VPC 생성
- CIDR:
172.31.0.0/16
서브넷 4개 생성
- 퍼블릭 2개 (ex.
10.0.0.0/20,10.0.16.0/20) - 프라이빗 2개 (ex.
10.0.32.0/20,10.0.48.0/20)
가용역역은 두가지(a,b)로 생성함
인터넷 게이트웨이 생성 및 VPC에 연결
NAT 게이트웨이 생성
- 퍼블릭 서브넷에 Elastic IP 할당
- NAT GW 생성
라우팅 테이블 구성
- 4개의 라우팅 테이블 생성. 각 서브넷 연결
- 퍼블릭 라우팅 테이블 → IGW 경로 설정 (0.0.0.0/0 → igw)
- 프라이빗 라우팅 테이블 → NAT GW 경로 설정 (0.0.0.0/0 → nat)
서브넷과 라우팅 테이블 연결
- 퍼블릭 서브넷 → 퍼블릭 라우팅 테이블
- 프라이빗 서브넷 → 프라이빗 라우팅 테이블
EKS 클러스터 생성
brew install eksctl # mac
choco install eksctl # windowsEKS 클러스터 + 노드 그룹 생성
eksctl create cluster \
--name minsu-eks-cluster \
--version 1.29 \
--region ap-northeast-2 \
--nodegroup-name minsu-nodes \
--node-type t3.medium \
--nodes 2 \
--vpc-private-subnets=subnet-017b555232574b966,subnet-0e6ca28916bc86bf3 \
--vpc-public-subnets=subnet-0512487b335f63989,subnet-0e279a6eb0997d88d에러발생
2025-04-23 23:45:39 [✖] unable to use given VPC (vpc-0bfa1cf5694cbce00) and subnets (private:map[ap-northeast-2c:{subnet-0c3c9d5699b674ff2 ap-northeast-2c 172.31.32.0/20 0 }] public:map[ap-northeast-2a:{subnet-0e5219d2e78b538d9 ap-northeast-2a 172.31.0.0/20 0 }])같은 가용영역에 있어야한다는 에러(위에서는 잘해놨지만 처음할때는 잘 몰라서 가용영역이 중구난방이였음)
2025-04-24 00:02:53 [✖] unable to use given VPC (vpc-0bfa1cf5694cbce00) and subnets (private:map[ap-northeast-2a:{subnet-017b555232574b966 ap-northeast-2a 172.31.16.0/20 0 }] public:map[ap-northeast-2a:{subnet-0512487b335f63989 ap-northeast-2a 172.31.0.0/20 0 }])가용 영역이 2개씩 필요(위에서는 2개씩했지만, 처음에는 1개만 생성했었음)
2025-04-24 00:15:08 [ℹ] waiting for CloudFormation stack "eksctl-minsu-eks-cluster-cluster"과정이 생각보다 오래걸리며 위와 같은 메시지가 여러번 뜸 그러다가
|Resource handler returned message: "[Issue(Code=Ec2SubnetInvalidConfiguration, Message=One or more Amazon EC2 Subnets of [subnet-0e279a6eb0997d88d, subnet-0512487b335f63989] for node group minsu-nodes does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip, ResourceIds=[subnet-0e279a6eb0997d88d, subnet-0512487b335f63989])] (Service: null, Status Code: 0, Request ID: null)" (RequestToken: b197832a-f69b-76cf-6e37-f3755358d8e4, HandlerErrorCode: GeneralServiceException)|cloudformation 에서 이벤트 탭을 통해 위와 같은 에러를 확인
원인은 자동 할당 ip 설정이 필요했던 것
- Deployment + Service + Ingress 정의
- Ingress에 ALB Ingress Controller Annotation 추가
- EKS에 배포
spring-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: andyou-back
spec:
replicas: 2
selector:
matchLabels:
app: andyou-back
template:
metadata:
labels:
app: andyou-back
spec:
containers:
- name: andyou-back
image: 880912931204.dkr.ecr.ap-northeast-2.amazonaws.com/andyou-back
ports:
- containerPort: 8080
env:
- name: SPRING_DATASOURCE_HIKARI_DRIVER_CLASS_NAME=
value: "rg.mariadb.jdbc.Driver"
- name: SPRING_DATASOURCE_HIKARI_JDBC_URL
value: "asd"
- name: SPRING_DATASOURCE_HIKARI_USERNAME
value: "asd"
- name: SPRING_DATASOURCE_HIKARI_PASSWORD
value: "asd"
- name: SPRING_DATASOURCE_HIKARI_POOL_NAME
value: "hikariPool"
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "1"
- name: GPT_API_KEY
value: "asd"
- name: BUCKET_BUCKET_NAME
value: "asd"
- name: BUCKET_ACCESS_KEY
value: "asd"
- name: BUCKET_SECRET_KEY
value: "asd"
- name: KAKAO_CLIENT_ID
value: "asd"
- name: KAKAO_CLIENT_SECRET
value: "asd"
- name: KAKAO_REDIRECT_URI
value: "asd"
- name: NAVER_CLIENT_ID
value: "asd"
- name: NAVER_CLIENT_SECRET
value: "asd"
- name: NAVER_REDIRECT_URI
value: "asd"spring-backend-service.yaml
apiVersion: v1
kind: Service
metadata:
name: spring-backend-service
spec:
selector:
app: spring-backend
