<3> AWS LB/ExternalDNS/EBS/EFS, kube-ops-view 설치 1 # ExternalDNS MyDomain=<자신의 도메인> echo "export MyDomain=<자신의 도메인>" >> /etc/profile MyDomain=masterseo1.link echo "export MyDomain=masterseo1.link" >> /etc/profile MyDnzHostedZoneId=$(aws route53 list-hosted-zones-by-name --dns-name "${MyDomain}." --query "HostedZones[0].Id" --output text) echo $MyDomain, $MyDnzHostedZoneId curl -s -O https://raw.githubusercontent.com/gasida/PKOS/main/aews/externaldns.yaml MyDomain=$MyDomain MyDnzHostedZoneId=$MyDnzHostedZoneId envsubst < externaldns.yaml | kubectl apply -f - (masterseo1:default) [root@myeks-bastion-EC2 ~]# MyDomain=$MyDomain MyDnzHostedZoneId=$MyDnzHostedZoneId envsubst < externaldns.yaml | kubectl apply -f - serviceaccount/external-dns clusterrole.rbac.authorization.k8s.io/external-dns clusterrolebinding.rbac.authorization.k8s.io/external-dns-viewer deployment.apps/external-dns external-dns 2 # kube-ops-view helm repo add geek-cookbook https://geek-cookbook.github.io/charts/ helm install kube-ops-view geek-cookbook/kube-ops-view --version 1.2.2 --set env.TZ="Asia/Seoul" --namespace kube-system kubectl patch svc -n kube-system kube-ops-view -p '{"spec":{"type":"LoadBalancer"}}' kubectl annotate service kube-ops-view -n kube-system "external-dns.alpha.kubernetes.io/hostname=kubeopsview.$MyDomain" echo -e "Kube Ops View URL = http://kubeopsview.$MyDomain:8080/#scale=1.5" http://kubeopsview.masterseo1.link:8080/#scale=1.5 (2분 걸림) 8080로 접속 해야 한다. 20 dns.txt 3 # AWS LB Controller 설치 helm repo add eks https://aws.github.io/eks-charts helm repo update helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=$CLUSTER_NAME --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller lb pod 2개 생김 4 # EBS csi driver 설치 확인 ? eksctl get addon --cluster ${CLUSTER_NAME} kubectl get pod -n kube-system -l 'app in (ebs-csi-controller,ebs-csi-node)' kubectl get csinodes ------------------------------------------------------------------------- NAME READY STATUS RESTARTS AGE ebs-csi-controller-67658f895c-9275d 6/6 Running 0 26m ebs-csi-controller-67658f895c-p9xw2 6/6 Running 0 26m ebs-csi-node-g672x 3/3 Running 0 26m ebs-csi-node-l7mpw 3/3 Running 0 26m ebs-csi-node-nsgdd 3/3 Running 0 26m - 5 # gp3 스토리지 클래스 생성 현재 스토리지 클레스는 gp2이다. kubectl get sc (masterseo1:kube-system) [root@myeks-bastion-EC2 ~]# kubectl get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer false gp3로 바꿔보자. cat < gp3-sc.yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: gp3 allowVolumeExpansion: true provisioner: ebs.csi.aws.com volumeBindingMode: WaitForFirstConsumer parameters: type: gp3 allowAutoIOPSPerGBIncrease: 'true' encrypted: 'true' EOT kubectl apply -f gp3-sc.yaml kubectl get sc (masterseo1:kube-system) [root@myeks-bastion-EC2 ~]# kubectl get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer false 43m gp3 ebs.csi.aws.com Delete WaitForFirstConsumer true 1s 6 # EFS csi driver 설치 helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver helm repo update helm upgrade -i aws-efs-csi-driver aws-efs-csi-driver/aws-efs-csi-driver --namespace kube-system --set image.repository=602401143452.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/eks/aws-efs-csi-driver --set controller.serviceAccount.create=false --set controller.serviceAccount.name=efs-csi-controller-sa kubectl get deploy,pods # EFS 스토리지클래스 생성 및 확인 curl -s -O https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/storageclass.yaml sed -i "s/fs-92107410/$EfsFsId/g" storageclass.yaml kubectl apply -f storageclass.yaml kubectl get sc efs-sc (masterseo1:kube-system) [root@myeks-bastion-EC2 ~]# kubectl get sc efs-sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE efs-sc efs.csi.aws.com Delete Immediate false 1s 7 확인 # 이미지 정보 확인 kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c # eksctl 설치/업데이트 addon 확인 eksctl get addon --cluster $CLUSTER_NAME ebs-csi-driver # IRSA 확인 - role 2개 확인, 로드 밸런서와 efs 확인 eksctl get iamserviceaccount --cluster $CLUSTER_NAME