https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/private-clusters.html

구축 방법

• 필요한 Endpoint 8개 생성해주기
• ping test ← 실패 해야함

배포 파일

app

cluster.yaml

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: wsi-cluster
  version: "1.31"
  region: ap-northeast-2

cloudWatch:
  clusterLogging:
    enableTypes: ["*"]

iam:
  withOIDC: true
  serviceAccounts:
    - metadata:
        name: aws-load-balancer-controller
        namespace: kube-system
      wellKnownPolicies:
        awsLoadBalancerController: true
    - metadata:
        name: cert-manager
        namespace: cert-manager
      wellKnownPolicies:
        certManager: true

privateCluster:
  enabled: true
  skipEndpointCreation: true

vpc:
  securityGroup: sg-0c1843d9c76955861 # Ingress 443 Egress All traffic
  subnets:
    private:
      ap-northeast-2a: { id: private_a }
      ap-northeast-2b: { id: private_b }

managedNodeGroups:
  - name: wsi-app-nodegroup
    instanceName: wsi-app-node
    instanceType: c5.large
    desiredCapacity: 2
    minSize: 2
    maxSize: 4
    privateNetworking: true

eksctl create cluster -f cluster.yaml

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: node
  namespace: default
  labels:
    app: node
spec:
  replicas: 2
  selector:
    matchLabels:
      app: node
  template:
    metadata:
      labels:
        app: node
    spec:
      containers:
        - name: node
          image: 362708816803.dkr.ecr.ap-northeast-2.amazonaws.com/app:latest
          ports:
            - containerPort: 8080

kubectl apply -f deployment.yaml

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: node
  namespace: default
spec:
  selector:
    app: node
  type: ClusterIP
  sessionAffinity: None
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
  ports:
    - name: node
      protocol: TCP
      port: 8080
      targetPort: 8080

kubectl apply -f service.yaml

ingress.yaml