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: NodePortnextjs-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: andyou-f
spec:
replicas: 2
selector:
matchLabels:
app: andyou-f
template:
metadata:
labels:
app: andyou-f
spec:
containers:
- name:andyou-f
image: 880912931204.dkr.ecr.ap-northeast-2.amazonaws.com/andyou-f
ports:
- containerPort: 3000
env:
- name: KAKAO_CLIENT_SECRET
value: asd
- name: NEXT_PUBLIC_BACKEND_API_URL
value: asd
- name: NEXT_PUBLIC_KAKAO_CLIENT_ID
value: asd
- name: NEXT_PUBLIC_KAKAO_JS_KEY
value: asd
- name: NEXT_PUBLIC_KAKAO_REDIRECT_URI
value: asd
- name: NEXT_PUBLIC_NAVER_CLIENT_ID
value: asd
- name: NAVER_CLIENT_SECRET
value: asd
- name: NEXT_PUBLIC_REDIRECT_URI
value: asdnextjs-frontend-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nextjs-frontend-service
spec:
selector:
app: nextjs-frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
type: NodePortingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
ingressClassName: alb
rules:
- host: your-domain.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: spring-backend-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: nextjs-frontend-service
port:
number: 80kubectl apply -f spring-deployment.yaml
kubectl apply -f nextjs-deployment.yaml
kubectl apply -f ingress.yamlkubectl apply -f ingress.yaml
Error from server (InternalError): error when creating "ingress.yaml": Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": failed to call webhook: Post "https://aws-load-balancer-webhook-service.kube-system.svc:443/validate-networking-v1-ingress?timeout=10s": no endpoints available for service "aws-load-balancer-webhook-service"kubectl get deployment -n kube-system aws-load-balancer-controller
NAME READY UP-TO-DATE AVAILABLE AGE
aws-load-balancer-controller 0/2 0 0 100sDeployment는 생성되었으나, 파드가 전혀 뜨지 못하고 있다
아래는 바쁘니까 나중에 잘 정리해보자.
(base) mildw@Minsuui-MacBookAir ~ % helm uninstall aws-load-balancer-controller -n kube-system
release "aws-load-balancer-controller" uninstalled
(base) mildw@Minsuui-MacBookAir ~ % helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=minsu-eks-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=ap-northeast-2 \
--set vpcId=vpc-0bfa1cf5694cbce00삭제 후 재설치
(base) mildw@Minsuui-MacBookAir ~ % kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
aws-load-balancer-controller-555cb4c578-8m8w7 1/1 Running 0 4m29s
aws-load-balancer-controller-555cb4c578-pmkr9 1/1 Running 0 4m29srunning에 0/1이라면 조금기다리면 1/1로바뀐다.
(base) mildw@Minsuui-MacBookAir ~ % kubectl apply -f ingress.yaml
ingress.networking.k8s.io/app-ingress createdkubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
default app-ingress alb * 80 2m12s만약 kubectl get ingress -A 쳤는데 ADDRESS가 비어있으면
ADDRESS가 안 뜨는 대표적인 이유
- ALB Ingress Controller가 정상 설치 안 됨 →
helm install로 설치했는데 clusterName 잘못 입력했거나, 서비스 계정 설정 문제 있으면 ALB가 안 만들어져. - Ingress 리소스 설정 문제 →
ingressClassName: alb빠졌거나, Annotation 누락/오타 - ALB 생성 대기 시간 → 생성되는데 몇 분 걸릴 수 있어. (보통 1~5분)
확인할 것
ALB Ingress Controller 설치 확인
kubectl get pods -n kube-system | grep aws-load-balancer-controller→ Running 상태인지 확인
② Ingress 리소스 확인
kubectl describe ingress app-ingress여기 로그 맨 아래 Events에
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedBuildModel 93s (x16 over 4m19s) ingress Failed build model due to couldn't auto-discover subnets: unable to resolve at least one subnet (0 match VPC and tags: [kubernetes.io/role/elb])subnets에 kubernetes.io/role/elb 태그 붙여야함.
