๋กœ์ผ“๐Ÿพ
article thumbnail

 

 

EKS ์— ๋ฐฐํฌ๋œ ํŒŒ๋“œ๋“ค์€ AWS ์— ์ ‘๊ทผํ•˜๊ธฐ ์œ„ํ•œ ๋ฐฉ๋ฒ•์œผ๋กœ๋Š” ํฌ๊ฒŒ 2๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

  • EC2 Instance Profile
  • IAM Role for Service Account

 

EC2 Instance Profile ์€ ์›Œ์ปค ๋…ธ๋“œ์—๊ฒŒ AWS ์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋Š” ์ž๊ฒฉ ์ฆ๋ช…์„ ํ•ด์ฃผ์ฃ .

EC2 Instance Profile

 

์ •ํ•ด์ง„ EC2 ์ธ์Šคํ„ด์Šค์— ์ •ํ•ด์ง„ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ๋ฐฐํฌํ•œ๋‹ค๋ฉด ์œ„ ๋ฐฉ๋ฒ•์€ ์•„์ฃผ ์ข‹์€ ๋ฐฉ๋ฒ•์ด์—์š”.

ํ•˜์ง€๋งŒ, ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ํ™˜๊ฒฝ์— ๋ฐฐํฌ๋˜๋Š” ํŒŒ๋“œ๋“ค์€ ํ•˜๋‚˜์˜ ํŠน์ •ํ•œ ๋…ธ๋“œ์— ๋ฐฐํฌ๋˜์ง€ ์•Š์•„์š”. 

 

NodeAffinity ์™€ Label ์„ ํ†ตํ•ด์„œ ๋…ธ๋“œ๋ฅผ ์ œํ•œํ•˜๊ธด ํ•˜์ง€๋งŒ ๋Š์Šจํ•˜๊ฒŒ ๊ทธ๋ฃนํ•‘์„ ํ•˜์ฃ .

 

๋งŒ์•ฝ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ํ™˜๊ฒฝ์—์„œ App ์ด Replica 3 ๊ฐœ๋กœ ๋ฐฐํฌ๋˜๊ณ , Hard PodAffinity ๋ฅผ ์ฃผ์–ด ํŒŒ๋“œ๋ฅผ ์ „๋ถ€ ๋‹ค๋ฅธ ๋…ธ๋“œ์— ๋ฐฐํฌ๋˜๊ฒŒ๋” ํ•œ๋‹ค๋ฉด, ๋˜ ๋‹ค๋ฅธ 3๊ฐœ์˜ ๋…ธ๋“œ๊ฐ€ ๋ชจ๋‘ Instance Profile ์„ ๊ฐ€์ ธ์•ผ ํ•ฉ๋‹ˆ๋‹ค.

6๊ฐœ์˜ ๋…ธ๋“œ์™€ 3๊ฐœ์˜ ํŒŒ๋“œ

๊ทธ๋Ÿฌ๋‹ค ์—…๋ฐ์ดํŠธ ํ•˜๋ฉด์„œ ๊ธฐ์กด ํŒŒ๋“œ๋“ค์ด ์™„์ „ ๋‹ค๋ฅธ ๋…ธ๋“œ๋“ค์— ๋ฐฐํฌ๋œ๋‹ค๋ฉด, ๋˜ ๊ทธ ๋…ธ๋“œ๋“ค์— Instance Profile ์„ ์ง€์ •ํ•˜๊ณ , ์ด์ „ ๋…ธ๋“œ์—์„œ๋Š” ์ง€์›Œ์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋„ˆ๋ฌด ๊ท€์ฐฎ์•„์š”..

 

๊ทธ๋ž˜์„œ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค์—์„  IRSA (IAM Role for Service Account) ์„ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค.

IAM Role for Service Account

ํŒŒ๋“œ์— ServiceAccount ๋ฅผ ์‚ฌ์šฉํ•จ์œผ๋กœ์จ AWS ์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋Š” ํ† ํฐ์ด ํŒŒ๋“œ ๋‚ด ์ปจํ…Œ์ด๋„ˆ๋“ค์— ๋งˆ์šดํŠธ๋ฉ๋‹ˆ๋‹ค.

