⭐ 가시다(gasida) 님이 진행하는 Terraform T101 4기 실습 스터디 게시글입니다.
책 '테라폼으로 시작하는 IaC'을 참고했습니다! 
게시글 상 소스코드, 사진에서 **굵게** 혹은 '''코드쉘''' 에 대한 부분이 들어가있을수도 있습니다.

1. Amazon EKS Blueprints for Terraform

EKS Blueprints 소개

  • EKS Clsuter 를 쉽게 구성하게 해주는 운영 소프트웨어의 일종
  • EKS Blueprints 를 사용하면 EKS환경(Control-plane, worker nodes, add-ons)에 필요한것들을 IaC 형태의 blueprints 로 구성할 수 있음.
  • 쉽고 편하게 다양한 add-ons(e.g. Prometheus, ALB, Keda …) 를 배포할 수 있음
  • ref: https://aws-quickstart.github.io/cdk-eks-blueprints/
 

Amazon EKS Blueprints Quick Start

Overview Welcome to the Amazon EKS Blueprints Quick Start documentation site. This repository contains the source code for the eks-blueprints NPM module. It can be used by AWS customers, partners, and internal AWS teams to configure and manage complete EKS

aws-quickstart.github.io

 

EKS Blueprints for Terraform

 

Amazon EKS Blueprints for Terraform

Amazon EKS Blueprints for Terraform Welcome to Amazon EKS Blueprints for Terraform! This project contains a collection of Amazon EKS cluster patterns implemented in Terraform that demonstrate how fast and easy it is for customers to adopt Amazon EKS. The p

aws-ia.github.io

 

특이사항

  • EKS Blueprints for Terraform 에서 제공하는 코드를 그대로 사용해도되도록 의도한게 아님(가능하긴 함)
  • Pattern or Snippets 은 Terraform Module 로 설계되지 않았음
    • 특정정보가 필요한 경우(Route 53의 호스트영역ID, ACM 인증서 ARN) 만 variables 패턴을 사용
    • 일반정보의 경우 local 블록을 통해 사용
  • variables, outputs 을 최대한 노출하지 않음 + 파일 참조를 최대한 간소화시켰다

 

EKS Blueprints 지원을 위해 제작한 모듈

  • terraform-aws-eks-blueprint-addon: IAM역할 외에도, Terraform resource 를 사용하여 Add-on을 프로비저닝 하는 모듈
  • terraform-aws-eks-blueprint-addons: 여러개의 Add-on을 프로비저닝하는 모듈. terraform-aws-eks-blueprint-addon 모듈을 사용하는 Helm Chart 기반모듈
  • terraform-aws-eks-blueprints-teams: 멀티테넌시(계정권한이 존재하는) 리소스를 프로비저닝하는 모듈

 

다양한 연관 프로젝트

  • GitOps:
    • terraform-aws-eks-ack-addons: EKS 에 ack controller 를 배포하기 위한 테라폼 Module
    • crossplane-on-eks: Crossplane Compositions, Composite Resource Definitions 라이브러리를 사용해서 AWS 리소스를 프로비저닝하는 오픈소스

 

  • Data on EKS
    • data-on-eks: Amazon EKS 위에 데이터 워크로드를 프로비저닝하는 collection
    • terraform-aws-eks-data-addons: Amazon EKS 위에 데이터 워크로드에서 사용하는 다중 add-ons 을 배포하는 테라폼 모듈
  • Observability Accelerator
  • Karpenter Blueprints

 

 

실습안내

  • 다양한 Pattern에서 Consumption 섹션을 참조하면 배포하는게 가능함
  • 일반적으로 프로비저닝할때에는 아래의 단계로 배포됨
  • terraform init terraform apply -target="module.vpc" -auto-approve terraform apply -target="module.eks" -auto-approve terraform apply -auto-approve
  • 모든 리소스가 성공적으로 프로비저닝되면 다음명령어를 사용하여 kubeconfig 를 업데이트할 수 있음
  • aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME> --alias <CLUSTER_NAME>
  • 프로비저닝된 리소스를 제거할때에는 아래의 단계로 실행됨
  • terraform destroy -target="module.eks_blueprints_addons" -auto-approve terraform destroy -target="module.eks" -auto-approve terraform destroy -auto-approve
  • 실습환경 준비
  • #공식 깃허브 git clone https://github.com/aws-ia/terraform-aws-eks-blueprints #아래내용은 이미 존재한다고 가정 #awscli, kubectl, terraform

