksctl ์€ eks ๋ฅผ ์‰ฝ๊ฒŒ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ๋„๋ก ๋„์™€์ฃผ๋Š” ์ปค๋งจ๋“œ ํˆด

  • eksctl ๊ณต์‹ ๋ฌธ์„œ๋Š” ๊ต‰์žฅํžˆ ์นœ์ ˆํ•œ ํŽธ์ด๋ผ๊ณ  ์ƒ๊ฐ

๐Ÿ’ก eksctl ์€ EKS ๋ฅผ ์œ„ํ•œ ์ปค๋งจํŠธ ํˆด์ด๋ฏ€๋กœ aws configure ๊ฐ€ ๋œ ์ƒํƒœ์—ฌ์•ผ ํ•จ

aws ๋กœ๊ทธ์ธ

aws configure

1. Using Config Files (๊ฐ€์žฅ ๊ธฐ๋ณธ)

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: basic-cluster
  region: eu-north-1 

nodeGroups:
  - name: ng-1
    instanceType: m5.large
    desiredCapacity: 10
    volumeSize: 80
    ssh:
      allow: true # will use ~/.ssh/id_rsa.pub as the default ssh key
  - name: ng-2
    instanceType: m5.xlarge
    desiredCapacity: 2
    volumeSize: 100
    ssh:
      publicKeyPath: ~/.ssh/ec2_id_rsa.pub
  • nodeGroups[0].ssh : ํ‚ค์˜ ์œ„์น˜๋ฅผ ๋ช…์‹œํ•˜์ง€ ์•Š์œผ๋ฉด ์ž๋™์œผ๋กœ ~/.ssh/id_rsa.pub ์„ ๋”ฐ๋ผ๊ฐ

 

eksctl create cluster -f cluster.yaml
  • 20~30๋ถ„ ์ •๋„ ์†Œ์š”๋จ

 

์ดํ›„ ์‚ญ์ œํ•˜๊ธฐ

eksctl delete cluster -f cluster.yaml

2. VPC ์ง€์ •ํ•˜๊ธฐ

---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: non-eksctl-created-cluster
  region: us-west-2

vpc:
  id: "vpc-12345"
  securityGroup: "sg-12345"    # this is the ControlPlaneSecurityGroup
  subnets:
    private:
      private1:
          id: "subnet-12345"
      private2:
          id: "subnet-67890"
    public:
      public1:
          id: "subnet-12345"
      public2:
          id: "subnet-67890"

nodeGroups:
...

3. ๋‹ค์–‘ํ•œ ๋…ธ๋“œ๊ทธ๋ฃน์˜ ssh

managedNodeGroups:
  - name: ng-1
    instanceType: m5.large
    desiredCapacity: 1
    ssh: # import public key from file
      publicKeyPath: ~/.ssh/id_rsa_tests.pub
  - name: ng-2
    instanceType: m5.large
    desiredCapacity: 1
    ssh: # use existing EC2 key
      publicKeyName: ec2_dev_key
  - name: ng-3
    instanceType: m5.large
    desiredCapacity: 1
    ssh: # import inline public key
      publicKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqZEdzvHnK/GVP8nLngRHu/GDi/3PeES7+Bx6l3koXn/Oi/UmM9/jcW5XGziZ/oe1cPJ777eZV7muEvXg5ZMQBrYxUtYCdvd8Rt6DIoSqDLsIPqbuuNlQoBHq/PU2IjpWnp/wrJQXMk94IIrGjY8QHfCnpuMENCucVaifgAhwyeyuO5KiqUmD8E0RmcsotHKBV9X8H5eqLXd8zMQaPl+Ub7j5PG+9KftQu0F/QhdFvpSLsHaxvBzA5nhIltjkaFcwGQnD1rpCM3+UnQE7Izoa5Yt1xoUWRwnF+L2TKovW7+bYQ1kxsuuiX149jXTCJDVjkYCqi7HkrXYqcC1sbsror someuser@hostname"
  - name: ng-4
    instanceType: m5.large
    desiredCapacity: 1
    ssh: # enable SSH using SSM
      enableSsm: true

 


4. managed node group ๊ณผ unmanaged node group

managed node group

 