 

ํ•ด๋‹น ํ† ํฐ์€ pod-identity-webhook ์ด๋ผ๋Š” EKS ์ „์šฉ ์• ๋“œ์˜จ์œผ๋กœ ์ธํ•ด ์ƒ์„ฑ๋˜๊ณ  ๊ด€๋ฆฌ๋ฉ๋‹ˆ๋‹ค. Admission Contoller ์˜ Mutate ๋ฐฉ์‹์„ ์ด์šฉํ•˜์ฃ .

 

์•„๋ฌดํŠผ IRSA ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๋” ์ด์ƒ ๋…ธ๋“œ ๋‹จ์œ„๊ฐ€ ์•„๋‹Œ ํŒŒ๋“œ ๋‹จ์œ„๋กœ AWS ์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.

IRSA ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์€ ์—ฌ๊ธฐ๋ฅผ ์ฐธ๊ณ ํ•˜์‹œ๋ฉด ๋ฉ๋‹ˆ๋‹ค.

 

์„œ๋ก ์ด ๋„ˆ๋ฌด ๊ธธ์—ˆ๋„ค์š”... ๊ทธ๋ž˜๋„ EKS ๋ฅผ ์‚ฌ์šฉํ•œ๋‹ค๋ฉด IRSA ๋ถ€๋ถ„์€ ๋งค์šฐ ์ค‘์š”ํ•˜๋‹ค ๋ณด๋‹ˆ ์‚ด์ง ๋‹ค๋ค„๋ณด์•˜์Šต๋‹ˆ๋‹ค.

 

๊ทธ๋Ÿผ ๋ณธ๋ก ์œผ๋กœ ๋„˜์–ด๊ฐ€์„œ ์ด๋Ÿฌํ•œ IRSA ๋ฅผ ์ผ์Œ์—๋„ ๋ถˆ๊ตฌํ•˜๊ณ  ์™œ Vault ๋Š” DynamoDB ์— ์ ‘๊ทผ์„ ๋ชปํ–ˆ๋Š”์ง€ ์•Œ์•„๋ณด๊ณ , ์–ด๋–ป๊ฒŒ ํ•ด๊ฒฐ ํ–ˆ๋Š”์ง€ ์•Œ์•„๋ณด๋„๋ก ํ•˜์ฃ .

 

๋ ›์ธ ๋‘๋”์ฝ”๋“œ~

 

 

Vault ๋Š” ๋‹ค์–‘ํ•œ ๋ฐฑ์—”๋“œ ์Šคํ† ๋ฆฌ์ง€๋ฅผ ์ง€์›ํ•˜๋Š”๋ฐ ์ €๋Š” HA ๋ชจ๋“œ๋กœ ๋ฐฐํฌํ•  ๊ฒƒ์ด๊ธฐ ๋•Œ๋ฌธ์— DynamoDB ๋ฅผ ์„ ํƒํ–ˆ์Šต๋‹ˆ๋‹ค.

Consul ๊ณผ Raft ๋„ ์œ„์‹œ๋ฆฌ์ŠคํŠธ์— ์žˆ์—ˆ์ง€๋งŒ, ์ตœ์ข…์ ์œผ๋กœ๋Š” DynamoDB ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ๋กœ ๊ฒฐ์ •ํ–ˆ์Šต๋‹ˆ๋‹ค.

 

์ด์œ ๋Š” ์‹ฌํ”Œํ•ฉ๋‹ˆ๋‹ค. Consul ์€ Vault ์ฒ˜๋Ÿผ ํ•˜์‹œ์ฝ”ํ”„์‚ฌ์˜ ์ œํ’ˆ์ธ๋ฐ ์ž˜ ๋ชฐ๋ผ์š”.. ๊ทธ๋ฆฌ๊ณ  Raft ๋Š” Intergrated Storage ๋ฐฉ์‹์ธ๋ฐ ๋…ธ๋“œ๋งˆ๋‹ค Raft ๋ฅผ ๊ฐ€์ ธ์•ผ ํ•ด์„œ ๊ด€๋ฆฌ ์ธก๋ฉด์—์„œ ์†์ด ๋งŽ์ด ๊ฐˆ ๊ฒƒ์ฒ˜๋Ÿผ ์ƒ๊ฐ๋˜์—ˆ๊ณ , ๋ฌด์—‡๋ณด๋‹ค ๊ฐ๊ฐ์˜ Raft ๋ฅผ ๋ฐฑ์—…ํ•˜๊ณ ์ž ํ•˜๋‹ˆ ๋ฐฐ๋ณด๋‹ค ๋ฐฐ๊ผฝ์ด ๋” ํฐ ์ƒ๊ฐ์ด ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

