search

f-lab-clone / ticketing-infra

[2023] Ticketing Service - PerformanceTest, Terraform, EKS, Grafana
https://github.com/f-lab-clone/ticketing-backend
7 stars 2 forks source link

EKS Subnet 구조 변경 #46

Closed junha-ahn closed 1 year ago

junha-ahn commented 1 year ago

Description

하나의 노드만을 Public Subnet에 배치 (Ingress Controller 용) 나머지 노드 전체를 Private Subnet에 배치

To do

Test Checklist

Ingress pod only deploy on Ingress Node Group

❯ kubectl get node -l role=ingress -o wide                                           05:10:13 PM
NAME                                             STATUS   ROLES    AGE   VERSION               INTERNAL-IP   EXTERNAL-IP    OS-IMAGE         KERNEL-VERSION                  CONTAINER-RUNTIME
ip-10-0-84-165.ap-northeast-2.compute.internal   Ready    <none>   27m   v1.27.4-eks-8ccc7ba   10.0.84.165   3.36.100.189   Amazon Linux 2   5.10.186-179.751.amzn2.x86_64   containerd://1.6.19

❯ kubectl get pod -o wide                                                             05:14:26 PM
NAME                                                    READY   STATUS    RESTARTS   AGE     IP            NODE                                             NOMINATED NODE   READINESS GATES
development-ingress-nginx-controller-849bbcc585-jv6rh   1/1     Running   0          6m53s   10.0.84.165   ip-10-0-84-165.ap-northeast-2.compute.internal   <none>           <none>
development-ticketing-application-848d4b547d-kv6tq      1/1     Running   0          6m53s   10.0.64.166   ip-10-0-73-79.ap-northeast-2.compute.internal    <none>           <none>
junha-ahn commented 1 year ago

Nginx Igress Template 파일 생성

helm template ingress-nginx/ingress-nginx --name-template=development --values ./ingress-nginx.yaml > ../ticketing-chart/templates/ingress-nginx.yaml

해당 PR 문제점

1. private subnet 배치 실패

2. endpoint 고정 불가능

ingress Node Group에 Nginx 를 설치하는것은 성공했으나 결국 endpoint는 해당 node에 귀속되어 있으며, 만약 node가 변경된다면(장애나, 업그레이드) 결국 endpoint가 변경된다.

기타

namespace nodeselector

동작안함

https://docs.mirantis.com/mke/3.6/ops/authorize-rolebased-access/rbac-tutorials/isolate-nodes/isolate-nodes-kubernetes.html

ArgoCD Application 삭제 실패시

https://github.com/argoproj/argo-cd/issues/1329#issuecomment-1247176754