Managed node groups - Amazon EKS

If you are running a stateful application across multiple Availability Zones that is backed by Amazon EBS volumes and using the Kubernetes Cluster Autoscaler, you should configure multiple node groups, each scoped to a single Availability Zone. In addition

docs.aws.amazon.com

EKS ๊ด€๋ฆฌ ๋…ธ๋“œ ๊ทธ๋ฃน์€ Amazon EKS ํด๋Ÿฌ์Šคํ„ฐ์— ๋Œ€ํ•ด AWS์— ์˜ํ•ด ๊ด€๋ฆฌ๋˜๋Š” ์ž๋™ ํ™•์žฅ ๊ทธ๋ฃน ๋ฐ ๊ด€๋ จ EC2 ์ธ์Šคํ„ด์Šค์ž…๋‹ˆ๋‹ค. ๊ฐ ๋…ธ๋“œ ๊ทธ๋ฃน์€ Amazon EKS์— ์ตœ์ ํ™”๋œ Amazon Linux 2 AMI๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. Amazon EKS๋Š” ๋…ธ๋“œ์— ๋ฒ„๊ทธ ์ˆ˜์ • ๋ฐ ๋ณด์•ˆ ํŒจ์น˜๋ฅผ ์‰ฝ๊ฒŒ ์ ์šฉํ•  ์ˆ˜ ์žˆ์„ ๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ์ตœ์‹  Kubernetes ๋ฒ„์ „์œผ๋กœ ์—…๋ฐ์ดํŠธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ฐ ๋…ธ๋“œ ๊ทธ๋ฃน์€ ํด๋Ÿฌ์Šคํ„ฐ์— ๋Œ€ํ•ด ๊ณ ๊ฐ€์šฉ์„ฑ(HA)์„ ์œ„ํ•ด ์—ฌ๋Ÿฌ AWS VPC ๊ฐ€์šฉ์„ฑ ์˜์—ญ ๋ฐ ์„œ๋ธŒ๋„ท์— ๊ฑธ์ณ ์žˆ๋Š” ์ž๋™ ํ™•์žฅ ๊ทธ๋ฃน์„ ์‹œ์ž‘ํ•ฉ๋‹ˆ๋‹ค.

 

  • ๊ธฐ๋ณธ์ ์œผ๋กœ Amazon Linux 2 AMI ์‚ฌ์šฉ (๋‹ค๋ฅธ OS ๋ณ€๊ฒฝ ๊ฐ€๋Šฅ)
  • ์˜คํ†  ์Šค์ผ€์ผ๋ง์„ ์œ„ํ•จ
  • eks console ์—์„œ ๊ด€๋ฆฌ ๊ฐ€๋Šฅ
  • managed , unmanged ๋ชจ๋‘ ํ•œ ํด๋Ÿฌ์Šคํ„ฐ ๋‚ด์—์„œ ๊ตฌ์„ฑ ๊ฐ€๋Šฅ ํ•˜์ง€๋งŒ unmanaged ๋Š” eks console ์— ์•ˆ๋ณด์ž„

 

# cluster.yaml
# A cluster with two managed nodegroups
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: managed-cluster
  region: us-west-2

managedNodeGroups:
  - name: managed-ng-1
    minSize: 2
    maxSize: 4
    desiredCapacity: 3
    volumeSize: 20
    ssh:
      allow: true
      publicKeyPath: ~/.ssh/ec2_id_rsa.pub
      # new feature for restricting SSH access to certain AWS security group IDs
      sourceSecurityGroupIds: ["sg-00241fbb12c607007"]
    labels: {role: worker}
    tags:
      nodegroup-role: worker
    iam:
      withAddonPolicies:
        externalDNS: true
        certManager: true

  - name: managed-ng-2
    instanceType: t2.large
    minSize: 2
    maxSize: 3

unmanaged node group

 

ekctl์—์„œ --managed=false๋ฅผ ์„ค์ •ํ•˜๊ฑฐ๋‚˜ nodeGroups ํ•„๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๊ด€๋ฆฌ๋˜์ง€ ์•Š๋Š” ๋…ธ๋“œ ๊ทธ๋ฃน์ด ์ƒ์„ฑ๋ฉ๋‹ˆ๋‹ค. ๊ด€๋ฆฌ๋˜์ง€ ์•Š๋Š” ๋…ธ๋“œ ๊ทธ๋ฃน์€ EKS ์ฝ˜์†”์— ๋‚˜ํƒ€๋‚˜์ง€ ์•Š์œผ๋ฉฐ ์ผ๋ฐ˜์ ์œผ๋กœ EKS ๊ด€๋ฆฌ ๋…ธ๋“œ ๊ทธ๋ฃน์— ๋Œ€ํ•ด์„œ๋งŒ ์•Œ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

 

  • config yaml ์—์„œ managedNodeGroups ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด managed, nodeGroups ์ด๋ฉด unmanged
  • eks console ์—์„œ ๊ด€๋ฆฌ ๋ถˆ๊ฐ€๋Šฅ

 