 

๊ทธ๋ž˜์„œ ๊ฒฐ๊ตญ DynamoDB ๋ฅผ ์„ ํƒํ–ˆ์Šต๋‹ˆ๋‹ค. AWS ์—์„œ ๊ด€๋ฆฌํ•ด์ฃผ๊ณ , ํ™•์žฅ์„ฑ์ด ์ข‹์œผ๋ฉฐ, ๋ฌด์—‡๋ณด๋‹ค AWS Backup Policy ๋ฅผ ํ†ตํ•ด์„œ ๋ฐฑ์—…์ด ์‰ฝ๊ฒŒ ๊ฐ€๋Šฅํ–ˆ๊ฑฐ๋“ ์š”. 

 

์•„๋ž˜๋Š” ๊ตฌ์„ฑํ•˜๊ณ ์ž ํ•œ Vault ์•„ํ‚คํ…์ฒ˜์ž…๋‹ˆ๋‹ค.

๊ตฌ์„ฑํ•˜๊ณ ์ž ํ•œ Vault ์•„ํ‚คํ…์ฒ˜

 

backend storage ๋กœ dynamodb ๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๊ณ  ์•„๋ž˜์ฒ˜๋Ÿผ config.hcl ์„ ๊ตฌ์„ฑํ–ˆ๊ณ ,

storage "dynamodb" {
  ha_enabled = "true"
  region     = "ap-northeast-2"
  table      = "vault"
}

 

ํ•˜์‹œ์ฝ”ํ”„์—์„œ ๊ณต์‹์ ์œผ๋กœ ์ œ๊ณต๋˜๋Š” Vault Helm Chart ๋ฅผ ์ด์šฉํ•ด Vault ๋ฅผ HA ๋ชจ๋“œ๋กœ ๋ฐฐํฌํ–ˆ์Šต๋‹ˆ๋‹ค.

 

๊ทธ๋Ÿฐ๋ฐ ์•„๋ž˜์™€ ๊ฐ™์ด dynamoDB ์— ์ ‘๊ทผํ•  ์ˆ˜ ์—†๋‹ค๋Š” ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค.

 

์ด๋ฏธ์ง€์—๋Š” ์ œ๊ฐ€ ๊ฒ€์ •์ƒ‰์œผ๋กœ ๊ฐ€์กŒ์ง€๋งŒ ์ž๊ฒฉ ์ฆ๋ช…์„ Web Token ์ฆ‰, IRSA ๋กœ ํ•˜๋Š” ๊ฒƒ์ด ์•„๋‹ˆ๋ผ EC2 Instance Profile ์„ ํ†ตํ•ด์„œ ํ•˜๋”๊ตฐ์š”. ํŒŒ๋“œ ๋‚ด์— IRSA ๋ฅผ Vault ๊ฐ€ ์ธ์‹ํ•˜์ง€ ๋ชปํ–ˆ์Šต๋‹ˆ๋‹ค. 

 

IRSA ๋ฅผ ๋จผ์ € ํ™•์ธํ•˜๊ณ , ์—†์œผ๋ฉด EC2 Instance Profile ๋ฅผ ํ™•์ธํ•˜๋Š”๋ฐ EC2 Instance Profile ๋ฅผ ์ด์šฉํ•ด์„œ ์ž๊ฒฉ ์ฆ๋ช…์„ ํ•œ ๊ฒƒ์„ ๋ณด์•„ํ•˜๋‹ˆ ์•„๋งˆ ํŒŒ๋“œ์— IRSA ๊ฐ€ ํ• ๋‹น๋˜์ง€ ์•Š์€ ๊ฒƒ ๊ฐ™์•˜์Šต๋‹ˆ๋‹ค.

