일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- Kubeflow
- argocd
- CANARY
- nginx ingress
- keda
- Model Serving
- Pulumi
- mlops
- 오퍼레이터
- knative
- serving
- Kubernetes 인증
- seldon core
- eBPF
- Kopf
- blue/green
- Continuous Deployment
- 카오스 엔지니어링
- Kubernetes
- xdp
- operator
- MLflow
- Litmus
- CI/CD
- kubernetes operator
- Argo
- tekton
- gitops
- opentelemetry
- opensearch
- Today
- Total
Kubernetes 이야기
Pulumi 를 사용하여 EKS Cluster 생성 본문
aws console을 사용하다 보면 EC2 외에 보안그룹, EIP, 볼륨 등 다양한 리소스를 생성하게 된다. 이 때 리소스 삭제를 하는 경우 종속성 문제로 여러 메뉴들을 오가며 번거로운 작업을 할 때가 많다.
서비스가 많아지면 Infra를 관리를 위해 반복하는 작업이 많아지게 된다. 그래서 최근 Infrastructure as Code 와 관련된 기사를 많이 보게 된다. Public Cloud 관리를 위해 대표적으로 Terraform을 들수 있다.
Terraform은 쉽게 인프라를 구성할 수 있도록 해 주는 정말 좋은 도구이다. 하지만, 복잡한 구성 설정을 위해 필요한 HCL (HashiCorp Configuration Language) 를 배워야 하는 학습 곡선이 있다.
Pulumi는 개발자에게 익숙한 언어 ( Python, Go, Typescript, Javascript, .NET )을 사용하여 만들 수 있기 때문에 개발자라면 별도의 언어 학습 없이 Terraform에서 할 수 있었던 것을 할 수 있다는 장점이 있다.
설치
linux
# curl -fsSL https://get.pulumi.com | sh
=== Installing Pulumi v3.26.1 ===
+ Downloading https://get.pulumi.com/releases/sdk/pulumi-v3.26.1-linux-x64.tar.gz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 63.4M 100 63.4M 0 0 8973k 0 0:00:07 0:00:07 --:--:-- 8925k
+ Extracting to /root/.pulumi/bin
+ Adding $HOME/.pulumi/bin to $PATH in /root/.bashrc
=== Pulumi is now installed! 🍹 ===
+ Please restart your shell or add /root/.pulumi/bin to your $PATH
+ Get started with Pulumi: https://www.pulumi.com/docs/quickstart
# source .bashrc
Windows
https://github.com/pulumi/pulumi/releases/ 사이트에서 압축파일을 다운로드 후 Path 에 지정한다.
샘플
pulumi는 처음 프로젝트를 생성할 때 pulumi cloud에 로그인하기를 요청한다. 하지만 오프라인에서도 아래와 같이 사용가능하다.
# pulumi login --local
Logged in to DESKTOP-xxx as DESKTOP-xxx\kmaster (file://~
login 후 프로젝트를 생성해 보자.
# pulumi new --help
Create a new Pulumi project and stack from a template.
To create a project from a specific template, pass the template name (such as `aws-typescript`
or `azure-python`). If no template name is provided, a list of suggested templates will be presented
which can be selected interactively.
By default, a stack created using the pulumi.com backend will use the pulumi.com secrets
provider and a stack created using the local or cloud object storage backend will use the
`passphrase` secrets provider. A different secrets provider can be selected by passing the
`--secrets-provider` flag.
To use the `passphrase` secrets provider with the pulumi.com backend, use:
* `pulumi new --secrets-provider=passphrase`
To use a cloud secrets provider with any backend, use one of the following:
* `pulumi new --secrets-provider="awskms://alias/ExampleAlias?region=us-east-1"`
* `pulumi new --secrets-provider="awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1"`
* `pulumi new --secrets-provider="azurekeyvault://mykeyvaultname.vault.azure.net/keys/mykeyname"`
* `pulumi new --secrets-provider="gcpkms://projects/p/locations/l/keyRings/r/cryptoKeys/k"`
* `pulumi new --secrets-provider="hashivault://mykey"`
To create a project from a specific source control location, pass the url as follows e.g.
