eksctl로 AWS EKS 구성하기

Tech Note 정보
카테고리: [ Amazon Web Services ]
조회수: 23797

1. 개요

이 문서는 우분투 리눅스를 기준으로 한다.

2. AWSCLI 설치

Ubuntu Linux AWS CLI 설치

3. AWS Configure

aws configure를 실행한다.

4. eksctl 설치

$ curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
$ sudo mv /tmp/eksctl /usr/local/bin
$ eksctl version
[ℹ]  version.Info{BuiltAt:"", GitCommit:"", GitTag:"0.7.0"}

5. kubectl 설치

Kubernetes는 클러스터 API 서버와 통신하기 위해 kubectl이라는 명령줄 유틸리티를 사용한다.

$ curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/kubectl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 41.0M  100 41.0M    0     0  11.0M      0  0:00:03  0:00:03 --:--:-- 11.0M
$ chmod +x ./kubectl
$ mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
$ echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
$ kubectl version --short --client
Client Version: v1.14.7-eks-1861c5

6. 클러스터 생성

[예제1]

$ eksctl create cluster \
> --name prod \
> --version 1.14 \
> --nodegroup-name standard-workers \
> --node-type t3.micro \
> --nodes 1 \
> --nodes-min 1 \
> --nodes-max 2 \
> --node-ami auto
[ℹ]  eksctl version 0.7.0
[ℹ]  using region ap-northeast-2
[ℹ]  setting availability zones to [ap-northeast-2c ap-northeast-2a ap-northeast-2b]
[ℹ]  subnets for ap-northeast-2c - public:192.168.0.0/19 private:192.168.96.0/19
[ℹ]  subnets for ap-northeast-2a - public:192.168.32.0/19 private:192.168.128.0/19
[ℹ]  subnets for ap-northeast-2b - public:192.168.64.0/19 private:192.168.160.0/19
[ℹ]  nodegroup "standard-workers" will use "ami-06c04d3b24526aa7e" [AmazonLinux2/1.14]
[ℹ]  using Kubernetes version 1.14
[ℹ]  creating EKS cluster "prod" in "ap-northeast-2" region
[ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
[ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-northeast-2 --name=prod'
[ℹ]  CloudWatch logging will not be enabled for cluster "prod" in "ap-northeast-2"
[ℹ]  you can enable it with 'eksctl utils update-cluster-logging --region=ap-northeast-2 --name=prod'
[ℹ]  2 sequential tasks: { create cluster control plane "prod", create nodegroup "standard-workers" }
[ℹ]  building cluster stack "eksctl-prod-cluster"
[ℹ]  deploying stack "eksctl-prod-cluster"
[ℹ]  building nodegroup stack "eksctl-prod-nodegroup-standard-workers"
[ℹ]  deploying stack "eksctl-prod-nodegroup-standard-workers"
[✔]  all EKS cluster resources for "prod" have been created
[✔]  saved kubeconfig as "/home/ubuntu/.kube/config"
[ℹ]  adding identity "arn:aws:iam::xxx:role/eksctl-prod-nodegroup-standard-wo-NodeInstanceRole-xxx" to auth ConfigMap
[ℹ]  nodegroup "standard-workers" has 0 node(s)
[ℹ]  waiting for at least 1 node(s) to become ready in "standard-workers"
[ℹ]  nodegroup "standard-workers" has 1 node(s)
[ℹ]  node "ip-192-168-93-30.ap-northeast-2.compute.internal" is ready
[ℹ]  kubectl command should work with "/home/ubuntu/.kube/config", try 'kubectl get nodes'
[✔]  EKS cluster "prod" in "ap-northeast-2" region is ready

[예제2]