 

๊ทธ๋ž˜์„œ IRSA ์ƒ์„ฑ ๊ณผ์ •์— ํ˜น์‹œ๋‚˜ ์˜คํƒ€๊ฐ€ ์žˆ์„๊นŒ ๋ˆˆ์œผ๋กœ ์ง์ ‘ yaml ์„ ํ™•์ธํ–ˆ๊ณ , IRSA ๋ฅผ ํ…Œ์ŠคํŠธ ํ•ด๋ณผ ํŒŒ๋“œ๋ฅผ ๋งŒ๋“ค์–ด ํ™•์ธํ•œ ๊ฒฐ๊ณผ dynamoDB ์— ์ ‘๊ทผ์ด ๊ฐ€๋Šฅํ–ˆ์Šต๋‹ˆ๋‹ค.

 

๊ทธ๋Ÿฐ๋ฐ ๋ง‰์ƒ Vault ํŒŒ๋“œ์—์„  ์ž๊พธ ๊ถŒํ•œ์ด ์—†๋‹ค๊ณ  ๋‚˜์˜ค๋„ค์š”..

 

IRSA ์— ์˜คํƒ€๋„ ์—†๊ณ , ํŒŒ๋“œ์—๋Š” ๋ถ„๋ช… /var/run/secrets/eks.amazonaws.com/serviceaccount/token ๋„ ์ž˜ ๋งˆ์šดํŠธ๋˜์–ด ์žˆ๊ณ , ๋‚˜๋จธ์ง€ ํ™˜๊ฒฝ๋ณ€์ˆ˜๋„ ์ž˜ ์„ค์ •๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

 

ํ˜น์‹œ Vault ๊ฐ€ ๋ฐฐํฌ๋˜๋Š” ์›Œ์ปค ๋…ธ๋“œ์— ๋ฌธ์ œ๊ฐ€ ์žˆ๋Š” ๊ฑธ๊นŒ?

ํ•˜์ง€๋งŒ ๋ฐฐํฌ๋˜๋Š” ๋…ธ๋“œ์—๋Š” aws-node ๋„ ์ž˜ ์‹คํ–‰๋˜๊ณ  ์žˆ๊ณ , describe node ๋ฅผ ํ•ด๋ณธ ๊ฒฐ๊ณผ ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋“ค๋„ ์ž˜ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

 

๋…ธ๋“œ ๋ฌธ์ œ๋Š” ์•„๋‹Œ ๊ฑฐ ๊ฐ™์•„์š”..!!

 

์ •๋ง์ •๋ง์ •๋ง์ •๋ง์ •๋ง ๋ฌธ์ œ๊ฐ€ ์—†์–ด ๋ณด์ด๋Š”๋ฐ, ์•ˆ๋œ๋‹ค... ๋ฏธ์นœ๋‹ค..

 

์ด ์ง€๊ฒฝ๊นŒ์ง€ ์˜ค๋‹ˆ ์ œ๊ฐ€ ์•Œ๊ณ  ์žˆ๋˜ EKS ์ง€์‹๋“ค์ด ๋ถ€์ •๋‹นํ•˜๋Š” ๊ธฐ๋ถ„๊นŒ์ง€๋„ ๋“ค์—ˆ์ฃ ..

 

ํ˜น์‹œ ๋ชฐ๋ผ์„œ Vault Repository ์˜ Issue ๋“ค์„ ํ•œ๋ฒˆ ์‚ดํŽด๋ณด์•˜๋Š”๋ฐ..!! ๋น„์Šทํ•œ ๋ฌธ์ œ๋ฅผ ๊ฒช๋Š” ์‚ฌ๋žŒ๋“ค์ด ๊ฝค ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค!!

 

hashicorp/vault-helm ์ด ์•„๋‹Œ hashicorp/vault ์— ์žˆ๋Š” Issue ๋“ค์ด๋‹ค.. hashicorp/vault-helm ์—๋Š” ๊ด€๋ จ ๋ฌธ์ œ๊ฐ€ ์žˆ์ง„ ์•Š๋‹ค..

