AEWS 4주차 정리

🚀 실습 환경 배포

🏗️ AWS CloudFormation을 통해 기본 실습 환경 배포

1. yaml 파일 다운로드

curl -O https://s3.ap-northeast-2.amazonaws.com/cloudformation.cloudneta.net/K8S/myeks-4week.yaml
# 결과
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--100 21983  100 21983    0     0   201k      0 --:--:-- --:--:-- --:--:--  202k

2. 변수 지정

CLUSTER_NAME=myeks
SSHKEYNAME=kp-aews # SSH 키페어 이름
MYACCESSKEY=XXXXXXXXXXXXXXXXXX # IAM User 액세스 키
MYSECRETKEY=XXXXXXXXXXXXXXXXXX # IAM User 시크릿 키
WorkerNodeInstanceType=t3.medium # 워커노드 인스턴스 타입

3. CloudFormation 스택 배포

aws cloudformation deploy --template-file myeks-4week.yaml --stack-name $CLUSTER_NAME --parameter-overrides KeyName=$SSHKEYNAME SgIngressSshCidr=$(curl -s ipinfo.io/ip)/32  MyIamUserAccessKeyID=$MYACCESSKEY MyIamUserSecretAccessKey=$MYSECRETKEY ClusterBaseName=$CLUSTER_NAME WorkerNodeInstanceType=$WorkerNodeInstanceType --region ap-northeast-2

# 결과
Waiting for changeset to be created..
Waiting for stack create/update to complete
Successfully created/updated stack - myeks

4. CloudFormation 스택 배포 완료 후 작업용 EC2 IP 출력

aws cloudformation describe-stacks --stack-name myeks --query 'Stacks[*].Outputs[0].OutputValue' --output text

✅ 출력

13.124.11.68

5. 배포 과정 살펴보기

(1) 운영서버 EC2 SSH 접속

ssh -i kp-aews.pem ec2-user@$(aws cloudformation describe-stacks --stack-name myeks --query 'Stacks[*].Outputs[0].OutputValue' --output text)

The authenticity of host '13.124.11.68 (13.124.11.68)' can't be established.
ED25519 key fingerprint is SHA256:GaT1nuQgtyirycvJg2yQG/bVRT87T7sukVFzeOtkySk.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '13.124.11.68' (ED25519) to the list of known hosts.
   ,     #_
   ~\_  ####_        Amazon Linux 2
  ~~  \_#####\
  ~~     \###|       AL2 End of Life is 2026-06-30.
  ~~       \#/ ___
   ~~       V~' '->
    ~~~         /    A newer version of Amazon Linux is available!
      ~~._.   _/
         _/ _/       Amazon Linux 2023, GA and supported until 2028-03-15.
       _/m/'           https://aws.amazon.com/linux/amazon-linux-2023/

[root@operator-host ~]# 

(2) AWS CLI 자격증명 설정

[root@operator-host ~]# aws configure
AWS Access Key ID [None]: XXXXXXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXX
Default region name [None]: ap-northeast-2
Default output format [None]: json

(3) 루트 사용자 및 홈 디렉토리 확인 작업

[root@operator-host ~]# whoami
root

[root@operator-host ~]# pwd
/root

(4) cloud-init 실행 과정 로그 확인

[root@operator-host ~]# tail -f /var/log/cloud-init-output.log

✅ 출력

LICENSE
README.md
kubecolor
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--100    97  100    97    0     0    260      0 --:--:-- --:--:-- --:--:--   260
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0  9.9M    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--100  9.9M  100  9.9M    0     0  5993k      0  0:00:01  0:00:01 --:--:--  136M
Userdata End!
Cloud-init v. 19.3-46.amzn2.0.4 finished at Tue, 25 Feb 2025 12:58:35 +0000. Datasource DataSourceEc2.  Up 86.51 seconds

(5) eks 설정 파일 확인

[root@operator-host ~]# cat myeks.yaml

✅ 출력

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: myeks
  region: ap-northeast-2
  version: "1.31"

iam:
  withOIDC: true 

  serviceAccounts:
  - metadata:
      name: aws-load-balancer-controller
      namespace: kube-system
    wellKnownPolicies:
      awsLoadBalancerController: true

vpc:
  cidr: 192.168.0.0/16
  clusterEndpoints:
    privateAccess: true 
    publicAccess: true 
  id: vpc-017a9a38a294509ea
  subnets:
    public:
      ap-northeast-2a:
        az: ap-northeast-2a
        cidr: 192.168.1.0/24
        id: subnet-011d8d6df3bab1c31
      ap-northeast-2b:
        az: ap-northeast-2b
        cidr: 192.168.2.0/24
        id: subnet-004ed4a345eecd440
      ap-northeast-2c:
        az: ap-northeast-2c
        cidr: 192.168.3.0/24
        id: subnet-068e9402c8bb97c66

addons:
  - name: vpc-cni # no version is specified so it deploys the default version
    version: latest # auto discovers the latest available
    attachPolicyARNs: # attach IAM policies to the add-on's service account
      - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
    configurationValues: |-
      enableNetworkPolicy: "true"