* `pulumi new https://gitlab.com/<user>/<repo>`
* `pulumi new https://bitbucket.org/<user>/<repo>`
* `pulumi new https://github.com/<user>/<repo>`
To create the project from a branch of a specific source control location, pass the url to the branch, e.g.
* `pulumi new https://gitlab.com/<user>/<repo>/tree/<branch>`
* `pulumi new https://bitbucket.org/<user>/<repo>/tree/<branch>`
* `pulumi new https://github.com/<user>/<repo>/tree/<branch>`
Usage:
pulumi new [template|url] [flags]
Flags:
-c, --config stringArray Config to save
--config-path Config keys contain a path to a property in a map or list to set
-d, --description string The project description; if not specified, a prompt will request it
--dir string The location to place the generated project; if not specified, the current directory is used
-f, --force Forces content to be generated even if it would change existing files
-g, --generate-only Generate the project only; do not create a stack, save config, or install dependencies
-h, --help help for new
-n, --name string The project name; if not specified, a prompt will request it
-o, --offline Use locally cached templates without making any network requests
--secrets-provider string The type of the provider that should be used to encrypt and decrypt secrets (possible choices: default,
passphrase, awskms, azurekeyvault, gcpkms, hashivault) (default "default")
-s, --stack string The stack name; either an existing stack or stack to create; if not specified, a prompt will request it
-y, --yes Skip prompts and proceed with default values
Global Flags:
--color string Colorize output. Choices are: always, never, raw, auto (default "auto")
-C, --cwd string Run pulumi as if it had been started in another directory
--disable-integrity-checking Disable integrity checking of checkpoint files
-e, --emoji Enable emojis in the output
--logflow Flow log settings to child processes (like plugins)
--logtostderr Log to stderr instead of to files
--non-interactive Disable interactive mode for all commands
--profiling string Emit CPU and memory profiles and an execution trace to '[filename].[pid].{cpu,mem,trace}', respectively
--tracing file: Emit tracing to the specified endpoint. Use the file: scheme to write tracing data to a local file
-v, --verbose int Enable verbose logging (e.g., v=3); anything >3 is very verbose
Available Templates:
aiven-go A minimal Aiven Go Pulumi program
alicloud-csharp A minimal AliCloud C# Pulumi program
alicloud-fsharp A minimal AliCloud F# Pulumi program
alicloud-go A minimal AliCloud Go Pulumi program
alicloud-javascript A minimal AliCloud JavaScript Pulumi program
alicloud-python A minimal AliCloud Python Pulumi program
alicloud-typescript A minimal AliCloud TypeScript Pulumi program
alicloud-visualbasic A minimal AliCloud VB.NET Pulumi program
auth0-csharp A minimal Auth0 C# Pulumi program
auth0-go A minimal Auth0 Go Pulumi program
auth0-javascript A minimal Auth0 TypeScript Pulumi program
auth0-python A minimal Auth0 Python Pulumi program
auth0-typescript A minimal Auth0 TypeScript Pulumi program
aws-csharp A minimal AWS C# Pulumi program
aws-fsharp A minimal AWS F# Pulumi program
aws-go A minimal AWS Go Pulumi program
aws-javascript A minimal AWS JavaScript Pulumi program
aws-native-csharp A minimal AWS C# Pulumi program
aws-native-fsharp A minimal AWS F# Pulumi program
aws-native-go A minimal AWS Go Pulumi program
aws-native-javascript A minimal AWS JavaScript Pulumi program
aws-native-python A minimal AWS Python Pulumi program
aws-native-typescript A minimal AWS TypeScript Pulumi program
aws-native-visualbasic A minimal AWS VB.NET Pulumi program
aws-python A minimal AWS Python Pulumi program
aws-typescript A minimal AWS TypeScript Pulumi program
aws-visualbasic A minimal AWS VB.NET Pulumi program
azure-classic-csharp A minimal C# Pulumi program with the classic Azure provider
azure-classic-fsharp A minimal F# Pulumi program with the classic Azure provider
azure-classic-go A minimal Go Pulumi program with the classic Azure provider