 

๊ทธ ์ค‘ ํ•˜๋‚˜๋ฅผ ๋“ค์–ด๊ฐ€์„œ ์‚ดํŽด๋ณด์ฃ .

https://github.com/hashicorp/vault/issues/10458

 

์ด ๋ถ„์€ AWS KMS ์— ๋Œ€ํ•œ ์ ‘๊ทผ์ด ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒƒ์ด์ง€๋งŒ ์–ด์ฐŒ๋๋“  AWS ์ ‘๊ทผ์— ๋Œ€ํ•œ ๋ฌธ์ œ์ด๋‹ˆ ๋ณ„๋ฐ˜ ๋‹ค๋ฅผ ๊ฒƒ์ด ์—†์–ด ๋ณด์ž…๋‹ˆ๋‹ค.

 

๋ฐ‘์œผ๋กœ ์Šคํฌ๋กค ํ•˜๊ณ  ์žˆ๋Š”๋ฐ ์ด๋Ÿฐ ์ฝ”๋ฉ˜ํŠธ๊ฐ€ ์žˆ๋”๊ตฐ์š”.

https://github.com/hashicorp/vault/issues/10458

 

"1.14.1 ๋ฒ„์ „์„ ์‚ฌ์šฉํ•ด๋ด!!"

 

ํ˜น์‹œ ๋ชฐ๋ผ์„œ ๋‹ค๋ฅธ Issue ๋„ ์‚ดํŽด๋ณด์•˜์Šต๋‹ˆ๋‹ค.

์–ผ์ถ”๋ด๋„ ์ œ๊ฐ€ ๊ฒช๋Š” ๋ฌธ์ œ์™€ ๋น„์Šทํ•ด๋ณด์ด์ฃ ?

https://github.com/hashicorp/vault/issues/21478

 

ํ™•์‹คํ•ฉ๋‹ˆ๋‹ค. 1.14.1 ๋ฒ„์ „์œผ๋กœ ๋†’์ด๋ฉด ๋  ๊ฑฐ ๊ฐ™์•„์š”!!

https://github.com/hashicorp/vault/issues/21478

 

1.14.1 ๋ฒ„์ „๋ถ€ํ„ฐ ๋ฌธ์ œ๊ฐ€ fix ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

https://github.com/hashicorp/vault/releases

์ด๋Ÿฌํ•œ ๋ฌธ์ œ๊ฐ€ ๋Œ€๋žต 20๋…„11์›”๋ถ€ํ„ฐ ์žˆ์—ˆ๋Š”๋ฐ… 3์ฃผ ์ „์— ํ•ด๊ฒฐ์ด ๋จ…!!
์ฐธ๊ณ ๋กœ ๊ธ€ ์ž‘์„ฑ ๊ธฐ์ค€์œผ๋กœ ์˜ค๋Š˜์€ 23๋…„08์›”15์ผ์ž…๋‹ˆ๋‹ค... 3๋…„...

 

 

๊ทธ์— ๋ฐ˜ํ•ด ๊ฐ€์žฅ ์ตœ์‹  ๋ฒ„์ „์˜ Vault Chart ์—์„  ์—ฌ์ „ํžˆ 1.14.0 ๋ฒ„์ „์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

https://github.com/hashicorp/vault-helm/releases/tag/v0.25.0

 

 

์ดํ›„ ๋ฒ„์ „์„ 1.14.1 ๋กœ ์—…๊ทธ๋ ˆ์ด๋“œ ์‹œ์ผœ์คฌ๋”๋‹ˆ ๋ฌด์‚ฌํžˆ ๋ฐฐํฌ๊ฐ€ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

 

๋Š˜ ๋ฌธ์ œ๊ฐ€ ๊ทธ๋ ‡๋“ฏ ๊ฐ„๋‹จํ•œ ํ•˜๋‚˜๋ฅผ ๋ฐ”๊พธ๋ฉด ๋˜๋Š”๋ฐ.. ๊ทธ๊ฑธ ์ฐพ๊ธฐ๊ฐ€ ์‰ฝ์ง€ ์•Š๋„ค์š”..

