EKS Cluster를 본격적으로 생성하기 전, 클러스터를 배포할 VPC를 먼저 구성한다.
VPC를 생성하는 방법은 콘솔, CLI, Cloudformation 등이 있다.
이번 클러스터 구성에서는 Cloudformation을 사용해서 VPC를 생성하겠다.
Cloudformation 이란?
Cloudformation은 AWS의 리소스를 템플릿 파일을 작성해서 구성 및 프로비저닝 할 수 있는 코드형 인프라(IaC) 서비스이다. Cloudformation을 사용하면 AWS 리소스를 개별적으로 생성하고 구성 할 필요가 없으며, 인프라 관리 및 복제가 간편하다.
템플릿 파일은 yaml 혹은 json 파일로 작성할 수 있다.
VPC를 어떻게 구성 할지는 각자의 상황에 따라 다르겠지만, 이번에는 두개의 가용영역에 퍼블릭과 프라이빗 서브넷을 2개 씩 두도록 구성하고자 한다.
VPC 구성에 대한 고려 사항은 공식문서-VPC 및 서브넷 요구사항 참고하면 된다.
클러스터 생성을 위한 템플릿 파일은 아래의 템플릿 양식을 참고하면 된다.
https://docs.aws.amazon.com/ko_kr/codebuild/latest/userguide/cloudformation-vpc-template.html
이번 클러스터에서는 아래와 같이 템플릿 파일을 작성해서 배포 했다.
AWSTemplateFormatVersion: "2010-09-09"
Description: create VPC 2AZ - 2 public subnets, 2 private subnets, 1 IGW, 2NGW-EIP, Public RT, 2 Private RT, Security Group for ControlPlane
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Worker Network Configuration"
Parameters:
- VpcCIDR
- AvailabilityZoneA
- AvailabilityZoneB
- PublicSubnet01CIDR
- PublicSubnet02CIDR
- PrivateSubnet01CIDR
- PrivateSubnet02CIDR
Parameters:
VpcCIDR:
Description: set VPC CIDR range
Type: String
Default: 10.10.0.0/16
AvailabilityZoneA:
Type: AWS::EC2::AvailabilityZone::Name
Default: us-east-2a
AvailabilityZoneB:
Type: AWS::EC2::AvailabilityZone::Name
Default: us-east-2b
PublicSubnet01CIDR:
Description: public subnet in the 1AZ
Type: String
Default: 10.10.10.0/24
PublicSubnet02CIDR:
Description: public subnet in the 2AZ
Type: String
Default: 10.10.11.0/24
PrivateSubnet01CIDR:
Description: private subnet in the 1AZ
Type: String
Default: 10.10.20.0/24
PrivateSubnet02CIDR:
Description: private subnet in the 2AZ
Type: String
Default: 10.10.21.0/24
Resources:
#####################
# Create-VPC : VPC #
#####################
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}'
########################################################
# Create-InternetGateway:
########################################################
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}'
########################################################
# Attach - VPC Gateway
########################################################
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
########################################################
# Create-Public-Subnet: PublicSubnet01,02,03
########################################################
PublicSubnet01:
Type: AWS::EC2::Subnet
Metadata:
Comment: Public Subnet 01
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnet01CIDR
AvailabilityZone: !Ref AvailabilityZoneA
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-PublicSubnet-1AZ
- Key: kubernetes.io/role/elb
Value: 1
PublicSubnet02:
Type: AWS::EC2::Subnet
Metadata:
Comment: Public Subnet 02
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnet02CIDR
AvailabilityZone: !Ref AvailabilityZoneB
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-PublicSubnet-2AZ
- Key: kubernetes.io/role/elb
Value: 1
########################################################
# Create-Private-Subnet: PrivateSubnet01,02, 03
########################################################
PrivateSubnet01:
Type: AWS::EC2::Subnet
Metadata:
Comment: Private Subnet 01
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PrivateSubnet01CIDR
AvailabilityZone: !Ref AvailabilityZoneA
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-PrivateSubnet-1AZ
- Key: kubernetes.io/role/internal-elb
Value: 1
PrivateSubnet02:
Type: AWS::EC2::Subnet
Metadata:
Comment: Private Subnet 02
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PrivateSubnet02CIDR
AvailabilityZone: !Ref AvailabilityZoneB
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-PrivateSubnet-2AZ
- Key: kubernetes.io/role/internal-elb
Value: 1
################################################################################################
# Create-NATGateway: NATGATEWAY01,02,03
################################################################################################
NatGateway01EIP:
Type: AWS::EC2::EIP
DependsOn: VPCGatewayAttachment
Properties:
Domain: vpc
NatGateway02EIP:
Type: AWS::EC2::EIP
