•
️ 노드 그룹 및 EFS 보안그룹에 NFS (2049포트 추가하기)ENV
CLUSTER_NAME="<Cluster Name>"
CLUSTER_OIDC=$(aws eks describe-cluster --name $CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | cut -c 9-100)
ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text)
Shell
복사
EFS CSI 드라이버 신뢰 정책 생성
cat <<\EOF> aws-efs-csi-driver-trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::ACCOUNT_ID:oidc-provider/OIDC"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"OIDC:aud": "sts.amazonaws.com"
}
}
}
]
}
EOF
Shell
복사
sed 명령어로 취환
sed -i "s|ACCOUNT_ID|$ACCOUNT|g" aws-efs-csi-driver-trust-policy.json
sed -i "s|OIDC|$CLUSTER_OIDC|g" aws-efs-csi-driver-trust-policy.json
Shell
복사
IAM 역할 생성
aws iam create-role --role-name AmazonEKS_EFS_CSI_DriverRole --assume-role-policy-document file:///home/ec2-user/aws-efs-csi-driver-trust-policy.json
Shell
복사
IAM 역할에 정책 연결
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy --role-name AmazonEKS_EFS_CSI_DriverRole
Shell
복사
ENV & aws-efs-csi-driver addon 생성
export AWS_REGION=ap-northeast-2
eksctl create addon --name aws-efs-csi-driver --cluster $CLUSTER_NAME --service-account-role-arn arn:aws:iam::$ACCOUNT:role/AmazonEKS_EFS_CSI_DriverRole --force
Shell
복사
애플리케이션 배포 및 CSI 드라이버 작동 여부 확인
•
sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: efs-sc
namespace: skills
provisioner: efs.csi.aws.com
YAML
복사
kubectl apply -f sc.yaml
Shell
복사
•
pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
namespace: skills
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
YAML
복사
kubectl apply -f pvc.yaml
Shell
복사
•
pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: efs_id
YAML
복사
aws efs create-file-system \
--performance-mode generalPurpose \
--throughput-mode bursting \
--encrypted \
--tags Key=Name,Value=<EFS_NAME>
Shell
복사
EFS_ID=$(aws efs describe-file-systems --query "FileSystems[].FileSystemId" --output text)
Shell
복사
sed -i "s|efs_id|$EFS_ID|g" pv.yaml
Shell
복사
kubectl apply -f pv.yaml
Shell
복사
•
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: centos-deployment
namespace: skills
spec:
replicas: 1
selector:
matchLabels:
app: centos
template:
metadata:
labels:
app: centos
spec:
containers:
- name: centos
image: centos:latest
ports:
- containerPort: 80
volumeMounts:
- mountPath: /data
name: efs-claim
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out; sleep 5; done"]
volumes:
- name: efs-claim
persistentVolumeClaim:
claimName: efs-claim
YAML
복사
kubectl apply -f deployment.yaml
Shell
복사
kubectl exec centos-deployment-6885448d5b-czjbt -n skills -- bash -c "cat /data/out"
Shell
복사