  - name: kube-proxy
    version: latest

  - name: coredns
    version: latest

  - name: metrics-server
    version: latest

  - name: aws-ebs-csi-driver
    version: latest
    wellKnownPolicies:
      ebsCSIController: true

managedNodeGroups:
- amiFamily: AmazonLinux2023
  desiredCapacity: 3
  iam:
    withAddonPolicies:
      certManager: true 
      externalDNS: true 
  instanceType: t3.medium
  preBootstrapCommands:
    # install additional packages
    - "dnf install nvme-cli links tree tcpdump sysstat ipvsadm ipset bind-utils htop -y"
  labels:
    alpha.eksctl.io/cluster-name: myeks
    alpha.eksctl.io/nodegroup-name: ng1
  maxPodsPerNode: 60
  maxSize: 3
  minSize: 3
  name: ng1
  ssh:
    allow: true
    publicKeyName: kp-aews
  tags:
    alpha.eksctl.io/nodegroup-name: ng1
    alpha.eksctl.io/nodegroup-type: managed
  volumeIOPS: 3000
  volumeSize: 60
  volumeThroughput: 125
  volumeType: gp3

(6) cloud-init 정상 완료 후 eksctl 실행 과정 로그 확인

[root@operator-host ~]# more create-eks.log

✅ 출력

2025-02-25 21:57:51 [▶]  Setting credentials expiry window to 30 minutes
2025-02-25 21:57:51 [▶]  role ARN for the current session is "arn:aws:iam::378102432899:user/eks-user"
2025-02-25 21:57:52 [ℹ]  eksctl version 0.204.0
2025-02-25 21:57:52 [ℹ]  using region ap-northeast-2
2025-02-25 21:57:52 [✔]  using existing VPC (vpc-017a9a38a294509ea) and subnets (private:map[] public:map[ap-northeast-2a:{subnet-011d8d6df3bab1c31 ap-northeast-2a 192.168.1.0/24 0 } ap-northeast-2b:{subnet-004ed4a345eecd440 ap-northeast-2b 192.168.2.0/24 0 } ap-northeast-2c:{subnet-068e9402c8bb97c66 ap-northeast-2c 192.168.3.0/24 0 }])
2025-02-25 21:57:52 [!]  custom VPC/subnets will be used; if resulting cluster doesn't function as expected, make sure to review the configuration of VPC/subnets
2025-02-25 21:57:52 [ℹ]  nodegroup "ng1" will use "" [AmazonLinux2023/1.31]
2025-02-25 21:57:52 [ℹ]  using EC2 key pair "kp-aews"
2025-02-25 21:57:52 [ℹ]  using Kubernetes version 1.31
2025-02-25 21:57:52 [ℹ]  creating EKS cluster "myeks" in "ap-northeast-2" region with managed nodes
2025-02-25 21:57:52 [▶]  cfg.json = \
{
    "kind": "ClusterConfig",
    "apiVersion": "eksctl.io/v1alpha5",
    "metadata": {
        "name": "myeks",
        "region": "ap-northeast-2",
        "version": "1.31"
    },      
    "iam": {
        "withOIDC": true,
        "serviceAccounts": [
            {
                "metadata": {
                    "name": "aws-load-balancer-controller",
                    "namespace": "kube-system"
                },
                "wellKnownPolicies": {
                    "imageBuilder": false,
                    "autoScaler": false,
                    "awsLoadBalancerController": true,
                    "externalDNS": false,
                    "certManager": false,
                    "ebsCSIController": false,
                    "efsCSIController": false
                }
            }
        ],  
        "vpcResourceControllerPolicy": true
    },      
    "accessConfig": {
        "authenticationMode": "API_AND_CONFIG_MAP"
    },      
    "vpc": {
        "id": "vpc-017a9a38a294509ea",
        "cidr": "192.168.0.0/16",
        "subnets": {
            "public": {
                "ap-northeast-2a": {
                    "id": "subnet-011d8d6df3bab1c31",
                    "az": "ap-northeast-2a",
                    "cidr": "192.168.1.0/24"
                },
                "ap-northeast-2b": {
                    "id": "subnet-004ed4a345eecd440",
                    "az": "ap-northeast-2b",
                    "cidr": "192.168.2.0/24"
                },
                "ap-northeast-2c": {
                    "id": "subnet-068e9402c8bb97c66",
                    "az": "ap-northeast-2c",
                    "cidr": "192.168.3.0/24"
--More--(10%)