 

 

2. 실습: GitOps Getting Started(ArgoCD)

패턴실습설명

  • GitOps Bridge 패턴을 통해 구성된 add-on 으로 EKS 를배포합니다
    • GitOps Bridge Pattern: IaC(Infrastructure as Code)와 GitOps 사이의 차이를 메꾸는 패턴
  • 실습 플로우
  • Terraform 으로 Cloud Resource 배포 Resource 의 Metadata를 ArgoCD Secret에 저장 GitOps 가 ArgoCD Secret 를 사용해 Helm 차트를 구성하여 배포

 

실습시작!

cd terraform-aws-eks-blueprints/patterns/gitops/getting-started-argocd 

 

 

코드구성확인

main.tf

provider "aws" {
  region = local.region
}
data "aws_caller_identity" "current" {}
data "aws_availability_zones" "available" {}

provider "helm" {
  kubernetes {
    host                   = module.eks.cluster_endpoint
    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)

    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      command     = "aws"
      # This requires the awscli to be installed locally where Terraform is executed
      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region]
    }
  }
}

provider "kubernetes" {
  host                   = module.eks.cluster_endpoint
  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)

  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "aws"
    # This requires the awscli to be installed locally where Terraform is executed
    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region]
  }
}
  • 프로바이더 설정
  • kubernetes 에 args 로 커맨드 명령어 지정한거에 주목
locals {
  name   = "getting-started-gitops"
  region = var.region

  cluster_version = var.kubernetes_version

  vpc_cidr = var.vpc_cidr
  azs      = slice(data.aws_availability_zones.available.names, 0, 3)

  gitops_addons_url      = "${var.gitops_addons_org}/${var.gitops_addons_repo}"
  gitops_addons_basepath = var.gitops_addons_basepath
  gitops_addons_path     = var.gitops_addons_path
  gitops_addons_revision = var.gitops_addons_revision

  gitops_workload_url      = "${var.gitops_workload_org}/${var.gitops_workload_repo}"
  gitops_workload_basepath = var.gitops_workload_basepath
  gitops_workload_path     = var.gitops_workload_path
  gitops_workload_revision = var.gitops_workload_revision