5. taint

taints:
  - key: your.domain.com/db
    value: "true"
    effect: NoSchedule
  - key: your.domain.com/production
    value: "true"
    effect: NoExecute
  • ์ด๋Ÿฐ์‹์œผ๋กœ Node ์— taint ๋ฅผ ํ•  ์ˆ˜ ์žˆ๋‹ค.
    • ๋งŒ์•ฝ taint ๊ฐ€ ๊ฑธ๋ฆฐ ๋…ธ๋“œ์— ํŒŒ๋“œ๋ฅผ ๋ฐฐํฌํ•˜๋ ค๋ฉด, toleration ์„ค์ •์„ ํŒŒ๋“œ ์ŠคํŽ™์— ๋ช…์‹œํ•ด์ฃผ๋ฉด ๋จ
    • ex) GPU ์‚ฌ์šฉํ•˜๋Š” ๋…ธ๋“œ์— gpu ํ…Œ์ธํŠธ๋ฅผ ์„ค์ •ํ•˜๊ณ , gpu ๊ฐ€ ํ•„์š”ํ•œ ํŒŒ๋“œ์— toleration ์„ ํ•ด์คŒ

6. Instance Selector

eksctl์€ vCPU, ๋ฉ”๋ชจ๋ฆฌ ๋“ฑ์˜ ๋ฆฌ์†Œ์Šค ๊ธฐ์ค€์— ๋”ฐ๋ผ ์ธ์Šคํ„ด์Šค ์œ ํ˜• ๋ชฉ๋ก์„ ์ƒ์„ฑํ•˜์—ฌ ์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” EC2 ์ธ์Šคํ„ด์Šค ์„ ํƒ๊ธฐ์™€ ํ†ตํ•ฉ๋ฉ๋‹ˆ๋‹ค. ์ธ์Šคํ„ด์Šค ์„ ํƒ๊ธฐ ๊ธฐ์ค€์ด ์ „๋‹ฌ๋˜๋ฉด ekctl์€ ์ œ๊ณต๋œ ๊ธฐ์ค€๊ณผ ์ผ์น˜ํ•˜๋Š” ์ธ์Šคํ„ด์Šค ์œ ํ˜•์œผ๋กœ ์„ค์ •๋œ ์ธ์Šคํ„ด์Šค ์œ ํ˜•์„ ์‚ฌ์šฉํ•˜์—ฌ ๋…ธ๋“œ ๊ทธ๋ฃน์„ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค.

# instance-selector-cluster.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: cluster
  region: us-west-2

nodeGroups:
- name: ng
  instanceSelector:
    vCPUs: 2
    memory: "4" # 4 GiB, unit defaults to GiB

managedNodeGroups:
- name: mng
  instanceSelector:
    vCPUs: 2
    memory: 2GiB #
    cpuArchitecture: x86_64 # default value

 


7. Setting the node AMI Family

 

nodeGroups:
  - name: ng1
    instanceType: m5.large
    amiFamily: AmazonLinux2
managedNodeGroups:
  - name: m-ng-2
    instanceType: m5.large
    amiFamily: Ubuntu2004

8. Define Container Runtime

๐Ÿ”— containerd๋Š” ๋ฌด์—‡์ด๊ณ  ์™œ ์ค‘์š”ํ• ๊นŒ?

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: container-runtime-test
  region: us-west-2

nodeGroups:
  - name: ng-1
    instanceType: m5.xlarge
    desiredCapacity: 2
    amiFamily: AmazonLinux2
    containerRuntime: containerd
  • ์ด ๊ฐ’์€ ์ด์ „ ๋ฒ„์ „๊ณผ์˜ ํ˜ธํ™˜์„ฑ์„ ์œ ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ๊ธฐ๋ณธ์ ์œผ๋กœ dockerd๋กœ ์„ค์ •๋˜์ง€๋งŒ ๊ณง ์‚ฌ์šฉ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์ž ๊น ๋”ด ์–˜๊ธฐ๋ฅผ ํ•ด๋ณด์ž๋ฉด,

์•„๋ฌด ์ปจํ…Œ์ด๋„ˆ๋„ ์•ˆ๋ณด์ธ๋‹ค. ๊ทธ ์ด์œ ๋Š” 1.24 ๋ถ€ํ„ฐ๋Š” dockerd ๊ฐ€ ์•„๋‹Œ containerd ๋กœ ๋™์ž‘ํ•˜๊ธฐ ๋•Œ๋ฌธ

๋”ฐ๋ผ์„œ containerd ๋ฅผ ๋ณผ ์ˆ˜ ์žˆ๋Š” crictl ์ด๋ผ๋Š” ํŒจํ‚ค์ง€๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค

  • ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค์—์„œ๋Š” criํ‘œ์ค€์„ ์ค€์ˆ˜ํ•˜๋Š” ์ปจํ…Œ์ด๋„ˆ ๋Ÿฐํƒ€์ž„์„ ํ†ตํ•ฉํ•˜์—ฌ ๊ด€๋ฆฌํ•˜๊ธฐ ์œ„ํ•ด crictl์ด๋ž€ ๋ช…๋ น์–ด ํˆด์„ ์ œ๊ณตํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค
  • crictl์€ docker,ctr๊ณผ ๋‹ฌ๋ฆฌ cri๋ฅผ ์ค€์ˆ˜ํ•˜๋Š” ๋ชจ๋“  ์ปจํ…Œ์ด๋„ˆ ๋Ÿฐํƒ€์ž„์— ์‚ฌ์šฉ์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค
  • ์ผ๋ฐ˜์ ์ธ ํŒจํ‚ค์ง€ ๋งค๋‹ˆ์ €๋ฅผ ํ†ตํ•ด kubeadm kubelet๋“ฑ์„ ์„ค์น˜ํ–ˆ๋‹ค๋ฉด ์ž๋™์œผ๋กœ ์„ค์น˜ ๋˜์–ด ์ง‘๋‹ˆ๋‹ค
vi /etc/crictl.yaml 
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
sudo crictl ps
sudo crictl pods


9. Additional Volume Mappings

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: dev-cluster
  region: eu-north-1

managedNodeGroups:
  - name: ng-1-workers
    labels: { role: workers }
    instanceType: m5.xlarge
    desiredCapacity: 10
    volumeSize: 80
    additionalVolumes:
      - volumeName: '/tmp/mount-1' # required
        volumeSize: 80
        volumeType: 'gp3'
        volumeEncrypted: true
        volumeKmsKeyID: 'id'
        volumeIOPS: 3000
        volumeThroughput: 125
      - volumeName: '/tmp/mount-2'  # required
        volumeSize: 80
        volumeType: 'gp2'
        snapshotID: 'snapshot-id'

10. Networking

๊ธฐ๋ณธ์ ์œผ๋กœ ekctl ํด๋Ÿฌ์Šคํ„ฐ ์ƒ์„ฑ์€ ํด๋Ÿฌ์Šคํ„ฐ์— ๋Œ€ํ•œ ์ „์šฉ VPC๋ฅผ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค. ์ด ์ž‘์—…์€ ๋ณด์•ˆ์„ ๋น„๋กฏํ•œ ๋‹ค์–‘ํ•œ ์ด์œ ๋กœ ์ธํ•ด ๊ธฐ์กด ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•œ ๊ฐ„์„ญ์„ ํ”ผํ•˜๊ธฐ ์œ„ํ•ด ์ˆ˜ํ–‰๋˜์ง€๋งŒ ๊ธฐ์กด VPC์—์„œ ๋ชจ๋“  ์„ค์ •์„ ๊ฐ์ง€ํ•˜๋Š” ๊ฒƒ์ด ์–ด๋ ต๊ธฐ ๋•Œ๋ฌธ์— ์ˆ˜ํ–‰๋ฉ๋‹ˆ๋‹ค.

eksctl์—์„œ ์‚ฌ์šฉํ•˜๋Š” ๊ธฐ๋ณธ VPC CIDR์€ 192.168.0.0/16์ž…๋‹ˆ๋‹ค. 8๊ฐœ์˜ ์„œ๋ธŒ๋„ท(ํ”„๋ผ์ด๋น— 3๊ฐœ, ํผ๋ธ”๋ฆญ 3๊ฐœ, ์˜ˆ์•ฝ 2๊ฐœ)์œผ๋กœ ๋‚˜๋‰ฉ๋‹ˆ๋‹ค. --allow-ssh๋ฅผ ์ง€์ •ํ•˜์ง€ ์•Š์œผ๋ฉด SSH ์•ก์„ธ์Šค๊ฐ€ ๋น„ํ™œ์„ฑํ™”๋˜์–ด ์ดˆ๊ธฐ ๋…ธ๋“œ ๊ทธ๋ฃน์ด ๊ณต์šฉ ์„œ๋ธŒ๋„ท์— ์ƒ์„ฑ๋ฉ๋‹ˆ๋‹ค. ๋…ธ๋“œ ๊ทธ๋ฃน์€ ๊ธฐ๋ณธ์ ์œผ๋กœ ํฌํŠธ 1025 - 65535์—์„œ ์ œ์–ด๋ถ€ ๋ณด์•ˆ ๊ทธ๋ฃน์˜ ์ธ๋ฐ”์šด๋“œ ํŠธ๋ž˜ํ”ฝ์„ ํ—ˆ์šฉํ•ฉ๋‹ˆ๋‹ค.

11. Config file schema

๐Ÿ”— ๊ณต์‹ ๋ฌธ์„œ ์ฐธ๊ณ 

 


์™ธ๋ถ€์—์„œ EKS ๋งˆ์Šคํ„ฐ ๋…ธ๋“œ์— ์ ‘๊ทผํ•˜๊ธฐ

aws configure ํ™•์ธ

aws sts get-caller-identity

 

kube config ์— ์ ์šฉ

aws eks --region ${region_name} update-kubeconfig --name ${cluster_name}
profile on loading

Loading...