(7) 셸 종료 명령 실행

[root@operator-host ~]# exit

🚀 AWS EKS 설치 확인 (스택 생성 시작 후 약 20분 경과)

1. eksctl 클러스터 조회

eksctl get cluster

✅ 출력

NAME	REGION		EKSCTL CREATED
myeks	ap-northeast-2	True

2. 클러스터 노드 그룹 조회

eksctl get nodegroup --cluster $CLUSTER_NAME

✅ 출력

CLUSTER	NODEGROUP	STATUS		CREATED			MIN SIZEMAX SIZE	DESIRED CAPACITY	INSTANCE TYPE	IMAGE ID	ASG NAME	TYPE
myeks	ng1		CREATING	2025-02-25T13:12:08Z	3	3	3			t3.medium	AL2023_x86_64_STANDARD	managed

3. 클러스터 애드온 조회

eksctl get addon --cluster $CLUSTER_NAME

✅ 출력

2025-02-25 22:13:56 [ℹ]  Kubernetes version "1.31" in use by cluster "myeks"
2025-02-25 22:13:56 [ℹ]  getting all addons
2025-02-25 22:13:57 [ℹ]  to see issues for an addon run `eksctl get addon --name <addon-name> --cluster <cluster-name>`
NAME		VERSION			STATUS		ISSUES	IAMROLEUPDATE AVAILABLE	CONFIGURATION VALUES		POD IDENTITY ASSOCIATION ROLES
coredns		v1.11.4-eksbuild.2	DEGRADED	1		
kube-proxy	v1.31.3-eksbuild.2	ACTIVE		0		
metrics-server	v0.7.2-eksbuild.2	DEGRADED	1		
vpc-cni		v1.19.2-eksbuild.5	ACTIVE		0	arn:aws:iam::378102432899:role/eksctl-myeks-addon-vpc-cni-Role1-Q7K66W6aHXAn	enableNetworkPolicy: "true"

4. 클러스터 IAM 서비스 계정 조회

eksctl get iamserviceaccount --cluster $CLUSTER_NAME

✅ 출력

NAMESPACE	NAME				ROLE ARN
kube-system	aws-load-balancer-controller	arn:aws:iam::378102432899:role/eksctl-myeks-addon-iamserviceaccount-kube-sys-Role1-RDjfak64nvXd

5. kubeconfig 생성

(1) 자격증명 사용자 확인

aws sts get-caller-identity --query Arn

✅ 출력

"arn:aws:iam::378102432899:user/eks-user"

(2) kubeconfig 업데이트 명령 실행

aws eks update-kubeconfig --name myeks --user-alias eks-user # 출력된 자격증명 사용자

# 결과
Added new context eks-user to /home/devshin/.kube/config

6. Kubernetes 클러스터 및 리소스 상태 확인

(1) 클러스터 정보 조회

kubectl cluster-info

✅ 출력

Kubernetes control plane is running at https://79E4B0C88ABCA6E051CDC256189CC3B2.gr7.ap-northeast-2.eks.amazonaws.com
CoreDNS is running at https://79E4B0C88ABCA6E051CDC256189CC3B2.gr7.ap-northeast-2.eks.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

(2) 기본 네임스페이스 설정

kubectl ns default

(3) 노드 정보 조회

• 디버그 레벨 6으로 노드 정보 조회

kubectl get node -v6

✅ 출력

I0225 22:24:07.471314   48192 loader.go:402] Config loaded from file:  /home/devshin/.kube/config
I0225 22:24:07.471812   48192 envvar.go:172] "Feature gate default state" feature="ClientsAllowCBOR" enabled=false
I0225 22:24:07.471828   48192 envvar.go:172] "Feature gate default state" feature="ClientsPreferCBOR" enabled=false
I0225 22:24:07.471837   48192 envvar.go:172] "Feature gate default state" feature="InformerResourceVersion" enabled=false
I0225 22:24:07.471844   48192 envvar.go:172] "Feature gate default state" feature="WatchListClient" enabled=false
I0225 22:24:07.905428   48192 round_trippers.go:560] GET https://79E4B0C88ABCA6E051CDC256189CC3B2.gr7.ap-northeast-2.eks.amazonaws.com/api/v1/nodes?limit=500 200 OK in 427 milliseconds
NAME                                              STATUS   ROLES    AGE   VERSION
ip-192-168-1-51.ap-northeast-2.compute.internal   Ready    <none>   10m   v1.31.5-eks-5d632ec
ip-192-168-2-42.ap-northeast-2.compute.internal   Ready    <none>   10m   v1.31.5-eks-5d632ec
ip-192-168-3-30.ap-northeast-2.compute.internal   Ready    <none>   10m   v1.31.5-eks-5d632ec