  aws_addons = {
    enable_cert_manager                          = try(var.addons.enable_cert_manager, false)
    enable_aws_efs_csi_driver                    = try(var.addons.enable_aws_efs_csi_driver, false)
    enable_aws_fsx_csi_driver                    = try(var.addons.enable_aws_fsx_csi_driver, false)
    enable_aws_cloudwatch_metrics                = try(var.addons.enable_aws_cloudwatch_metrics, false)
    enable_aws_privateca_issuer                  = try(var.addons.enable_aws_privateca_issuer, false)
    enable_cluster_autoscaler                    = try(var.addons.enable_cluster_autoscaler, false)
    enable_external_dns                          = try(var.addons.enable_external_dns, false)
    enable_external_secrets                      = try(var.addons.enable_external_secrets, false)
    enable_aws_load_balancer_controller          = try(var.addons.enable_aws_load_balancer_controller, false)
    enable_fargate_fluentbit                     = try(var.addons.enable_fargate_fluentbit, false)
    enable_aws_for_fluentbit                     = try(var.addons.enable_aws_for_fluentbit, false)
    enable_aws_node_termination_handler          = try(var.addons.enable_aws_node_termination_handler, false)
    enable_karpenter                             = try(var.addons.enable_karpenter, false)
    enable_velero                                = try(var.addons.enable_velero, false)
    enable_aws_gateway_api_controller            = try(var.addons.enable_aws_gateway_api_controller, false)
    enable_aws_ebs_csi_resources                 = try(var.addons.enable_aws_ebs_csi_resources, false)
    enable_aws_secrets_store_csi_driver_provider = try(var.addons.enable_aws_secrets_store_csi_driver_provider, false)
    enable_ack_apigatewayv2                      = try(var.addons.enable_ack_apigatewayv2, false)
    enable_ack_dynamodb                          = try(var.addons.enable_ack_dynamodb, false)
    enable_ack_s3                                = try(var.addons.enable_ack_s3, false)
    enable_ack_rds                               = try(var.addons.enable_ack_rds, false)
    enable_ack_prometheusservice                 = try(var.addons.enable_ack_prometheusservice, false)
    enable_ack_emrcontainers                     = try(var.addons.enable_ack_emrcontainers, false)
    enable_ack_sfn                               = try(var.addons.enable_ack_sfn, false)
    enable_ack_eventbridge                       = try(var.addons.enable_ack_eventbridge, false)
  }
  oss_addons = {
    enable_argocd                          = try(var.addons.enable_argocd, true)
    enable_argo_rollouts                   = try(var.addons.enable_argo_rollouts, false)
    enable_argo_events                     = try(var.addons.enable_argo_events, false)
    enable_argo_workflows                  = try(var.addons.enable_argo_workflows, false)
    enable_cluster_proportional_autoscaler = try(var.addons.enable_cluster_proportional_autoscaler, false)
    enable_gatekeeper                      = try(var.addons.enable_gatekeeper, false)
    enable_gpu_operator                    = try(var.addons.enable_gpu_operator, false)
    enable_ingress_nginx                   = try(var.addons.enable_ingress_nginx, false)
    enable_kyverno                         = try(var.addons.enable_kyverno, false)
    enable_kube_prometheus_stack           = try(var.addons.enable_kube_prometheus_stack, false)
    enable_metrics_server                  = try(var.addons.enable_metrics_server, false)
    enable_prometheus_adapter              = try(var.addons.enable_prometheus_adapter, false)
    enable_secrets_store_csi_driver        = try(var.addons.enable_secrets_store_csi_driver, false)
    enable_vpa                             = try(var.addons.enable_vpa, false)
  }
  addons = merge(
    local.aws_addons,
    local.oss_addons,
    { kubernetes_version = local.cluster_version },
    { aws_cluster_name = module.eks.cluster_name }
  )

  addons_metadata = merge(
    module.eks_blueprints_addons.gitops_metadata,
    {
      aws_cluster_name = module.eks.cluster_name
      aws_region       = local.region
      aws_account_id   = data.aws_caller_identity.current.account_id
      aws_vpc_id       = module.vpc.vpc_id
    },
    {
      addons_repo_url      = local.gitops_addons_url
      addons_repo_basepath = local.gitops_addons_basepath
      addons_repo_path     = local.gitops_addons_path
      addons_repo_revision = local.gitops_addons_revision
    },
    {
      workload_repo_url      = local.gitops_workload_url
      workload_repo_basepath = local.gitops_workload_basepath
      workload_repo_path     = local.gitops_workload_path
      workload_repo_revision = local.gitops_workload_revision
    }
  )

  tags = {
    Blueprint  = local.name
    GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
  }
}
  • 기타 애드온 설정
################################################################################
# GitOps Bridge: Bootstrap
################################################################################
module "gitops_bridge_bootstrap" {
  source = "github.com/gitops-bridge-dev/gitops-bridge-argocd-bootstrap-terraform?ref=v2.0.0"

  cluster = {
    metadata = local.addons_metadata
    addons   = local.addons
  }
}
  • GitOps Bridge를 설정하여 ArgoCD 를 부트스트래핑 진행함
################################################################################
# EKS Blueprints Addons
################################################################################
module "eks_blueprints_addons" {
  source  = "aws-ia/eks-blueprints-addons/aws"
  version = "~> 1.0"

  cluster_name      = module.eks.cluster_name
  cluster_endpoint  = module.eks.cluster_endpoint
  cluster_version   = module.eks.cluster_version
  oidc_provider_arn = module.eks.oidc_provider_arn

