alb controller, istio
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.jsonaws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json변수 설정 및 aws loadBalancer controller 용 service account 생성
export region=ap-southeast-1
export clusterName=main
eksctl create iamserviceaccount \
--region ${region} \
--name aws-load-balancer-controller \
--namespace kube-system \
--cluster ${clusterName} \
--attach-policy-arn <생성한AWSLoadBalancerControllerIAMPolicy arn> \
--override-existing-serviceaccounts \
--approvearn 자동으로 찾아내는 거 추가했는데 검증 필요
export region=ap-southeast-1
echo "Region: ${region}"
export clusterName=main
echo "Cluster Name: ${clusterName}"
export policyArn=$(aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json \
--query 'Policy.Arn' \
--output text)
echo "Policy ARN: ${policyArn}"
eksctl create iamserviceaccount \
--region ${region} \
--name aws-load-balancer-controller \
--namespace kube-system \
--cluster ${clusterName} \
--attach-policy-arn ${policyArn} \
--override-existing-serviceaccounts \
--approvehelm 차트 설치 및 업데이트
helm repo add eks https://aws.github.io/eks-chartshelm repo updatehelm을 사용해 aws-loadbalancer-controller 설치
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
--namespace kube-system \
--set clusterName=${clusterName} \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controllerhelm 차트 설치 및 업데이트
helm repo add istio https://istio-release.storage.googleapis.com/chartshelm 차트로 istio 설치
helm install istio-base istio/base -n istio-system --create-namespacehelm install istiod istio/istiod -n istio-systemhelm install istio-ingressgateway istio/gateway -n istio-systemistio-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-alb
namespace: istio-system
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/certificate-arn:
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
kubernetes.io/ingress.class: alb
spec:
rules:
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: istio-ingressgateway
port:
number: 80
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: istio-ingressgateway
port:
number: 443alb.ingress.kubernetes.io/certificate-arn 변수 처리 만들었는데 검증 필요
export DOMAIN_NAME="meiko.co.kr"
export CERT_ARN=$(aws acm list-certificates --query "CertificateSummaryList[?DomainName=='${DOMAIN_NAME}'].CertificateArn" --output text)
echo "Certificate ARN for domain ${DOMAIN_NAME}: ${CERT_ARN}"
cat <<EOF > ingress-alb.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-alb
namespace: istio-system
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/certificate-arn: ${CERT_ARN}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
kubernetes.io/ingress.class: alb
spec:
rules:
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: istio-ingressgateway
port:
number: 80
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: istio-ingressgateway
port:
number: 443
EOFIngress 적용을 통해 application LoadBalancer 적용
kubectl apply -f ingress-alb.yamlservice의 Type을 NodePort로 변경하여 nlb 속성 제거
helm upgrade istio-ingressgateway istio/gateway -n istio-system --set service.type=NodePortaws Route53
레코드 이름 입력 > 레코드 유형 A 레코드 >
별칭 toggle 활성화 > Application/Classic LoadBalancer 에 대한 별칭 선택 > 리전 선택 (싱가폴) > 클러스터에 할당된 ALB 선택
후에 [레코드 생성] 버튼 클릭
레코드 이름: *.{#1에서 등록한 레코드} 입력 > 레코드 유형 CNAME > 값 : {#1에서 등록한 레코드} 등록
Last updated
Was this helpful?