• 인스턴스 유형, 용량 유형, 가용 영역 라벨 정보 상세 조회

kubectl get node --label-columns=node.kubernetes.io/instance-type,eks.amazonaws.com/capacityType,topology.kubernetes.io/zone

✅ 출력

NAME                                              STATUS   ROLES    AGE   VERSION               INSTANCE-TYPE   CAPACITYTYPE   ZONE
ip-192-168-1-51.ap-northeast-2.compute.internal   Ready    <none>   12m   v1.31.5-eks-5d632ec   t3.medium       ON_DEMAND      ap-northeast-2a
ip-192-168-2-42.ap-northeast-2.compute.internal   Ready    <none>   12m   v1.31.5-eks-5d632ec   t3.medium       ON_DEMAND      ap-northeast-2b
ip-192-168-3-30.ap-northeast-2.compute.internal   Ready    <none>   12m   v1.31.5-eks-5d632ec   t3.medium       ON_DEMAND      ap-northeast-2c

(4) 파드 정보 조회

kubectl get pod -A

✅ 출력

NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   aws-node-p4v96                       2/2     Running   0          12m
kube-system   aws-node-qgc5t                       2/2     Running   0          12m
kube-system   aws-node-r5nbp                       2/2     Running   0          12m
kube-system   coredns-86f5954566-c8wl2             1/1     Running   0          18m
kube-system   coredns-86f5954566-d6vwh             1/1     Running   0          18m
kube-system   ebs-csi-controller-7f8f8cb84-p57xw   6/6     Running   0          10m
kube-system   ebs-csi-controller-7f8f8cb84-z4t4z   6/6     Running   0          10m
kube-system   ebs-csi-node-gdh58                   3/3     Running   0          10m
kube-system   ebs-csi-node-hx5jb                   3/3     Running   0          10m
kube-system   ebs-csi-node-j46zg                   3/3     Running   0          10m
kube-system   kube-proxy-s6tdr                     1/1     Running   0          12m
kube-system   kube-proxy-v8nh9                     1/1     Running   0          12m
kube-system   kube-proxy-z9l58                     1/1     Running   0          12m
kube-system   metrics-server-6bf5998d9c-c8tbf      1/1     Running   0          18m
kube-system   metrics-server-6bf5998d9c-tftq9      1/1     Running   0          18m

(5) 파드 중단 허용(PDB) 조회

kubectl get pdb -n kube-system

✅ 출력

NAME                 MIN AVAILABLE   MAX UNAVAILABLE   ALLOWED DISRUPTIONS   AGE
coredns              N/A             1                 1                     18m
ebs-csi-controller   N/A             1                 1                     10m
metrics-server       N/A             1                 1                     18m

7. krew 플러그인 확인

kubectl krew list

✅ 출력

PLUGIN   VERSION
ctx      v0.9.5
df-pv    v0.3.0
get-all  v1.3.8
krew     v0.4.4
neat     v2.0.4
stern    v1.32.0

🔌 노드 IP 정보 확인 및 SSH 접속

1. EC2 공인 IP 변수 지정

export N1=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=myeks-ng1-Node" "Name=availability-zone,Values=ap-northeast-2a" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
export N2=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=myeks-ng1-Node" "Name=availability-zone,Values=ap-northeast-2b" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
export N3=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=myeks-ng1-Node" "Name=availability-zone,Values=ap-northeast-2c" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
echo $N1, $N2, $N3

✅ 출력

15.164.227.37, 3.38.205.159, 43.200.163.0

2. EC2 보안 그룹 조회 (remoteAccess 필터 적용)

aws ec2 describe-security-groups --filters "Name=group-name,Values=*remoteAccess*" | jq