  # Using GitOps Bridge
  create_kubernetes_resources = false

  # EKS Blueprints Addons
  enable_cert_manager                 = local.aws_addons.enable_cert_manager
  enable_aws_efs_csi_driver           = local.aws_addons.enable_aws_efs_csi_driver
  enable_aws_fsx_csi_driver           = local.aws_addons.enable_aws_fsx_csi_driver
  enable_aws_cloudwatch_metrics       = local.aws_addons.enable_aws_cloudwatch_metrics
  enable_aws_privateca_issuer         = local.aws_addons.enable_aws_privateca_issuer
  enable_cluster_autoscaler           = local.aws_addons.enable_cluster_autoscaler
  enable_external_dns                 = local.aws_addons.enable_external_dns
  enable_external_secrets             = local.aws_addons.enable_external_secrets
  enable_aws_load_balancer_controller = local.aws_addons.enable_aws_load_balancer_controller
  enable_fargate_fluentbit            = local.aws_addons.enable_fargate_fluentbit
  enable_aws_for_fluentbit            = local.aws_addons.enable_aws_for_fluentbit
  enable_aws_node_termination_handler = local.aws_addons.enable_aws_node_termination_handler
  enable_karpenter                    = local.aws_addons.enable_karpenter
  enable_velero                       = local.aws_addons.enable_velero
  enable_aws_gateway_api_controller   = local.aws_addons.enable_aws_gateway_api_controller

  tags = local.tags
}
################################################################################
# EKS Cluster
################################################################################

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 19.13"

  cluster_name                   = local.name
  cluster_version                = local.cluster_version
  cluster_endpoint_public_access = true

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  eks_managed_node_groups = {
    initial = {
      instance_types = ["m5.large"]

      min_size     = 1
      max_size     = 3
      desired_size = 2
    }
  }
  # EKS Addons
  cluster_addons = {
    coredns    = {}
    kube-proxy = {}
    vpc-cni = {
      # Specify the VPC CNI addon should be deployed before compute to ensure
      # the addon is configured before data plane compute resources are created
      # See README for further details
      before_compute = true
      most_recent    = true # To ensure access to the latest settings provided
      configuration_values = jsonencode({
        env = {
          # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
          ENABLE_PREFIX_DELEGATION = "true"
          WARM_PREFIX_TARGET       = "1"
        }
      })
    }
  }
  tags = local.tags
}
  • eks 리소스 정보(클러스터 스펙, 노드그룹)
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 5.0"

  name = local.name
  cidr = local.vpc_cidr

  azs             = local.azs
  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]

  enable_nat_gateway = true
  single_nat_gateway = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
  }

  private_subnet_tags = {
    "kubernetes.io/role/internal-elb" = 1
  }

  tags = local.tags
}
  • VPC 정보(서브넷)

variables.tf

variable "vpc_cidr" {
  description = "VPC CIDR"
  type        = string
  default     = "10.0.0.0/16"
}
variable "region" {
  description = "AWS region"
  type        = string
  default     = "us-west-2"
}
variable "kubernetes_version" {
  description = "Kubernetes version"
  type        = string
  default     = "1.28"
}
variable "addons" {
  description = "Kubernetes addons"
  type        = any
  default = {
    enable_aws_load_balancer_controller = true
    enable_metrics_server               = true
  }
}
# Addons Git
variable "gitops_addons_org" {
  description = "Git repository org/user contains for addons"
  type        = string
  default     = "https://github.com/aws-samples"
}
variable "gitops_addons_repo" {
  description = "Git repository contains for addons"
  type        = string
  default     = "eks-blueprints-add-ons"
}
variable "gitops_addons_revision" {
  description = "Git repository revision/branch/ref for addons"
  type        = string
  default     = "main"
}
variable "gitops_addons_basepath" {
  description = "Git repository base path for addons"
  type        = string
  default     = "argocd/"
}
variable "gitops_addons_path" {
  description = "Git repository path for addons"
  type        = string
  default     = "bootstrap/control-plane/addons"
}

# Workloads Git
variable "gitops_workload_org" {
  description = "Git repository org/user contains for workload"
  type        = string
  default     = "https://github.com/aws-ia"
}
variable "gitops_workload_repo" {
  description = "Git repository contains for workload"
  type        = string
  default     = "terraform-aws-eks-blueprints"
}
variable "gitops_workload_revision" {
  description = "Git repository revision/branch/ref for workload"
  type        = string
  default     = "main"
}
variable "gitops_workload_basepath" {
  description = "Git repository base path for workload"
  type        = string
  default     = "patterns/gitops/"
}
variable "gitops_workload_path" {
  description = "Git repository path for workload"
  type        = string
  default     = "getting-started-argocd/k8s"
}
  • 사용하는 region 이 us-west-2 로 구성되어있습니다