azure-classic-javascript A minimal JavaScript Pulumi program with the classic Azure provider
azure-classic-python A minimal Python Pulumi program with the classic Azure provider
azure-classic-typescript A minimal TypeScript Pulumi program with the classic Azure provider
azure-classic-visualbasic A minimal VB.NET Pulumi program with the classic Azure provider
azure-csharp A minimal Azure Native C# Pulumi program
azure-fsharp A minimal Azure Native F# Pulumi program
azure-go A minimal Azure Native Go Pulumi program
azure-javascript A minimal JavaScript Pulumi program with the native Azure provider
azure-python A minimal Azure Native Python Pulumi program
azure-typescript A minimal Azure Native TypeScript Pulumi program
civo-go A minimal Civo Go Pulumi program
civo-javascript A minimal Civo TypeScript Pulumi program
civo-python A minimal Civo Python Pulumi program
civo-typescript A minimal Civo TypeScript Pulumi program
csharp A minimal C# Pulumi program
digitalocean-go A minimal DigitalOcean Go Pulumi program
digitalocean-javascript A minimal DigitalOcean JavaScript Pulumi program
digitalocean-python A minimal DigitalOcean Python Pulumi program
digitalocean-typescript A minimal DigitalOcean TypeScript Pulumi program
equinix-metal-go A minimal Equinix Metal Go Pulumi program
equinix-metal-javascript A minimal Equinix Metal JavaScript Pulumi program
equinix-metal-python A minimal Equinix Metal Python Pulumi program
equinix-metal-typescript A minimal Equinix Metal TypeScript Pulumi program
fsharp A minimal F# Pulumi program
gcp-csharp A minimal Google Cloud C# Pulumi program
gcp-fsharp A minimal GCP F# Pulumi program
gcp-go A minimal Google Cloud Go Pulumi program
gcp-javascript A minimal Google Cloud JavaScript Pulumi program
gcp-python A minimal Google Cloud Python Pulumi program
gcp-typescript A minimal Google Cloud TypeScript Pulumi program
gcp-visualbasic A minimal GCP VB.NET Pulumi program
github-csharp A minimal GitHub C# Pulumi program
github-go A minimal GitHub Go Pulumi program
github-javascript A minimal GitHub JavaScript Pulumi program.
github-python A minimal GitHub Python Pulumi program
github-typescript A minimal GitHub TypeScript Pulumi program.
go A minimal Go Pulumi program
google-native-csharp A minimal Google Cloud C# Pulumi program
google-native-go A minimal Google Cloud Go Pulumi program
google-native-python A minimal Google Cloud Python Pulumi program
google-native-typescript A minimal Google Cloud TypeScript Pulumi program
hello-aws-javascript A simple AWS serverless JavaScript Pulumi program
javascript A minimal JavaScript Pulumi program
kubernetes-csharp A minimal Kubernetes C# Pulumi program
kubernetes-fsharp A minimal Kubernetes F# Pulumi program
kubernetes-go A minimal Kubernetes Go Pulumi program
kubernetes-javascript A minimal Kubernetes JavaScript Pulumi program
kubernetes-python A minimal Kubernetes Python Pulumi program
kubernetes-typescript A minimal Kubernetes TypeScript Pulumi program
linode-go A minimal Linode Go Pulumi program
linode-javascript A minimal Linode JavaScript Pulumi program
linode-python A minimal Linode Python Pulumi program
linode-typescript A minimal Linode TypeScript Pulumi program
openstack-go A minimal OpenStack Go Pulumi program
openstack-javascript A minimal OpenStack JavaScript Pulumi program
openstack-python A minimal OpenStack Python Pulumi program
openstack-typescript A minimal OpenStack TypeScript Pulumi program
python A minimal Python Pulumi program
typescript A minimal TypeScript Pulumi program
visualbasic A minimal VB.NET Pulumi program
위와 같이 github나 template에서 프로젝트를 생성할 수 있다. 이제 샘플로 eks를 생성해 보자.
$ pulumi new https://github.com/pulumi/pulumi-eks/tree/master/examples/cluster-py
This command will walk you through creating a new Pulumi project.
Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.
project name: (example-cluster-py)
project description: (EKS cluster example)
Created project 'example-cluster-py'
stack name: (dev) test
Created stack 'test'
Enter your passphrase to protect config/secrets:
Re-enter your passphrase to confirm:
생성 후 폴더파일들을 보면 아래와 같다.