✅ 출력

{
  "SecurityGroups": [
    {
      "GroupId": "sg-0387b57d9b1586fe5",
      "IpPermissionsEgress": [
        {
          "IpProtocol": "-1",
          "UserIdGroupPairs": [],
          "IpRanges": [
            {
              "CidrIp": "0.0.0.0/0"
            }
          ],
          "Ipv6Ranges": [],
          "PrefixListIds": []
        }
      ],
      "Tags": [
        {
          "Key": "Name",
          "Value": "eksctl-myeks-nodegroup-ng1/SSH"
        },
        {
          "Key": "alpha.eksctl.io/cluster-name",
          "Value": "myeks"
        },
        {
          "Key": "alpha.eksctl.io/eksctl-version",
          "Value": "0.204.0"
        },
        {
          "Key": "alpha.eksctl.io/nodegroup-name",
          "Value": "ng1"
        },
        {
          "Key": "eksctl.cluster.k8s.io/v1alpha1/cluster-name",
          "Value": "myeks"
        },
        {
          "Key": "aws:cloudformation:stack-id",
          "Value": "arn:aws:cloudformation:ap-northeast-2:378102432899:stack/eksctl-myeks-nodegroup-ng1/0e0c9500-f37a-11ef-b856-0237bb259921"
        },
        {
          "Key": "alpha.eksctl.io/nodegroup-type",
          "Value": "managed"
        },
        {
          "Key": "aws:cloudformation:stack-name",
          "Value": "eksctl-myeks-nodegroup-ng1"
        },
        {
          "Key": "aws:cloudformation:logical-id",
          "Value": "SSH"
        }
      ],
      "VpcId": "vpc-017a9a38a294509ea",
      "SecurityGroupArn": "arn:aws:ec2:ap-northeast-2:378102432899:security-group/sg-0387b57d9b1586fe5",
      "OwnerId": "378102432899",
      "GroupName": "eksctl-myeks-nodegroup-ng1-remoteAccess",
      "Description": "Allow SSH access",
      "IpPermissions": [
        {
          "IpProtocol": "tcp",
          "FromPort": 22,
          "ToPort": 22,
          "UserIdGroupPairs": [],
          "IpRanges": [
            {
              "Description": "Allow SSH access to managed worker nodes in group ng1",
              "CidrIp": "0.0.0.0/0"
            }
          ],
          "Ipv6Ranges": [
            {
              "Description": "Allow SSH access to managed worker nodes in group ng1",
              "CidrIpv6": "::/0"
            }
          ],
          "PrefixListIds": []
        }
      ]
    }
  ]
}

3. 보안 그룹 ID 환경 변수 설정

export MNSGID=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=*remoteAccess*" --query 'SecurityGroups[*].GroupId' --output text)

4. 해당 보안그룹 인바운드 규칙에 본인의 집 공인 IP 추가

aws ec2 authorize-security-group-ingress --group-id $MNSGID --protocol '-1' --cidr $(curl -s ipinfo.io/ip)/32

✅ 출력

{
    "Return": true,
    "SecurityGroupRules": [
        {
            "SecurityGroupRuleId": "sgr-0f7c4b1164d618a4c",
            "GroupId": "sg-0387b57d9b1586fe5",
            "GroupOwnerId": "378102432899",
            "IsEgress": false,
            "IpProtocol": "-1",
            "FromPort": -1,
            "ToPort": -1,
            "CidrIpv4": "182.230.60.93/32",
            "SecurityGroupRuleArn": "arn:aws:ec2:ap-northeast-2:378102432899:security-group-rule/sgr-0f7c4b1164d618a4c"
        }
    ]
}

5. 해당 보안 그룹의 인바운드 규칙에 운영 서버 내부 IP 추가

aws ec2 authorize-security-group-ingress --group-id $MNSGID --protocol '-1' --cidr 172.20.1.100/32

✅ 출력

{
    "Return": true,
    "SecurityGroupRules": [
        {
            "SecurityGroupRuleId": "sgr-0831563999950b76b",
            "GroupId": "sg-0387b57d9b1586fe5",
            "GroupOwnerId": "378102432899",
            "IsEgress": false,
            "IpProtocol": "-1",
            "FromPort": -1,
            "ToPort": -1,
            "CidrIpv4": "172.20.1.100/32",
            "SecurityGroupRuleArn": "arn:aws:ec2:ap-northeast-2:378102432899:security-group-rule/sgr-0831563999950b76b"
        }
    ]
}

6. 워커 노드 SSH 접속

(1) 각 노드에 SSH 원격 접속 후 호스트명 출력

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh -o StrictHostKeyChecking=no ec2-user@$i hostname; echo; done

✅ 출력

>> node 15.164.227.37 <<
Warning: Permanently added '15.164.227.37' (ED25519) to the list of known hosts.
ec2-user@15.164.227.37: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

>> node 3.38.205.159 <<
Warning: Permanently added '3.38.205.159' (ED25519) to the list of known hosts.
ec2-user@3.38.205.159: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

>> node 43.200.163.0 <<
Warning: Permanently added '43.200.163.0' (ED25519) to the list of known hosts.
ec2-user@43.200.163.0: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

(2) N1 노드 접속

ssh ec2-user@$N1

# 결과
A newer release of "Amazon Linux" is available.
  Version 2023.6.20250211:
  Version 2023.6.20250218:
Run "/usr/bin/dnf check-release-update" for full release and version update info
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Wed Feb 12 05:52:48 2025 from 52.94.123.236
[ec2-user@ip-192-168-1-51 ~]$ exit
logout
Connection to 15.164.227.37 closed.

