•
EBS CSI Driver 설치 필요
EKS_CLUSTER_NAME="<CLUSTER_NAME>"
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
Shell
복사
kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Shell
복사
cat << EOF > values.yaml
auth:
adminUser: admin
adminPassword: admin
proxy: edge
EOF
Shell
복사
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install keycloak -n keycloak bitnami/keycloak --create-namespace -f values.yaml --version 15.1.8
Shell
복사
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.13.0/docs/install/iam_policy.json
Shell
복사
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
Shell
복사
eksctl create iamserviceaccount \
--cluster=skills-eks-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::${ACCOUNT_ID}:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--region ap-northeast-2 \
--approve
Shell
복사
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=$EKS_CLUSTER_NAME \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
Shell
복사
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
namespace: keycloak
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-path: /realms/master
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: <ACM_ARN>
alb.ingress.kubernetes.io/ssl-redirect: '443'
spec:
defaultBackend:
service:
name: keycloak
port:
number: 80
YAML
복사
kubectl apply -f ingress.yaml
YAML
복사