CloudWatch

CLUSTER_NAME=<CLUSTER_NAME>
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
Shell
복사

eksctl create iamserviceaccount \
  --cluster=$CLUSTER_NAME \
  --namespace=keda-cloudwatch-guidance \
  --name=keda-operator \
  --role-name=keda-operator-role \
  --attach-policy-arn=arn:aws:iam::aws:policy/CloudWatchFullAccess \
  --approve
Shell
복사

helm repo add kedacore https://kedacore.github.io/charts
helm repo update
helm install keda kedacore/keda \
  -n keda-cloudwatch-guidance \
  --set serviceAccount.operator.create=false \
  --set serviceAccount.operator.name=keda-operator
Shell
복사

helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=$CLUSTER_NAME \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller
Shell
복사

public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-b" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-b" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)

public_subnet_name=("$public_a" "$public_b")
private_subnet_name=("$private_a" "$private_b")

for name in "${public_subnet_name[@]}"
do
    aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1
done

for name in "${private_subnet_name[@]}"
do
    aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1
done
Shell
복사

aws iam create-user --user-name user
Shell
복사

aws iam attach-user-policy --user-name user --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess
Shell
복사

aws iam create-access-key --user-name user
Shell
복사

echo -n "<AWS_ACCESS_KEY_ID>" | base64
echo -n "<AWS_SECRET_ACCESS_KEY>" | base64
Shell
복사

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: keda-cloudwatch-guidance
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      serviceAccountName: keda-operator
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80
YAML
복사

kubectl apply -f deployment.yaml
Shell
복사

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  namespace: keda-cloudwatch-guidance
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP
YAML
복사

kubectl apply -f service.yaml
Shell
복사

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keda-ingress
  namespace: keda-cloudwatch-guidance
  annotations:
    alb.ingress.kubernetes.io/load-balancer-name: keda-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "5"
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "3"
    alb.ingress.kubernetes.io/healthy-threshold-count: "3"
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "2"
    alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=30
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-svc
                port:
                  number: 80
YAML
복사

kubectl apply -f ingress.yaml
Shell
복사

apiVersion: v1
kind: Secret
metadata:
  name: access-secret
  namespace: keda-cloudwatch-guidance
data:
  AWS_ACCESS_KEY_ID: ACCESS_KEY_INCODING_VALUE
  AWS_SECRET_ACCESS_KEY: SECRET_ACCESS_KEY_INCODING_VALUE
YAML
복사

kubectl apply -f secret.yaml
Shell
복사

apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: keda-trigger-auth-aws-credentials
  namespace: keda-cloudwatch-guidance
spec:
  secretTargetRef:
    - parameter: awsAccessKeyID
      name: access-secret
      key: AWS_ACCESS_KEY_ID
    - parameter: awsSecretAccessKey
      name: access-secret
      key: AWS_SECRET_ACCESS_KEY
YAML
복사

kubectl apply -f triggerauthentication.yaml
Shell
복사

TargetResponseTime

RequestCount

참조

apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: aws-cloudwatch-table-scaledobject
  namespace: keda-cloudwatch-guidance
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: nginx-deployment
  pollingInterval: 10
  cooldownPeriod: 90
  minReplicaCount: 1
  maxReplicaCount: 20
  advanced:
    restoreToOriginalReplicaCount: false
    horizontalPodAutoscalerConfig:
      name: aws-cloudwatch-hpa
      behavior:
        scaleUp:
          stabilizationWindowSeconds: 0
          policies:
            - type: Pods
              value: 2
              periodSeconds: 20
        scaleDown:
          stabilizationWindowSeconds: 60
          policies:
            - type: Pods
              value: 1
              periodSeconds: 30
  triggers:
    - type: aws-cloudwatch
      metadata:
        expression: SELECT OPERATOR(METRIC_NAME) FROM SCHEMA("METRIC_DIMENSION", CONDITION1,CONDITION2) WHERE CONDITION1 = 'CONDITION1/VALUE'
        targetMetricValue: "1"
        activationTargetMetricValue: "1"
        minMetricValue: "0"
        awsRegion: ap-northeast-2
        metricStat: "OPERATOR"
        metricUnit: "UNIT"
        metricCollectionTime: "60"
        metricStatPeriod: "30"
      authenticationRef:
        name: keda-trigger-auth-aws-credentials
YAML
복사

kubectl apply -f scaledobject.yaml
Shell
복사