outputs.tf

output "configure_kubectl" {
  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
  value       = <<-EOT
    export KUBECONFIG="/tmp/${module.eks.cluster_name}"
    aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}
  EOT
}

output "configure_argocd" {
  description = "Terminal Setup"
  value       = <<-EOT
    export KUBECONFIG="/tmp/${module.eks.cluster_name}"
    aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}
    export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web"
    kubectl config set-context --current --namespace argocd
    argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1)
    echo "ArgoCD Username: admin"
    echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
    echo Port Forward: http://localhost:8080
    kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80
    EOT
}

output "access_argocd" {
  description = "ArgoCD Access"
  value       = <<-EOT
    export KUBECONFIG="/tmp/${module.eks.cluster_name}"
    aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}
    echo "ArgoCD Username: admin"
    echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
    echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
    EOT
}
  • value 에 EOT 로 쉘스크립트 입력받게 해놓은거 같음

bootstrap/addons.yaml

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: cluster-addons
  namespace: argocd
spec:
  syncPolicy:
    preserveResourcesOnDeletion: true
  generators:
    - clusters: {}
  template:
    metadata:
      name: cluster-addons
    spec:
      project: default
      source:
        repoURL: '{{metadata.annotations.addons_repo_url}}'
        path: '{{metadata.annotations.addons_repo_basepath}}{{metadata.annotations.addons_repo_path}}'
        targetRevision: '{{metadata.annotations.addons_repo_revision}}'
        directory:
          recurse: true
      destination:
        namespace: argocd
        name: '{{name}}'
      syncPolicy:
        automated: {}
  • cluster add on 에 대한 설정

bootstrap/workloads.yaml

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: workloads
  namespace: argocd
spec:
  syncPolicy:
    preserveResourcesOnDeletion: true
  generators:
    - clusters: {}
  template:
    metadata:
      name: workloads
      finalizers:
        # This finalizer is for demo purposes, in production remove apps using argocd CLI "argocd app delete workload --cascade"
        # When you invoke argocd app delete with --cascade, the finalizer is added automatically.
        - resources-finalizer.argocd.argoproj.io
    spec:
      project: default
      source:
        repoURL: '{{metadata.annotations.workload_repo_url}}'
        path: '{{metadata.annotations.workload_repo_basepath}}{{metadata.annotations.workload_repo_path}}'
        targetRevision: '{{metadata.annotations.workload_repo_revision}}'
      destination:
        name: '{{name}}'
      syncPolicy:
        automated:
          allowEmpty: true
        syncOptions:
          - CreateNamespace=true
        retry:
          limit: 60

배포

terraform init
terraform apply -target="module.vpc" -auto-approve
terraform apply -target="module.eks" -auto-approve
terraform apply -auto-approve
  • 단계적으로 배포하는 이유: VPC → EKS → 전체리소스 순으로 배포함으로써 리소스간 의존성을명확하게 만들 수 있다.
    • EKS 는 VPC를 설정하여 배포하는 형태로 구성되어있음.

 

배포결과

Outputs:

access_argocd = <<EOT
export KUBECONFIG="/tmp/getting-started-gitops"
aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops
echo "ArgoCD Username: admin"
echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"

EOT
configure_argocd = <<EOT
export KUBECONFIG="/tmp/getting-started-gitops"
aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops
export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web"
kubectl config set-context --current --namespace argocd
argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1)
echo "ArgoCD Username: admin"
echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
echo Port Forward: http://localhost:8080
kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80

EOT
configure_kubectl = <<EOT
export KUBECONFIG="/tmp/getting-started-gitops"
aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops

EOT

 

배포가 완료되면 아래명령어로 kubeconfig를 임시등록하여 저장합니다.

terraform output -raw configure_kubectl

#출력
export KUBECONFIG="/tmp/getting-started-gitops"
aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops
#만약 kubeconfig 등록을 원한다면
aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME> --alias <CLUSTER_NAME>
#<REGION> : us-west-2 
#<CLUSTER_NAME> : getting-started-gitops

 

 

 