DependsOn: VPCGatewayAttachment
Properties:
Domain: vpc
NatGateway01:
DependsOn:
- NatGateway01EIP
- PublicSubnet01
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGateway01EIP.AllocationId
SubnetId: !Ref PublicSubnet01
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-NatGateway-1AZ
NatGateway02:
DependsOn:
- NatGateway02EIP
- PublicSubnet02
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGateway02EIP.AllocationId
SubnetId: !Ref PublicSubnet02
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-NatGateway-2AZ
#####################################################################
# Create-Public-RouteTable
#####################################################################
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public Subnets Route Table
- Key: Network
Value: PublicRT
#####################################################################
# add public route - InternetGateway
#####################################################################
PublicRoute:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
################################################################################################
# Associate-Public-RouteTable
################################################################################################
PublicSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet01
PublicSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet02
#####################################################################
# Create-Private-RouteTable
#####################################################################
PrivateRouteTable01:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Private Routes-1AZ
- Key: Network
Value: PrivateRT01
PrivateRouteTable02:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Private Routes-2AZ
- Key: Network
Value: PrivateRT02
#####################################################################
# add private route - NatGateWay
#####################################################################
PrivateRoute01:
DependsOn:
- VPCGatewayAttachment
- NatGateway01
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable01
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway01
PrivateRoute02:
DependsOn:
- VPCGatewayAttachment
- NatGateway02
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable02
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway02
################################################################################################
# Associate-Private-RouteTable
################################################################################################
PrivateSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet01
RouteTableId: !Ref PrivateRouteTable01
PrivateSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet02
RouteTableId: !Ref PrivateRouteTable02
########################################################
# Create-Security-Group : ControlPlane
########################################################
ControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId: !Ref VPC
######################################################################
# Outputs
######################################################################
Outputs:
VpcId:
Description: The VPC Id
Value: !Ref VPC
PublicSubnet01:
Description: PublicSubnet01 ID in the VPC
Value: !Ref PublicSubnet01
PublicSubnet02:
Description: PublicSubnet02 ID in the VPC
Value: !Ref PublicSubnet02
PrivateSubnet01:
Description: PrivateSubnet01 ID in the VPC
Value: !Ref PrivateSubnet01
PrivateSubnet02:
Description: PrivateSubnet02 ID in the VPC
Value: !Ref PrivateSubnet02
이제 템플릿 파일 작성이 완료되었으면 cloudformation 명령어를 사용해서 VPC 스택을 생성해준다.
aws cloudformation deploy \
--stack-name "VPC-demo-eksCluster" \
--template-file "VPC_demoEKSCluster.yaml" \
--capabilities CAPABILITY_NAMED_IAM'Amazon AWS > EKS' 카테고리의 다른 글
| AWS EKS에서 CA(Cluster Autoscaler) 구성하기 (0) | 2022.11.13 |
|---|---|
| Configmap, Secret 사용하기 (0) | 2022.10.16 |
| Ingress 사용을 위한 AWS Loadbalancer Controller 설치 (0) | 2022.09.04 |
| EKS Managed node group 구성 (0) | 2022.08.28 |
| EKS 클러스터의 Node group 설정 수정하기 (0) | 2022.07.24 |
