EKS Create

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: eda-eks-cluster
  version: "1.32"
  region: ap-northeast-2

vpc:
  subnets:
    public:
      public-a: { id: subnet-017e514d3ff8d2c35 } #기용영역 a에 위치한 퍼블릭 서브넷
      public-c: { id: subnet-055bfc125e3297d1a } #가용영역 c에 위치한 퍼블릭 서브넷

iamIdentityMappings:
  - arn: arn:aws:iam::003150130236:user/root
    groups:
      - system:masters
    username: root-admin
    noDuplicateARNs: true

iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: aws-load-balancer-controller
      namespace: kube-system
    wellKnownPolicies:
      awsLoadBalancerController: true

managedNodeGroups:
  - name: eda-eks-worker-nodegroup
    labels: { app: nga }
    instanceType: t3.medium
    instanceName: eda-eks-worker
    desiredCapacity: 2
    minSize: 1
    maxSize: 10
    amiFamily: AmazonLinux2023
    privateNetworking: true
    volumeType: gp2
    volumeEncrypted: true
    subnets:
      - public-a
      - public-c
    iam:
      withAddonPolicies:
        imageBuilder: true
        awsLoadBalancerController: true
        autoScaler: true

CA

CA와 Karpenter 둘이 있지만 난 더 간단한 CA로 구현했다.

aws autoscaling create-or-update-tags --tags \\
  ResourceId=<YOUR_ASG_NAME>,ResourceType=auto-scaling-group,Key=kubernetes.io/cluster/<EKS_CLUSTER_NAME>,Value=owned,PropagateAtLaunch=true \\
  ResourceId=<YOUR_ASG_NAME>,ResourceType=auto-scaling-group,Key=k8s.io/cluster-autoscaler/enabled,Value=true,PropagateAtLaunch=true \\
  ResourceId=<YOUR_ASG_NAME>,ResourceType=auto-scaling-group,Key=k8s.io/cluster-autoscaler/<EKS_CLUSTER_NAME>,Value=true,PropagateAtLaunch=true

IAM 권한이 필요하지만 난 administrator을 써서 딱히 구성은 안했다.

helm repo add autoscaler <https://kubernetes.github.io/autoscaler>
helm repo update
helm install cluster-autoscaler autoscaler/cluster-autoscaler \\
  --namespace kube-system \\
  --set autoDiscovery.clusterName=<EKS_CLUSTER_NAME> \\
  --set awsRegion=<AWS_REGION> \\
  --set extraArgs.balance-similar-node-groups=true \\
  --set extraArgs.skip-nodes-with-system-pods=false

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: eda-nginx
  namespace: eda-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: eda
  template:
    metadata:
      labels:
        app: eda
    spec:
      containers:
        - name: nginx-container
          image: nginx:latest
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: eda-app
spec:
  type: NodePort
  selector:
    app: eda
  ports:
    - name: eda-port
      protocol: TCP
      port: 80
      targetPort: 80