EFS
Amazon EFS(Amazon Elastic File System)는 AWS에서 제공하는 클라우드 기반의 파일 스토리지 서비스로 ec2, eks에서 동시에 접근 가능한 공유 폴더
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 192.168.1.134:/ /mnt/myefs
[root@operator-host ~]# findmnt -t nfs4
TARGET SOURCE FSTYPE OPTIONS
/mnt/myefs 192.168.1.134:/ nfs4 rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sy
[root@operator-host ~]# nfsstat
Client rpc stats:
calls retrans authrefrsh
18 0 18
Client nfs v4:
null read write commit open open_conf
3 16% 0 0% 0 0% 0 0% 0 0% 0 0%
open_noat open_dgrd close setattr fsinfo renew
0 0% 0 0% 0 0% 0 0% 2 11% 0 0%
setclntid confirm lock lockt locku access
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
getattr lookup lookup_root remove rename link
1 5% 0 0% 1 5% 0 0% 0 0% 0 0%
symlink create pathconf statfs readlink readdir
0 0% 0 0% 1 5% 1 5% 0 0% 0 0%
server_caps delegreturn getacl setacl fs_locations rel_lkowner
3 16% 0 0% 0 0% 0 0% 0 0% 0 0%
secinfo exchange_id create_ses destroy_ses sequence get_lease_t
0 0% 0 0% 2 11% 1 5% 0 0% 1 5%
reclaim_comp layoutget getdevinfo layoutcommit layoutreturn getdevlist
0 0% 1 5% 0 0% 0 0% 0 0% 0 0%
(null)
1 5%
# 데이터 작성 후
[root@operator-host ~]# vi /mnt/myefs/test.txt
[root@operator-host ~]# nfsstat
Client rpc stats:
calls retrans authrefrsh
39 0 39
Client nfs v4:
null read write commit open open_conf
3 7% 0 0% 2 5% 0 0% 6 15% 0 0%
open_noat open_dgrd close setattr fsinfo renew
0 0% 0 0% 4 10% 1 2% 2 5% 0 0%
setclntid confirm lock lockt locku access
0 0% 0 0% 0 0% 0 0% 0 0% 1 2%
getattr lookup lookup_root remove rename link
3 7% 2 5% 1 2% 3 7% 0 0% 0 0%
symlink create pathconf statfs readlink readdir
0 0% 0 0% 1 2% 1 2% 0 0% 0 0%
server_caps delegreturn getacl setacl fs_locations rel_lkowner
3 7% 0 0% 0 0% 0 0% 0 0% 0 0%
secinfo exchange_id create_ses destroy_ses sequence get_lease_t
0 0% 0 0% 2 5% 1 2% 0 0% 1 2%
reclaim_comp layoutget getdevinfo layoutcommit layoutreturn getdevlist
0 0% 1 2% 0 0% 0 0% 0 0% 0 0%
(null)
1 2%
EFS로 마운트된 디렉터리에 데이터를 쓰게 되면 nfs 프로토콜을 통해 클라이언트와 EFS 간에 데이터 전송이 발생한다.
이 때 nfsstat 명령어를 사용하면 NFS 요청(Call) 수가 증가하는 것을 확인 가능하다.
EFS /etc/fstab 마운트 영구 설정
# /etc/fstab
[EFS IP]:/ /mnt/myefs nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0
[root@operator-host ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 981M 0 981M 0% /dev
tmpfs tmpfs 990M 0 990M 0% /dev/shm
tmpfs tmpfs 990M 432K 989M 1% /run
tmpfs tmpfs 990M 0 990M 0% /sys/fs/cgroup
/dev/xvda1 xfs 30G 3.1G 27G 11% /
tmpfs tmpfs 198M 0 198M 0% /run/user/1000
[EFS IP]:/ nfs4 8.0E 0 8.0E 0% /mnt/myefs
[root@operator-host ~]# ls /mnt/myefs/
test.txt
[root@operator-host ~]# reboot
# 재부팅 이후
[root@operator-host ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 981M 0 981M 0% /dev
tmpfs tmpfs 990M 0 990M 0% /dev/shm
tmpfs tmpfs 990M 432K 989M 1% /run
tmpfs tmpfs 990M 0 990M 0% /sys/fs/cgroup
/dev/xvda1 xfs 30G 3.1G 27G 11% /
[EFS IP]:/ nfs4 8.0E 0 8.0E 0% /mnt/myefs
tmpfs tmpfs 198M 0 198M 0% /run/user/1000
Kube ops view 인증서 적용하여 배포하기
# kube-ops-view 설치
helm repo add geek-cookbook https://geek-cookbook.github.io/charts/
helm install kube-ops-view geek-cookbook/kube-ops-view --version 1.2.2 --set service.main.type=ClusterIP --set env.TZ="Asia/Seoul" --namespace kube-system
# AWS 로드밸런서 컨트롤러
helm repo add eks https://aws.github.io/eks-charts
helm repo update
kubectl get sa -n kube-system aws-load-balancer-controller
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system \
--set clusterName=$CLUSTER_NAME \
--set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller
# ExternalDNS
MyDomain="내 도메인"
MyDnzHostedZoneId=$(aws route53 list-hosted-zones-by-name --dns-name "$MyDomain." --query "HostedZones[0].Id" --output text)
curl -s https://raw.githubusercontent.com/gasida/PKOS/main/aews/externaldns.yaml | MyDomain=$MyDomain MyDnzHostedZoneId=$MyDnzHostedZoneId envsubst | kubectl apply -f -
# 사용 리전의 인증서 ARN 확인
CERT_ARN=$(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn[]' --output text)
echo $CERT_ARN
# kubeopsview 용 Ingress 설정 : group 설정으로 1대의 ALB를 여러개의 ingress 에서 공용 사용
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
alb.ingress.kubernetes.io/group.name: study
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/success-codes: 200-399
alb.ingress.kubernetes.io/target-type: ip
labels:
app.kubernetes.io/name: kubeopsview
name: kubeopsview
namespace: kube-system
spec:
ingressClassName: alb
rules:
- host: kubeopsview.$MyDomain
http:
paths:
- backend:
service:
name: kube-ops-view
port:
number: 8080
path: /
pathType: Prefix
EOF