(3) N2 노드 접속

ssh ec2-user@$N2

# 결과
A newer release of "Amazon Linux" is available.
  Version 2023.6.20250211:
  Version 2023.6.20250218:
Run "/usr/bin/dnf check-release-update" for full release and version update info
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Wed Feb 12 05:52:48 2025 from 52.94.123.236
[ec2-user@ip-192-168-2-42 ~]$ exit
logout
Connection to 3.38.205.159 closed.

(4) N3 노드 접속

ssh ec2-user@$N3

# 결과
A newer release of "Amazon Linux" is available.
  Version 2023.6.20250211:
  Version 2023.6.20250218:
Run "/usr/bin/dnf check-release-update" for full release and version update info
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Wed Feb 12 05:52:48 2025 from 52.94.123.236
[ec2-user@ip-192-168-3-30 ~]$ exit
logout
Connection to 43.200.163.0 closed.

7. 노드 기본 정보 확인

(1) 노드별 시스템 정보 조회

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i hostnamectl; echo; done

✅ 출력

>> node 15.164.227.37 <<
 Static hostname: ip-192-168-1-51.ap-northeast-2.compute.internal
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: ec290d14e0f34366b2d3f2ea33b06253
         Boot ID: 89441b0cd579455ca36a97ae72436762
  Virtualization: amazon
Operating System: Amazon Linux 2023.6.20250203
     CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2023
          Kernel: Linux 6.1.127-135.201.amzn2023.x86_64
    Architecture: x86-64
 Hardware Vendor: Amazon EC2
  Hardware Model: t3.medium
Firmware Version: 1.0

>> node 3.38.205.159 <<
 Static hostname: ip-192-168-2-42.ap-northeast-2.compute.internal
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: ec23b4795af458cac1beebec40e88e9b
         Boot ID: 2e16f7e351a642deb439e4360f0e4f5c
  Virtualization: amazon
Operating System: Amazon Linux 2023.6.20250203
     CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2023
          Kernel: Linux 6.1.127-135.201.amzn2023.x86_64
    Architecture: x86-64
 Hardware Vendor: Amazon EC2
  Hardware Model: t3.medium
Firmware Version: 1.0

>> node 43.200.163.0 <<
 Static hostname: ip-192-168-3-30.ap-northeast-2.compute.internal
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: ec203a98663eebbcd25282168fa4a01d
         Boot ID: 39dfaedc08cf445ca387e7ec0b9c7823
  Virtualization: amazon
Operating System: Amazon Linux 2023.6.20250203
     CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2023
          Kernel: Linux 6.1.127-135.201.amzn2023.x86_64
    Architecture: x86-64
 Hardware Vendor: Amazon EC2
  Hardware Model: t3.medium
Firmware Version: 1.0

(2) 노드별 네트워크 인터페이스 정보 조회

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i sudo ip -c addr; echo; done

✅ 출력

>> node 15.164.227.37 <<
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:79:1b:57:05:df brd ff:ff:ff:ff:ff:ff
    altname enp0s5
    inet 192.168.1.51/24 metric 1024 brd 192.168.1.255 scope global dynamic ens5
       valid_lft 2091sec preferred_lft 2091sec
    inet6 fe80::79:1bff:fe57:5df/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
3: eni97f4361e4c2@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 32:96:47:9a:d4:2f brd ff:ff:ff:ff:ff:ff link-netns cni-d5c2a5e6-1a50-b510-b895-2a949906fb4d
    inet6 fe80::3096:47ff:fe9a:d42f/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
4: enif5e3248355d@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether c2:2e:98:dd:be:8d brd ff:ff:ff:ff:ff:ff link-netns cni-914d38b7-bff1-33e3-c759-762f2221a32a
    inet6 fe80::c02e:98ff:fedd:be8d/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
5: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:ee:52:94:22:3d brd ff:ff:ff:ff:ff:ff
    altname enp0s6
    inet 192.168.1.137/24 brd 192.168.1.255 scope global ens6
       valid_lft forever preferred_lft forever
    inet6 fe80::ee:52ff:fe94:223d/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

