Step 0 “Terraform을 사용하여 EKS 클러스터 구성해 봅니다.
provider "aws" {
region = "ap-northeast-2"
}
locals {
vpc_name = "semi-project-terraform" // VPC 이름
cidr = "10.194.0.0/16" // VPC의 CIDR 블록
public_subnets = ["10.194.0.0/24", "10.194.1.0/24"] // 퍼블릭 서브넷 CIDR
private_subnets = ["10.194.100.0/24", "10.194.101.0/24"] // 프라이빗 서브넷 CIDR
azs = ["ap-northeast-2a", "ap-northeast-2c"] // 사용할 가용 영역
cluster_name = "your-cluster-name" // EKS 클러스터 이름
}
resource "aws_vpc" "this" {
cidr_block = local.cidr
tags = { Name = local.vpc_name }
}
resource "aws_default_route_table" "this" {
default_route_table_id = aws_vpc.this.default_route_table_id
tags = { Name = "${local.vpc_name}-default" }
}
resource "aws_default_security_group" "this" {
vpc_id = aws_vpc.this.id
tags = { Name = "${local.vpc_name}-default" }
}
resource "aws_internet_gateway" "this" {
vpc_id = aws_vpc.this.id
tags = { Name = "${local.vpc_name}-igw" }
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.this.id
tags = { Name = "${local.vpc_name}-public" }
}
resource "aws_route" "public_worldwide" {
route_table_id = aws_route_table.public.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.this.id
}
resource "aws_subnet" "public" {
count = length(local.public_subnets)
vpc_id = aws_vpc.this.id
cidr_block = local.public_subnets[count.index]
availability_zone = local.azs[count.index]
map_public_ip_on_launch = true
tags = {
Name = "${local.vpc_name}-public-${count.index + 1}",
"kubernetes.io/cluster/${local.cluster_name}" = "shared",
"kubernetes.io/role/elb" = "1"
}
}
resource "aws_eks_cluster" "example" {
name = local.cluster_name
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = aws_subnet.public.*.id
}
}
resource "aws_eks_node_group" "example" {
cluster_name = aws_eks_cluster.example.name
node_group_name = "your-node-group-name"
node_role_arn = aws_iam_role.example.arn
subnet_ids = aws_subnet.public.*.id
scaling_config {
desired_size = 2
max_size = 3
min_size = 2
}
}
resource "aws_iam_role" "example" {
name = "example"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Effect = "Allow",
Principal = {
Service = "eks.amazonaws.com"
}
}
]
})
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = aws_iam_role.example.name
}
Step 1 Stateful 애플리케이션 배포하기
Step 2-1
wordpress-deployment.yaml에 livenessProbe 설정 추가
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 3
periodSeconds: 3
wordpress-hpa.yaml
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: wordpress-hpa
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: wordpress
minReplicas: 1
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
wordpress-ingress.yaml
apiVersion: v1
kind: Service
metadata:
name: wordpress
labels:
app: wordpress
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: wordpress
tier: frontend
Step 2-2 stateless 애플리케이션 배포하기
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: region
operator: In
values:
- us-west-1
service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- port: 80
nodePort: 30007
selector:
app: nginx
blue-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-blue
spec:
replicas: 2
selector:
matchLabels:
app: nginx
version: blue
template:
metadata:
labels:
app: nginx
version: blue
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
green-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-green
spec:
replicas: 2
selector:
matchLabels:
app: nginx
version: green
template:
metadata:
labels:
app: nginx
version: green
spec:
containers:
- name: nginx
image: nginx:1.16.1
ports:
- containerPort: 80
Step 3
Secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql-root-password
type: Opaque
data:
password: MTIzNA==
base64로 인코딩 : echo -n 'password' | base64
PVC.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
MySQL.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
serviceName: "mysql"
replicas: 2
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root-password
key: password
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
resources:
requests:
memory: "1Gi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
livenessProbe:
exec:
command: ["mysqladmin", "ping"]
initialDelaySeconds: 30
periodSeconds: 10
volumeClaimTemplates:
- metadata:
name: mysql-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
Headless-Service.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
clusterIP: None
selector:
app: mysql