 

๊ฐ„ํ˜น๋ณด๋ฉด WEB_TOKEN_FILE ๋กœ AWS ์ธ์ฆ์ด ๋ถˆ๊ฐ€๋Šฅํ•œ ํ”„๋กœ์ ํŠธ๋“ค์ด ์žˆ์Šต๋‹ˆ๋‹ค. (์˜ˆ. Goofys)

 

์ด๋Ÿด ๊ฒฝ์šฐ AWS_SECRET_KEY ๋ฅผ ์ง์ ‘ ์ œ๊ณตํ•ด์ฃผ๋Š”๋ฐ.. IAM Role ๊ฐ™์€ ๊ฒฝ์šฐ ์ตœ๋Œ€ 24์‹œ๊ฐ„๋งˆ๋‹ค ๊ฐฑ์‹ ํ•ด์ฃผ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์•„๋‹ˆ๋ฉด IAM User ๋ฅผ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๋Š”๋ฐ IAM User ๋Š” ์ ˆ๋Œ€ ์•„๋‹Œ๊ฑฐ ๊ฐ™์•„์š”.

 

๊ฒฐ๊ตญ 24์‹œ๊ฐ„๋งˆ๋‹ค ๊ฐฑ์‹ ํ•  ์ˆ˜ ์žˆ๋Š” ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์งœ์•ผํ• ํ…๋ฐ.. ๊ณผ์—ฐ ์ด๊ฒŒ ์ตœ์„ ์ผ๊นŒ ๋ผ๋Š” ๊ถ๊ธˆ์ฆ์ด ๋“ญ๋‹ˆ๋‹ค!!

ํ˜น์‹œ ์ข‹์€ ๋ฐฉ๋ฒ•์ด ์žˆ๋‹ค๋ฉด ๊ผญ ์•Œ๋ ค์ฃผ์„ธ์š” :)

 

๊ทธ๋Ÿผ ์˜ค๋Š˜์€ ์—ฌ๊ธฐ๊นŒ์ง€!

 

 

PS.

๊ธ€์—์„  ์ƒ๋žต๋˜์—ˆ์ง€๋งŒ ์ฒ˜์Œ์— IRSA ๊ฐ€ ์™œ ์•ˆ๋จนํžˆ๋Š”์ง€ ํ…Œ์ŠคํŠธ ํ•ด๋ณด๊ณ  ์‹ถ์–ด์„œ HA ๋ชจ๋“œ๊ฐ€ ์•„๋‹Œ Dev ๋ชจ๋“œ๋กœ ์‹คํ–‰ํ–ˆ๋Š”๋ฐ.. ์ด๋•Œ๋„ AWS ์— ์ ‘๊ทผ์ด ๋ถˆ๊ฐ€๋Šฅํ–ˆ์Šต๋‹ˆ๋‹ค. ์ด๊ฒƒ์ €๊ฒƒ ์•Œ์•„๋ณธ ๊ฒฐ๊ณผ Dev ๋ชจ๋“œ ๊ฐ™์€ ๊ฒฝ์šฐ Helm Chart ์—์„œ ServiceAccount ์— Annotation ์„ ์ถ”๊ฐ€ํ•ด์ฃผ์ง€ ์•Š๋”๊ตฐ์š”.. values.yaml ์— ๋ช…์‹œ๋œ ๊ฒƒ์ด ์—†์–ด์„œ ๋ชจ๋“œ์™€ ์ƒ๊ด€์—†์ด Annotation ์„ ์ถ”๊ฐ€ํ•˜๋ฉด ServiceAccount ์— ์ถ”๊ฐ€๋˜๋Š” ์ค„ ์•Œ์•˜๋Š”๋ฐ ์•„๋‹ˆ์˜€์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ Dev Mode ์—์„  _helper.tpl ์„ ์•ฝ๊ฐ„ ์ˆ˜์ •ํ•ด์ฃผ์–ด์„œ ํ…Œ์ŠคํŠธ ํ–ˆ์Šต๋‹ˆ๋‹ค.. ๊ฒฐ๊ตญ Vault ๋ฒ„์ „ ๋ฌธ์ œ์—ฌ์„œ ์„ฑ๊ณต๋„ ๋ชปํ–ˆ๊ณ  ์ƒ๊ด€๋„ ์—†์—ˆ์ง€๋งŒ.. ใ…œใ…œใ…œ

 

profile on loading

Loading...