cat <<EOF> values.yaml
nodeSelector: {
type: addon
}
EOF
Shell
복사
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=wsi-eks-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
-f values.yaml
Shell
복사
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wsi-ing
namespace: wsi
annotations:
alb.ingress.kubernetes.io/load-balancer-name: wsi-app-alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/security-groups: sg_id
alb.ingress.kubernetes.io/wafv2-acl-arn: waf_arn
alb.ingress.kubernetes.io/healthcheck-path: /healthcheck
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '5'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '3'
alb.ingress.kubernetes.io/healthy-threshold-count: '3'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=30
alb.ingress.kubernetes.io/actions.targets: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"customer-service","servicePort":8080,"weight":50},{"serviceName":"order-service","servicePort":8080,"weight":50}]}}
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /v1/customer
pathType: Prefix
backend:
service:
name: customer-service
port:
number: 8080
- path: /v1/product
pathType: Prefix
backend:
service:
name: product-service
port:
number: 8080
- path: /v1/order
pathType: Prefix
backend:
service:
name: order-service
port:
number: 8080
- path: /healthcheck
pathType: ImplementationSpecific
backend:
service:
name: targets
port:
name: use-annotation
YAML
복사
sg_id=$(aws ec2 describe-security-groups --query "SecurityGroups[?GroupName=='wsi-app-alb-sg'].GroupId" --output text)
waf_arn=$(aws wafv2 list-web-acls --scope REGIONAL --region ap-northeast-2 --query "WebACLs[].ARN" --output text)
Shell
복사
sed -i "s|sg_id|$sg_id|g" ingress.yaml
sed -i "s|waf_arn|$waf_arn|g" ingress.yaml
Shell
복사
cluster_sg_id=$(aws eks describe-cluster --name wsi-eks-cluster --query "cluster.resourcesVpcConfig.clusterSecurityGroupId" --output text)
Shell
복사
aws ec2 authorize-security-group-ingress --group-id $cluster_sg_id --protocol tcp --port 8080 --source-group $sg_id > /dev/null
Shell
복사
#!/bin/bash
public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-public-a" --query "Subnets[].SubnetId[]" --output text)
public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-public-b" --query "Subnets[].SubnetId[]" --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-app-a" --query "Subnets[].SubnetId[]" --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-app-b" --query "Subnets[].SubnetId[]" --output text)
public_subnet_name=("$public_a" "$public_b")
private_subnet_name=("$private_a" "$private_b")
for name in "${public_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1
done
for name in "${private_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1
done
Shell
복사
kubectl apply -f ingress.yaml
Shell
복사