AWS

TFC(Terraform Cloud) drift μ•Œλ¦Ό μ„€μ •
  • kkumtree

2023-10-15T00:10:33+09:00

CloudNet@μ—μ„œμ˜ Terraform μŠ€ν„°λ””κ°€ λλ‚˜κ³  λ‚˜μ„œ, ν…ŒλΌνΌμ„ μ‹€μ œ 운영 상황에 λ„μž…ν•˜λ©΄μ„œ λ§ˆμ£Όν•  수 밖에 μ—†λŠ” λ“œλ¦¬ν”„νŠΈ(drift) 상황에 λŒ€ν•΄ μ΄ν•΄ν•΄λ³΄λŠ” μ‹œκ°„μ„ κ°€μ‘ŒμŠ΅λ‹ˆλ‹€. μ°Έκ³ ) TFCμ—μ„œμ˜ Drift Detection κΈ°λŠ₯은 ν˜„μž¬ TFC Plus μ—λ””μ…˜μ—μ„œ μ§€μ›λ©λ‹ˆλ‹€. 1. μš©μ–΄ 이해해보기 사싀은 μž‘λ…„λΆ€ν„° ν…ŒλΌνΌμ„ μ ‘ν•˜κ³ λ‚˜μ„œ, IaCλΌλŠ” κ°œλ…μ— κ½‚νžˆκΈ°λ§Œ ν–ˆμ§€ 운영 μž…μž₯μ—μ„œ λ§ˆμ£Όν–ˆμ—ˆλ˜ μˆ˜λ§Žμ€ μ‹œν–‰μ°©μ˜€λ“€μ„ ν”ν•œ μœ μ €μ—λŸ¬λ‘œλ§Œ μƒκ°ν•΄μ™”μ—ˆμŠ΅λ‹ˆλ‹€. μŠ€ν„°λ””μ— μ°Έμ—¬ν•˜λ©΄μ„œ μ’…μ’… ‘λ“œλ¦¬ν”„νŠΈ’λΌλŠ” 단어λ₯Ό λ“£κ³ , μ°Ύμ•„λ³΄λ‹ˆ 상당뢀뢄이 이에 μ†ν•˜λŠ” μƒν™©μ΄λΌλŠ” 것을 μ•Œ 수 μžˆμ—ˆμŠ΅λ‹ˆλ‹€. (1) Drift? κΈ€ μž‘μ„±μ„ μœ„ν•΄ μ°Ύμ•„λ³Έ 기술적 DriftλŠ” 본래 주행에 μžˆμ–΄μ„œμ˜ 그것과

Understanding terraform module
  • kkumtree

2023-10-04T11:24:13+09:00

This week is last week of CloudNet@ group study about terraform. In this study, my personal goal is making AWS architecture only with terraform and one tfstate file. Basic knowledge about AWS resources is required. 1. Terraform without Module Before, I already met terraform for maintaining AWS in production level. But at that time, our team maintain them as folder structure which is used by terraformer # example structure $ tree .

IAM STSλ₯Ό μ΄μš©ν•œ Terraform Cloud κΆŒν•œ λΆ€μ—¬
  • kkumtree

2023-09-13T20:54:28+09:00

μ΄λ²ˆμ—λŠ” Terraform Cloudκ°€ μ–Όλ§ˆλ‚˜ 쒋은지 더 μ•Œμ•„λ³΄κΈ° μœ„ν•΄, μŠ€ν„°λ””μ—μ„œ μ§€μ†μ μœΌλ‘œ μž₯점이 κ°•μ‘°λ˜μ–΄ μ™”λ˜ Terraform Cloud에 IAM STSλ₯Ό μ΄μš©ν•œ κΆŒν•œ λΆ€μ—¬ 도전 및 적용 성곡에 λŒ€ν•΄ 써보렀고 ν•©λ‹ˆλ‹€. Terraform의 μƒνƒœ μ €μž₯을 μœ„ν•΄ 보톡 AWS S3λ₯Ό μ‚¬μš©ν•˜λŠ”λ°, μ•Œλ‹€μ‹œν”Ό S3 기둝은 λ¬΄λ£Œμ§€λ§Œ, λΆˆλŸ¬μ˜€λŠ” 것은 μœ λ£Œμž…λ‹ˆλ‹€. (μ „κΈ°λŠ” κ΅­μ‚°μ΄μ§€λ§Œ, μ›λ£ŒλŠ” μˆ˜μž…μž…λ‹ˆλ‹€) κ·Έλž˜μ„œ μŠ€ν„°λ””μš©μœΌλ‘œλŠ” Terraform을 뢈러올 λ•Œλ§ˆλ‹€, μƒνƒœ 값을 S3말고, λ‘œμ»¬μ— μ €μž₯ν–ˆμ—ˆλŠ”λ°μš”. λ°–μ—μ„œλŠ” λ…ΈνŠΈλΆ, μ§‘μ—μ„œλŠ” λ°μŠ€ν¬νƒ‘μœΌλ‘œ ν•˜λ €λ‹ˆ 이걸 GitHub의 Private Repo에 μ €μž₯ν• κΉŒ? ν•˜λ‹€κ°€ Terraform Cloudλ₯Ό 써보기둜 ν–ˆμŠ΅λ‹ˆλ‹€.