$ eksctl create cluster \
> --name prod \
> --version 1.14 \
> --nodegroup-name standard-workers \
> --node-type t3.small \
> --nodes 1 \
> --nodes-min 1 \
> --nodes-max 3 \
> --node-ami auto
[ℹ]  eksctl version 0.7.0
[ℹ]  using region ap-northeast-2
[ℹ]  setting availability zones to [ap-northeast-2a ap-northeast-2c ap-northeast-2b]
[ℹ]  subnets for ap-northeast-2a - public:192.168.0.0/19 private:192.168.96.0/19
[ℹ]  subnets for ap-northeast-2c - public:192.168.32.0/19 private:192.168.128.0/19
[ℹ]  subnets for ap-northeast-2b - public:192.168.64.0/19 private:192.168.160.0/19
[ℹ]  nodegroup "standard-workers" will use "ami-06c04d3b24526aa7e" [AmazonLinux2/1.14]
[ℹ]  using Kubernetes version 1.14
[ℹ]  creating EKS cluster "prod" in "ap-northeast-2" region
[ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
[ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-northeast-2 --name=prod'
[ℹ]  CloudWatch logging will not be enabled for cluster "prod" in "ap-northeast-2"
[ℹ]  you can enable it with 'eksctl utils update-cluster-logging --region=ap-northeast-2 --name=prod'
[ℹ]  2 sequential tasks: { create cluster control plane "prod", create nodegroup "standard-workers" }
[ℹ]  building cluster stack "eksctl-prod-cluster"
[ℹ]  deploying stack "eksctl-prod-cluster"
[ℹ]  building nodegroup stack "eksctl-prod-nodegroup-standard-workers"
[ℹ]  deploying stack "eksctl-prod-nodegroup-standard-workers"
[✔]  all EKS cluster resources for "prod" have been created
[✔]  saved kubeconfig as "/home/ubuntu/.kube/config"
[ℹ]  adding identity "arn:aws:iam::825752335902:role/eksctl-prod-nodegroup-standard-wo-NodeInstanceRole-YX6ZMX2B8QD6" to auth ConfigMap
[ℹ]  nodegroup "standard-workers" has 0 node(s)
[ℹ]  waiting for at least 1 node(s) to become ready in "standard-workers"
[ℹ]  nodegroup "standard-workers" has 1 node(s)
[ℹ]  node "ip-192-168-68-38.ap-northeast-2.compute.internal" is ready
[ℹ]  kubectl command should work with "/home/ubuntu/.kube/config", try 'kubectl get nodes'
[✔]  EKS cluster "prod" in "ap-northeast-2" region is ready

참고로 EKS Cluter 배포 시 권한 문제가 발생하면 다음과 같은 IAM Policy를 만들어서 해당 계정에 attach하면 된다. (공식적인 방법은 아니다)

예: AmazonEKSAdminPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:*"
            ],
            "Resource": "*"
        }
    ]
}

[참고] 복사용 스크립트

eksctl create cluster \
--name prod \
--version 1.14 \
--nodegroup-name standard-workers \
--node-type t3.small \
--nodes 1 \
--nodes-min 1 \
--nodes-max 3 \
--node-ami auto

7. 확인

$ kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1           443/TCP   64m

8. 클러스터 확장

8.1. 현재 클러스터 확인

$ eksctl get nodegroup --cluster=prod
CLUSTER NODEGROUP               CREATED                 MIN SIZE        MAX SIZE        DESIRED CAPACITY        INSTANCE TYPE   IMAGE ID
prod    standard-workers        2019-10-30T06:00:01Z    1               2               1                       t3.micro        ami-06c04d3b24526aa7e

8.2. 노드 수 확장

$ eksctl scale nodegroup --cluster=prod --nodes=3 --name=standard-workers
[ℹ]  scaling nodegroup stack "eksctl-prod-nodegroup-standard-workers" in cluster eksctl-prod-cluster
[ℹ]  scaling nodegroup, desired capacity from 1 to 3, max size from 2 to 3

8.3. 변경 클러스터 확인

$ eksctl get nodegroup --cluster=prod
CLUSTER NODEGROUP               CREATED                 MIN SIZE        MAX SIZE        DESIRED CAPACITY        INSTANCE TYPE   IMAGE ID
prod    standard-workers        2019-10-30T06:00:01Z    1               3               3                       t3.micro        ami-06c04d3b24526aa7e