cd ~/k8s-repo
mkdir app
cd app
cat <<EOF > app-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: pengbai/docker-supermario
imagePullPolicy: Always
ports:
- containerPort: 8080
EOF
kubectl apply -f app-deploy.yaml
kubectl get deploy
kubectl get pod
# (참고)
# pod 로그 확인
kubectl logs <pod-name>
# pod 내부 접속
kubectl exec -it <pod-name> -- bash
ls
cat <<EOF > app-service.yaml
apiVersion: v1
kind: Service
metadata:
name: my-app-svc
spec:
selector:
app: my-app
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
EOF
kubectl apply -f app-service.yaml
kubectl get svc
# IAM OIDC 확인
aws eks describe-cluster --name <cluster-name> --query "cluster.identity.oidc.issuer" --output text
aws iam list-open-id-connect-providers | grep B92E974912A4423AC4B83041B266E3FE # /id/ 뒤에 값으로 변경
cd ~/k8s-repo
mkdir alb-controller
cd alb-controller
# ALB Controller IAM Role 생성
curl -o iam-policy.json <https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.8.1/docs/install/iam_policy.json>
aws iam create-policy \\
--policy-name AWSLoadBalancerControllerIAMPolicy-<name> \\
--policy-document file://iam-policy.json
# ALB controller serviceaccount 생성
eksctl create iamserviceaccount \\
--cluster <cluster-name> \\
--namespace kube-system \\
--name aws-load-balancer-controller \\
--attach-policy-arn <policy-arn> \\
--override-existing-serviceaccounts \\
--approve
# cert-manager 설치
# pod 간의 http 통신을 할 수 있게끔
kubectl apply --validate=false -f <https://github.com/jetstack/cert-manager/releases/download/v1.12.3/cert-manager.yaml>
# ALB Controller 설치
wget <https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.8.1/v2_8_1_full.yaml>
vi v2_8_1_full.yaml
# cluster-name을 자신의 cluster-name으로 변경 후 저장
# ServiceAccount 삭제 (apiVersion, kind, metadata 전부)
kubectl apply -f v2_8_1_full.yaml
# ingressclass 파라미터 사용을 위한 작업
wget <https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.8.1/v2_8_1_ingclass.yaml>
kubectl apply -f v2_8_1_ingclass.yaml
# ALB controller 생성 확인
kubectl get deployment -n kube-system aws-load-balancer-controller
❗❗그 전에 ALB 배포할 public 서브넷 태그 달아주기❗❗
(public1 / public2 모두 key-value 넣어줘야함)
| kubernetes.io/cluster/<cluster-name> | shared |
|---|---|
| kubernetes.io/role/elb | 1 |
cd ~/k8s-repo/app
cat <<EOF > app-alb.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress
namespace: default
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing # 외부에서 접속
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: my-alb
alb.ingress.kubernetes.io/group.order: '1'
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "my-app-svc"
port:
number: 8080
EOF
kubectl apply -f app-alb.yaml
kubectl get ingress