key : kubernetes.io/role/elb
value : 1
kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
default app-ingress alb * k8s-default-appingre-9432fb16f6-506652657.ap-northeast-2.elb.amazonaws.com 80 21m노트 그룹 이름 출력
(base) mildw@Minsuui-MacBookAir ~ % aws eks list-nodegroups --cluster-name minsu-eks-cluster
{
"nodegroups": [
"minsu-nodes"
]
}(base) mildw@Minsuui-MacBookAir ~ % aws eks describe-nodegroup \
--cluster-name minsu-eks-cluster \
--nodegroup-name minsu-nodes \
--query "nodegroup.nodeRole" \
--output text권한 부여
aws eks describe-nodegroup \
--cluster-name minsu-eks-cluster \
--nodegroup-name minsu-nodes \
--query "nodegroup.nodeRole" \
--output text
arn:aws:iam::880912931204:role/eksctl-minsu-eks-cluster-nodegroup-NodeInstanceRole-h97MaGE5ooZo권한 확인
aws iam attach-role-policy \
--role-name eksctl-minsu-eks-cluster-nodegroup-NodeInstanceRole-h97MaGE5ooZo \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly역할에 권한 붙이기
AmazonEC2ContainerRegistryReadOnly이란?
이것은 AWS에서 제공하는 관리형 IAM 정책 중 하나로
Amazon ECR (Elastic Container Registry) 에 읽기 권한(Pull) 을 부여하는 정책
알고보니 ecr에 이미지가 없어서 문제였음.
### 2️⃣ ECR에 로그인
aws ecr get-login-password --region ap-northeast-2 \ | docker login --username AWS --password-stdin 880912931204.dkr.ecr.ap-northeast-2.amazonaws.com
### 3️⃣ 이미지 태깅
docker tag andyou-back:latest 880912931204.dkr.ecr.ap-northeast-2.amazonaws.com/andyou-back:latest
### 4️⃣ ECR에 푸시
docker push 880912931204.dkr.ecr.ap-northeast-2.amazonaws.com/andyou-back:latest와 같은 방식으로 진행
kubectl rollout restart deployment andyou-back
kubectl rollout restart deployment andyou-f재시작
(base) mildw@Minsuui-MacBookAir ~ % kubectl get pods -w
NAME READY STATUS RESTARTS AGE
andyou-back-676c5d5869-4csj9 1/1 Running 0 40m
andyou-back-676c5d5869-rrsdt 1/1 Running 0 40m
andyou-f-6979d7556c-54mbv 1/1 Running 0 114s
andyou-f-6979d7556c-zn7jd 1/1 Running 0 82s ~ % kubectl get ingress -o wide
NAME CLASS HOSTS ADDRESS PORTS AGE
app-ingress alb * k8s-default-appingre-9432fb16f6-506652657.ap-northeast-2.elb.amazonaws.com 80 117mkubectl get svc -A
kubectl describe svc <프론트서비스명>
kubectl get pods -l app=<label>
Service가 제대로 파드로 트래픽 전달하는지 확인
selector가 파드의 labels와 정확히 일치해야 연결됨
kubectl edit svc nextjs-frontend-service
→ 아래 부분 수정:
selector:
app: frontend # 실제 파드에 있는 label로 수정
배포된 모습
'Web' 카테고리의 다른 글
| AWS DOP-C02 자격증 시험 후기 (1) | 2025.05.17 |
|---|---|
| 대용량 트래픽이란 몇건일까 (0) | 2025.05.01 |
| AWS DOP - CloudFormation (3) (1) | 2025.04.19 |
| Route53에서 구입한 도메인 ACM발급 실패 (0) | 2025.04.19 |
| AWS DOP - CloudFormation (2) (0) | 2025.04.17 |