클라우드 엔지니어 꿈나무
EBS Volume 구성하여 mysql 설치 본문
EBS (Elastic Block Storage)
HDD나 SDD 의 역할을 수행하며 EC2 에 부착 가능한 하드 디스크 (EC2와 같은 가용 영역 안에 존재해야 함)
EC2를 제거해도 삭제되지 않는다.
단일 EBS에 다수의 EC2 장착 가능
EBS Volue : EBS 로 생성한 디스크 저장 단위
snapshotter : 특정 시점의 볼륨의 상태를 캡처하고, 이를 바탕으로 새로운 볼륨을 생성하는 데 사용
snapshotter volumesnapshotclasses, volumesnapshotcontents, volumesnapshots 생성
rbac 생성
apiVersion: v1
kind: ServiceAccount
metadata:
name: snapshot-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update", "patch"]
# Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
# - apiGroups: [""]
# resources: ["nodes"]
# verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-role
subjects:
- kind: ServiceAccount
name: snapshot-controller
namespace: kube-system
roleRef:
kind: ClusterRole
name: snapshot-controller-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: kube-system
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: kube-system
subjects:
- kind: ServiceAccount
name: snapshot-controller
roleRef:
kind: Role
name: snapshot-controller-leaderelection
apiGroup: rbac.authorization.k8s.io
setup-snapshot-controller.yaml
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: snapshot-controller
namespace: kube-system
spec:
replicas: 2
selector:
matchLabels:
app: snapshot-controller
# the snapshot controller won't be marked as ready if the v1 CRDs are unavailable
# in #504 the snapshot-controller will exit after around 7.5 seconds if it
# can't find the v1 CRDs so this value should be greater than that
minReadySeconds: 15
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: snapshot-controller
spec:
serviceAccountName: snapshot-controller
containers:
- name: snapshot-controller
image: registry.k8s.io/sig-storage/snapshot-controller:v6.1.0
args:
- "--v=5"
- "--leader-election=true"
# Add a marker to the snapshot-controller manifests. This is needed to enable feature gates in CSI prow jobs.
# For example, in https://github.com/kubernetes-csi/csi-release-tools/pull/209, the snapshot-controller YAML is updated to add --prevent-volume-mode-conversion=true so that the feature can be enabled for certain e2e tests.
# end snapshot controller args
imagePullPolicy: IfNotPresent
생성 확인
eksctl create iamserviceaccount --name ebs-csi-controller-sa --namespace kube-system --cluster kang-cluster --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --approve --role-only --role-name AmazonEKS_EBS_CSI_DriverRole => ebs csi driver iam 역할 생성
생성된 내역은 cloudformation 부분에서 확인 가능
eksctl create addon --name aws-ebs-csi-driver --region ap-northeast-2 --cluster kang-cluster --service-account-role-arn arn:aws:<계정 id>:role/AmazonEKS_EBS_CSI_DriverRole --force => 애드온 설치
ebs-csi-controller : api를 송신해서 ebs를 생성
ebs-csi-node : kubelet과 함께 ebs를 mount 함
ebs-storageclass.yaml (동적 프로비저닝)
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: aws-ebs-sc #pod 에서 이 이름으로 요청
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
mysql.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: stage
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-root
namespace: stage
type: Opaque
data:
password: UjAwVCFaRTQ=
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mysql
name: mysql
namespace: stage
spec:
clusterIP: None
ports:
- port: 3306
selector:
app: mysql
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
namespace: stage
labels:
app: mysql
spec:
serviceName: mysql
replicas: 2
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: mysql
image: mysql:latest
imagePullPolicy: Always
ports:
- containerPort: 3306
resources:
limits:
cpu: "500m"
memory: 1Gi
requests:
cpu: "500m"
memory: 1Gi
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root
key: password
volumeMounts:
- name: mysql-data
mountPath: /opt/ebs_storage #mount 위치
volumeClaimTemplates: #여기서 디스크 생성
- metadata:
name: mysql-data
spec:
accessModes: [ "ReadWriteOnce" ] #ebs는 주로 readwriteOnce efs의 경우 ReadWirteMany
storageClassName: aws-ebs-sc #storage class 사용할 것
resources:
requests:
storage: 2Gi
PV / PVC / EBS 생성 확인
마운트 확인
Pod 동작 확인
kubectl exec -n stage -it mysql-0 sh
'AWS' 카테고리의 다른 글
| EKS EFS 클러스터 pod ContainerCreating 해결 (0) | 2024.01.09 |
|---|---|
| EKF EFS 구성 (0) | 2024.01.07 |
| eks resource 생성 실패 시, no task 오류 해결 (0) | 2024.01.05 |
| eksctl 명령어 입력시 권한 오류 (0) | 2024.01.05 |
| EKS 클러스터 접근 가능한 사용자 추가 (1) | 2024.01.04 |
'AWS' Related Articles
more