ArgoCD Secret 에 GitOps Bridge Pattern Metadata 를 추가

kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations'

#출력
{
  "addons_repo_basepath": "argocd/",
  "addons_repo_path": "bootstrap/control-plane/addons",
  "addons_repo_revision": "main",
  "addons_repo_url": "https://github.com/aws-samples/eks-blueprints-add-ons",
  "aws_account_id": "909418839780",
  "aws_cluster_name": "getting-started-gitops",
  "aws_load_balancer_controller_iam_role_arn": "arn:aws:iam::909418839780:role/alb-controller-20240727174241361300000002",
  "aws_load_balancer_controller_namespace": "kube-system",
  "aws_load_balancer_controller_service_account": "aws-load-balancer-controller-sa",
  "aws_region": "us-west-2",
  "aws_vpc_id": "vpc-02c1789f2dfaf2856",
  "cluster_name": "in-cluster",
  "environment": "dev",
  "workload_repo_basepath": "patterns/gitops/",
  "workload_repo_path": "getting-started-argocd/k8s",
  "workload_repo_revision": "main",
  "workload_repo_url": "https://github.com/aws-ia/terraform-aws-eks-blueprints"
}

ArgoCD Addon 배포

kubectl apply -f bootstrap/addons.yaml

Applications이 모두 Synced가 될때까지 대기

  • Applications 은 GitOps Pattern에서 사용하는 CRD의 일종(Custom Definition Object)

 

 

 

ArgoCD UI 액세스

terraform output -raw access_argocd
export KUBECONFIG="/tmp/getting-started-gitops"
aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops
echo "ArgoCD Username: admin"
echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"

나의 경우에는 아래처럼 나왔고, URL 로 접속해보기

ArgoCD Username: admin
ArgoCD Password: hVOUwo2oXDh8vBdf
ArgoCD URL: https://a1ae2ee1e0a9448fe889e162d0285d92-541231707.us-west-2.elb.amazonaws.com

 

 

 

예제 컨테이너 배포

kubectl apply -f bootstrap/workloads.yaml
#k8s/game-2048

 

배포한바로직후사진. Application 에 먼저 배포된 이후, Deployment에 적용된다

 

 

 

배포결과확인

kubectl get -n game-2048 deployments,service,ep,ingress

#출력
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/game-2048   1/1     1            1           108s

NAME                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/game-2048   ClusterIP   172.20.193.180   <none>        80/TCP    108s

NAME                  ENDPOINTS        AGE
endpoints/game-2048   10.0.25.240:80   108s

NAME                                  CLASS   HOSTS   ADDRESS                                                                   PORTS   AGE
ingress.networking.k8s.io/game-2048   alb     *       k8s-game2048-game2048-2e55885dbe-1191415183.us-west-2.elb.amazonaws.com   80      108s

ALB를 통해 어플리케이션 액세스

 

 

Endpoint 정보 확인

kubectl exec -n game-2048 deploy/game-2048 -- \
wget -S --spider $(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

#출력
Connecting to k8s-game2048-game2048-2e55885dbe-1191415183.us-west-2.elb.amazonaws.com (34.223.186.90:80)
  HTTP/1.1 200 OK
  Date: Sat, 27 Jul 2024 18:08:30 GMT
  Content-Type: text/html
  Content-Length: 3988
  Connection: close
  Server: nginx
  Last-Modified: Wed, 06 Oct 2021 17:35:37 GMT
  ETag: "615dde69-f94"
  Accept-Ranges: bytes

remote file exists

이 중에서 상단 Connecting to 이후 나오는 문자열이 ALB를 통해 배포된 2048 게임

#html 링크만 확인해보려면 
echo "Application URL: http://$(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"

(진짜 됨)

 

 

실습종료및 리소스제거하는 명령어

./destroy.sh

'외부활동' 카테고리의 다른 글

[KANS3] Docker  (2) 2024.09.01
[T101] 4기 스터디: OpenTofu  (1) 2024.08.03
[T101] 4기 스터디: Module  (3) 2024.07.14
[T101] 4기 스터디: Confluent Cloud with Terraform  (0) 2024.06.29
[AEWS] 2기 스터디: Terraform  (0) 2024.04.28
jjongguet