>> node 3.38.205.159 <<
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 06:8d:29:e9:31:07 brd ff:ff:ff:ff:ff:ff
    altname enp0s5
    inet 192.168.2.42/24 metric 1024 brd 192.168.2.255 scope global dynamic ens5
       valid_lft 2091sec preferred_lft 2091sec
    inet6 fe80::48d:29ff:fee9:3107/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
3: eni98403b04a75@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 02:d7:7d:25:42:c3 brd ff:ff:ff:ff:ff:ff link-netns cni-1c292e75-bd4d-12d0-5ce3-a6a0d152a92f
    inet6 fe80::d7:7dff:fe25:42c3/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
4: enib3cc1ab608a@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 7e:c2:a3:56:c6:38 brd ff:ff:ff:ff:ff:ff link-netns cni-18f2ec3b-04f9-6d85-85c0-38893a1630e2
    inet6 fe80::7cc2:a3ff:fe56:c638/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
5: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 06:31:11:9e:26:ad brd ff:ff:ff:ff:ff:ff
    altname enp0s6
    inet 192.168.2.136/24 brd 192.168.2.255 scope global ens6
       valid_lft forever preferred_lft forever
    inet6 fe80::431:11ff:fe9e:26ad/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

>> node 43.200.163.0 <<
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0a:67:d0:6f:e6:9b brd ff:ff:ff:ff:ff:ff
    altname enp0s5
    inet 192.168.3.30/24 metric 1024 brd 192.168.3.255 scope global dynamic ens5
       valid_lft 2087sec preferred_lft 2087sec
    inet6 fe80::867:d0ff:fe6f:e69b/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
3: eni356985de846@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether d6:cd:95:65:d8:36 brd ff:ff:ff:ff:ff:ff link-netns cni-d3e410d2-9acb-0b2a-15eb-577b3914e495
    inet6 fe80::d4cd:95ff:fe65:d836/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
4: eni7432c2a8810@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether ee:79:9f:e1:ae:27 brd ff:ff:ff:ff:ff:ff link-netns cni-c80bddf0-cde4-c490-17c1-38c73da57ae0
    inet6 fe80::ec79:9fff:fee1:ae27/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
5: eni8a456b324b3@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 8e:46:59:f7:d9:26 brd ff:ff:ff:ff:ff:ff link-netns cni-23fd0956-85bd-af34-5a2c-fb5d936419d7
    inet6 fe80::8c46:59ff:fef7:d926/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
6: enid3abba3d96f@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether f6:99:0c:7c:00:1d brd ff:ff:ff:ff:ff:ff link-netns cni-db4e1b60-fa45-df03-34e4-7db99d67f7a2
    inet6 fe80::f499:cff:fe7c:1d/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
7: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0a:4a:30:b7:cd:cb brd ff:ff:ff:ff:ff:ff
    altname enp0s6
    inet 192.168.3.77/24 brd 192.168.3.255 scope global ens6
       valid_lft forever preferred_lft forever
    inet6 fe80::84a:30ff:feb7:cdcb/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
8: eni0910e13e62f@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 92:95:95:ba:c4:b5 brd ff:ff:ff:ff:ff:ff link-netns cni-3cc85dca-5044-6749-7925-406cfe916181
    inet6 fe80::9095:95ff:feba:c4b5/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

(3) 노드별 블록 디바이스 조회

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i lsblk; echo; done

✅ 출력

>> node 15.164.227.37 <<
NAME          MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1       259:0    0  60G  0 disk 
├─nvme0n1p1   259:1    0  60G  0 part /
├─nvme0n1p127 259:2    0   1M  0 part 
└─nvme0n1p128 259:3    0  10M  0 part /boot/efi

>> node 3.38.205.159 <<
NAME          MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1       259:0    0  60G  0 disk 
├─nvme0n1p1   259:1    0  60G  0 part /
├─nvme0n1p127 259:2    0   1M  0 part 
└─nvme0n1p128 259:3    0  10M  0 part /boot/efi

>> node 43.200.163.0 <<
NAME          MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1       259:0    0  60G  0 disk 
├─nvme0n1p1   259:1    0  60G  0 part /
├─nvme0n1p127 259:2    0   1M  0 part 
└─nvme0n1p128 259:3    0  10M  0 part /boot/efi

(4) 노드별 루트 파일시스템 용량 조회

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i df -hT /; echo; done

✅ 출력

>> node 15.164.227.37 <<
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/nvme0n1p1 xfs    60G  3.3G   57G   6% /

>> node 3.38.205.159 <<
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/nvme0n1p1 xfs    60G  3.3G   57G   6% /

>> node 43.200.163.0 <<
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/nvme0n1p1 xfs    60G  3.3G   57G   6% /

8. 스토리지클래스 조회

kubectl get sc

✅ 출력

NAME   PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
gp2    kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  36m