$ ls -al
total 20
drwxr-xr-x 1 net29 197609 0 4월 5 22:22 ./
drwxr-xr-x 1 net29 197609 0 4월 5 22:16 ../
-rw-r--r-- 1 net29 197609 1355 4월 5 22:21 __main__.py
-rw-r--r-- 1 net29 197609 85 4월 5 22:22 Pulumi.test.yaml
-rw-r--r-- 1 net29 197609 114 4월 5 22:23 Pulumi.yaml
-rw-r--r-- 1 net29 197609 189 4월 5 22:21 README.md
-rw-r--r-- 1 net29 197609 48 4월 5 22:21 requirements.txt
drwxr-xr-x 1 net29 197609 0 4월 5 22:22 venv/
-rw-r--r-- 1 net29 197609 1114 4월 5 22:21 vpc.py
__main__.py 와 vpc.py는 아래와 같다. ( 예제는 EKS Cluster를 2개 만들기 때문에 1개만 생성하도록 수정함 )
import pulumi
import pulumi_eks as eks
# Create an EKS cluster.
cluster = eks.Cluster(
"test-cluster",
instance_type="t2.medium",
desired_capacity=2,
min_size=1,
max_size=2,
)
# Export the cluster's kubeconfig.
pulumi.export("kubeconfig", cluster.kubeconfig)
소스를 만들었으면, eks 설치에 필요한 모듈을 설치하자.
# source venv/Scripts/activate
# (venv) pip install pulumi_eks
이제 실행 전 aws cli를 먼저 설치 후 환경설정을 한다. 설치는 아래 URL에서 확인한다. https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
설치가 완료되었으면 aws 환경설정을 진행한다.
# aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
이제 pulumi를 실행해 보자.
$ pulumi up
Enter your passphrase to unlock config/secrets
(set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember):
Previewing update (test):
Type Name Plan
+ pulumi:pulumi:Stack example-cluster-py-test create
+ └─ eks:index:Cluster test-cluster create
+ ├─ eks:index:ServiceRole test-cluster-eksRole create
+ │ ├─ aws:iam:Role test-cluster-eksRole-role create
+ │ ├─ aws:iam:RolePolicyAttachment test-cluster-eksRole-4b490823 create
+ │ └─ aws:iam:RolePolicyAttachment test-cluster-eksRole-90eb1c99 create
+ ├─ eks:index:ServiceRole test-cluster-instanceRole create
+ │ ├─ aws:iam:Role test-cluster-instanceRole-role create
+ │ ├─ aws:iam:RolePolicyAttachment test-cluster-instanceRole-e1b295bd create
+ │ ├─ aws:iam:RolePolicyAttachment test-cluster-instanceRole-03516f97 create
+ │ └─ aws:iam:RolePolicyAttachment test-cluster-instanceRole-3eb088f2 create
+ ├─ eks:index:RandomSuffix test-cluster-cfnStackName create
+ ├─ aws:ec2:SecurityGroup test-cluster-eksClusterSecurityGroup create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksClusterInternetEgressRule create
+ ├─ aws:iam:InstanceProfile test-cluster-instanceProfile create
+ ├─ aws:eks:Cluster test-cluster-eksCluster create
+ ├─ pulumi:providers:kubernetes test-cluster-eks-k8s create
+ ├─ eks:index:VpcCni test-cluster-vpc-cni create
+ ├─ aws:ec2:SecurityGroup test-cluster-nodeSecurityGroup create
+ ├─ kubernetes:core/v1:ConfigMap test-cluster-nodeAccess create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksNodeClusterIngressRule create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksClusterIngressRule create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksNodeIngressRule create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksNodeInternetEgressRule create
+ ├─ aws:ec2:SecurityGroupRule test-cluster-eksExtApiServerClusterIngressRule create
+ ├─ aws:ec2:LaunchConfiguration test-cluster-nodeLaunchConfiguration create
+ ├─ aws:cloudformation:Stack test-cluster-nodes create
+ └─ pulumi:providers:kubernetes test-cluster-provider create
Resources:
+ 28 to create
Do you want to perform this update? no
confirmation declined, not proceeding with the update
위와 같이 28개의 resource가 생성되는 것을 확인할 수 있다.
'개발 > pulumi' 카테고리의 다른 글
pulumi kubernetes operator (1) | 2022.09.02 |
---|