AWS EKS μŠ€ν„°λ”” 7μ£Όμ°¨ - Automation
  • kkumtree

2023-06-10T15:13:19+09:00

EKS μŠ€ν„°λ””λ„ λ§ˆμ§€λ§‰ 7μ£Όμ°¨λ₯Ό λ§žμ΄ν–ˆμŠ΅λ‹ˆλ‹€. μ΄λ²ˆμ—λŠ” AWS Controller for k8s(ACK)와 fluxλ₯Ό κ°€λ³κ²Œ μ‹€μŠ΅ν•΄λ³΄κ³  μžλ™ν™”μ— λŒ€ν•΄ 맛보기λ₯Ό ν•΄λ³΄μ•˜μŠ΅λ‹ˆλ‹€. μ•žμ„œ ν•™μŠ΅ν•΄λ³Έ IRSA κ°œλ… 외에도 CRD(CustomResourceDefinition)을 ν™œμš©ν•©λ‹ˆλ‹€. 1. μ‹€μŠ΅ν™˜κ²½ 배포 μ‹€μŠ΅μ„ μœ„ν•œ YAML파일이 λ³€κ²½λœκ±° λ§κ³ λŠ” 6주차와 μœ μ‚¬ν•©λ‹ˆλ‹€. curl -O https://s3.ap-northeast-2.amazonaws.com/cloudformation.cloudneta.net/K8S/eks-oneclick6.yaml # μ΄ν•˜ μ€‘λž΅ # CERT_ARN(ACM)의 κ²½μš°μ—λŠ” /etc/profile에 ν™˜κ²½λ³€μˆ˜ μ €μž₯을 μ•ˆν•΄λ‘¬μ„œ # μ„Έμ…˜μ΄ 만료되면, λ‹€μ‹œ μž¬μ„€μ • ν•„μš” CERT_ARN=`aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn[]' --output text` echo $CERT_ARN 2. ACK(AWS Controller for k8s) μ›Ήμ½˜μ†”μ— μ ‘κ·Όν•˜μ§€ μ•Šκ³ λ„, AWS μ„œλΉ„μŠ€ λ¦¬μ†ŒμŠ€λ₯Ό 직접 k8sμ—μ„œ μ •μ˜ 및 μ‚¬μš©κ°€λŠ₯ μˆœμ„œ: ACK 컨트둀러 μ„€μΉ˜ -> IRSA μ„€μ • -> AWS λ¦¬μ†ŒμŠ€ 컨트둀 같은 νŒ¨ν„΄μœΌλ‘œ μ΄λ£¨μ–΄μ ΈμžˆλŠ”λ°, Cloudformation을 μ“°λ‹€λ³΄λ‹ˆ 쀑간쀑간 λŒ€κΈ° μ‹œκ°„ λ°œμƒ (23/05/29) GA: 17개 μ„œλΉ„μŠ€, Preview: 10개 μ„œλΉ„μŠ€ 2-1.

AWS EKS μŠ€ν„°λ”” 6μ£Όμ°¨ - Security
  • kkumtree

2023-06-04T06:56:52+09:00

μ΄λ²ˆμ—λŠ” λ³΄μ•ˆμ„ μœ„ν•œ 인증 및 인가, 그리고 IRSAλ₯Ό μ€‘μ‹¬μœΌλ‘œ EKS의 λ³΄μ•ˆμ— λŒ€ν•΄ ν•™μŠ΅ν•΄λ³΄μ•˜μŠ΅λ‹ˆλ‹€. kops μŠ€ν„°λ”” λ•Œμ—λŠ” 잘 λͺ°λžλŠ”데, RBAC 뿐만 μ•„λ‹ˆλΌ λ³΅κΈ°ν•˜λ‹€λ³΄λ‹ˆ… [4-1] projected Volume [4-2] AWS Load Balancer Controller IRSA 및 LB Pod mutating μœ„μ˜ 두 가지가 μ€‘μš”ν•œ 파트λ₯Ό μ°¨μ§€ν•˜κ³  μžˆμ—ˆμŒμ„ μ•Œ 수 μžˆμ—ˆμŠ΅λ‹ˆλ‹€. Network(2μ£Όμ°¨)κ°€ 맀번 λ­”κ°€ 일뢀가 μ•„λ¦¬μ†‘ν•˜μ˜€λ‹€λ©΄ SecurityλŠ” λ³΅κΈ°ν•˜λ‹€κ°€ μ΄λ‘ μ μœΌλ‘œλŠ” 간단(κ³Όμ—°?)해보여도 μ‹€μ œ ꡬ동방식 이해 μžμ²΄κ°€ μ΄ˆλ°˜μ— μ•ˆλ˜μ„œ, μ‚¬ν˜ 남짓 κ±Έλ¦° 덕에 더 μ–΄λ €μ› λ˜ 것 κ°™μŠ΅λ‹ˆλ‹€. κ·Έ μ™Έ myeks-bastion-2에 접속 μ‹œ, ν•¨κ»˜ 진행할 λ•ŒλŠ” ssh {Public IP}둜 잘 μ ‘μ†λ˜λŠ” κ±Έ λ΄€λŠ”λ° μ •μž‘ 혼자 ν•  땐 접속이 λ˜μ§€μ•Šμ•˜μŠ΅λ‹ˆλ‹€.

  1. First page
  2. Previous page
  3. 1
  4. 2
  5. 3
  6. Next page
  7. Last page

kkumtree

Source code on GitHub