DevOps

EKS 환경 구축 총정리

우제혁 2023. 12. 18. 23:43

 

환경 구축(배포 파일 )다운로드

https://drive.google.com/file/d/12DUfbE0nuqsKrP5Rz2IfYHiat9dTbUdH/view?usp=sharing

terraform 실행

cd eks-terraform-final

terraform init
terraform plan 
terraform apply →< yes

로드밸런스 설치

@REM aws-auth ------------------

eksctl create iamidentitymapping  --cluster eks-JaeHyuk --arn arn:aws:iam::871065065486:user/JaeHyuk --username JaeHyuk  --group system:masters

@REM 인그레스 컨트롤러 만들기 -----------------------------------------------------
cd script\\ingrass

aws eks update-kubeconfig --region us-east-2   --name eks-JaeHyuk 
eksctl utils associate-iam-oidc-provider  --region us-east-2   --cluster eks-JaeHyuk  --approve

aws iam create-policy   --policy-name AWSLoadBalancerControllerIAMPolicy  --policy-document file://iam_policy.json

eksctl create iamserviceaccount   --cluster eks-JaeHyuk  --namespace kube-system  --name aws-load-balancer-controller  --attach-policy-arn arn:aws:iam::871065065486:policy/AWSLoadBalancerControllerIAMPolicy --override-existing-serviceaccounts  --approve 

kubectl apply -f cert-manager.yaml 
kubectl apply -f v2_5_4_full.yaml 
kubectl apply -f v2_5_4_ingclass.yaml 

kubectl get deployment -n kube-system aws-load-balancer-controller 
kubectl get sa aws-load-balancer-controller -n kube-system -o yaml 

cd ../../

 

💡 리소스 충돌시 삭제후 재설치

cd script\\ingrass

@REM 삭제
kubectl delete -f v2_5_4_ingclass.yaml
kubectl delete -f v2_5_4_full.yaml
kubectl delete -f cert-manager.yaml

eksctl delete iamserviceaccount  --cluster eks-JaeHyuk  --namespace kube-system  --name aws-load-balancer-controller
aws iam delete-policy  --policy-arn arn:aws:iam::871065065486:policy/AWSLoadBalancerControllerIAMPolicy

@REM 재설치

eksctl utils associate-iam-oidc-provider  --region us-east-2   --cluster eks-JaeHyuk  --approve

aws iam create-policy   --policy-name AWSLoadBalancerControllerIAMPolicy  --policy-document file://iam_policy.json

eksctl create iamserviceaccount   --cluster eks-JaeHyuk  --namespace kube-system  --name aws-load-balancer-controller  --attach-policy-arn arn:aws:iam::871065065486:policy/AWSLoadBalancerControllerIAMPolicy --override-existing-serviceaccounts  --approve 

kubectl apply -f cert-manager.yaml 
kubectl apply -f v2_5_4_full.yaml 
kubectl apply -f v2_5_4_ingclass.yaml 

kubectl get deployment -n kube-system aws-load-balancer-controller 
kubectl get sa aws-load-balancer-controller -n kube-system -o yaml 

cd ../../

 

 

서비스 설치

@REM 서비스 배포 ----------------------------------------------------------------------

aws eks update-kubeconfig --region us-east-2 --name eks-JaeHyuk

cd JUNGSINT\\manifest

kubectl apply -f flask-deployment.yaml
kubectl apply -f flask-service.yaml
kubectl apply -f flask-ingress.yaml

kubectl get pods -A
kubectl get services -A

powershell -Command "echo <http://$>(kubectl get ingress/osint-flask-ingress -o jsonpath='{.status.loadBalancer.ingress[*].hostname}')/"

cd ../

mysql db 세팅

cd JUNGSINT\\manifest\\mysql

kubectl apply -f db-pv.yaml
kubectl apply -f db-storagelass.yaml
kubectl apply -f db-statefulset.yaml
kubectl apply -f db-service.yaml

kubectl get pods -A
kubectl get services -A

argocd 세팅

kubectl create namespace argocd
kubectl apply -n argocd -f <https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml>

kubectl patch svc argocd-server -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/type", "value": "LoadBalancer"}]'
kubectl -n argocd get all

argocd passwd 확인

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
  1. argocd setting
  2. ArgoCD Application 생성

 

jenkins -trivy 세팅

  1. 젠킨스 서버 생성
  2. 젠킨스 실행 / 설정
  3. trivy 설치
  4. 플러그인 다운로드
  5. credential 생성
    1. Jenkins와 Github 연동
    2. AWS ECR에 접근하기 위한 Credential
    3. slack 연결
  6. pipeline 생성
  7. jenkinsfile 생성

wazuh 세팅

$ git clone <https://github.com/wazuh/wazuh-kubernetes.git>
$ cd wazuh-kubernetes

wazuh/certs/indexer_cluster/generate_certs.sh
wazuh/certs/dashboard_http/generate_certs.sh
  1. 코드수정 & 환경 설정

 

 

리소스 정리

  1. EC2 > 로드밸런스 삭제
  2. EC2 > 대상 그룹 삭제
  3. 스크립트 실행
cd script\ingrass

eksctl delete iamserviceaccount  --cluster eks-JaeHyuk  --namespace kube-system  --name aws-load-balancer-controller
aws iam delete-policy  --policy-arn arn:aws:iam::871065065486:policy/AWSLoadBalancerControllerIAMPolicy
eksctl utils disassociate-iam-oidc-provider  --region us-east-2  --cluster eks-JaeHyu

kubectl delete -f cert-manager.yaml 
kubectl delete -f v2_5_4_ingclass.yaml
kubectl delete -f v2_5_4_full.yaml

cd ..\..\JUNGSINT\manifest

kubectl delete -f flask-deployment.yaml
kubectl delete -f flask-service.yaml
kubectl delete -f flask-ingress.yaml

cd mysql

kubectl delete -f db-pv.yaml
kubectl delete -f db-service.yaml
kubectl delete -f db-statefulset.yaml
kubectl delete -f db-storagelass.yaml

cd ..\wazuh-kubernetes

kubectl delete -k envs/eks/


cd ../../../


terraform destroy -auto-approve

 

 

 

  1. vpc 삭제