9. CSI 노드 조회

kubectl get csinodes

✅ 출력ㅇ

NAME                                              DRIVERS   AGE
ip-192-168-1-51.ap-northeast-2.compute.internal   1         26m
ip-192-168-2-42.ap-northeast-2.compute.internal   1         26m
ip-192-168-3-30.ap-northeast-2.compute.internal   1         26m

10. maxPods 설정 확인

(1) 노드 최대 파드 수 조회

kubectl get nodes -o custom-columns="NAME:.metadata.name,MAXPODS:.status.capacity.pods"

✅ 출력

NAME                                              MAXPODS
ip-192-168-1-51.ap-northeast-2.compute.internal   60
ip-192-168-2-42.ap-northeast-2.compute.internal   60
ip-192-168-3-30.ap-northeast-2.compute.internal   60

(2) 노드별 kubelet 기본 설정에서 maxPods 값 확인

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i sudo cat /etc/kubernetes/kubelet/config.json | grep maxPods; echo; done

✅ 출력

>> node 15.164.227.37 <<
    "maxPods": 17,

>> node 3.38.205.159 <<
    "maxPods": 17,

>> node 43.200.163.0 <<
    "maxPods": 17,

(3) 노드별 kubelet 추가 설정 파일에서 maxPods 값 확인

for i in $N1 $N2 $N3; do echo ">> node $i <<"; ssh ec2-user@$i sudo cat /etc/kubernetes/kubelet/config.json.d/00-nodeadm.conf | grep maxPods; echo; done

✅ 출력

>> node 15.164.227.37 <<
    "maxPods": 60

>> node 3.38.205.159 <<
    "maxPods": 60

>> node 43.200.163.0 <<
    "maxPods": 60

11. 운영 서버 EC2 SSH 원격 접속 후 기본 정보 확인

(1) 운영서버 SSH 접속

ssh -i kp-aews.pem ec2-user@$(aws cloudformation describe-stacks --stack-name myeks --query 'Stacks[*].Outputs[0].OutputValue' --output text)

Warning: Identity file kp-aews.pem not accessible: No such file or directory.
Last login: Tue Feb 25 22:17:38 2025 from 182.230.60.93
   ,     #_
   ~\_  ####_        Amazon Linux 2
  ~~  \_#####\
  ~~     \###|       AL2 End of Life is 2026-06-30.
  ~~       \#/ ___
   ~~       V~' '->
    ~~~         /    A newer version of Amazon Linux is available!
      ~~._.   _/
         _/ _/       Amazon Linux 2023, GA and supported until 2028-03-15.
       _/m/'           https://aws.amazon.com/linux/amazon-linux-2023/

Last login: Tue Feb 25 22:17:38 KST 2025 on pts/0
(eks-user@myeks:N/A) [root@operator-host ~]# 

(2) default 네임스페이스 적용

(eks-user@myeks:N/A) [root@operator-host ~]# k ns default
# 결과
Context "eks-user@myeks.ap-northeast-2.eksctl.io" modified.
Active namespace is "default".

(3) 환경변수 정보 확인

(eks-user@myeks:default) [root@operator-host ~]# export | egrep 'ACCOUNT|AWS_|CLUSTER|KUBERNETES|VPC|Subnet' | egrep -v 'KEY'

✅ 출력

declare -x ACCOUNT_ID="xxxxxxxxxxxx"
declare -x AWS_DEFAULT_REGION="ap-northeast-2"
declare -x AWS_PAGER=""
declare -x CLUSTER_NAME="myeks"
declare -x KUBERNETES_VERSION="1.31"
declare -x PubSubnet1="subnet-011d8d6df3bab1c31"
declare -x PubSubnet2="subnet-004ed4a345eecd440"
declare -x PubSubnet3="subnet-068e9402c8bb97c66"
declare -x VPCID="vpc-017a9a38a294509ea"

(4) krew 플러그인 확인

(eks-user@myeks:default) [root@operator-host ~]# kubectl krew list

✅ 출력

PLUGIN       VERSION
ctx          v0.9.5
df-pv        v0.3.0
get-all      v1.3.8
krew         v0.4.4
neat         v2.0.4
ns           v0.9.5
oomd         v0.0.7
stern        v1.32.0
view-secret  v0.13.0

12. 인스턴스 정보 조회

(eks-user@myeks:default) [root@operator-host ~]# aws ec2 describe-instances --query "Reservations[*].Instances[*].{InstanceID:InstanceId, PublicIPAdd:PublicIpAddress, PrivateIPAdd:PrivateIpAddress, InstanceName:Tags[?Key=='Name']|[0].Value, Status:State.Name}" --filters Name=instance-state-name,Values=running --output table

✅ 출력

---------------------------------------------------------------------------------------
|                                  DescribeInstances                                  |
+----------------------+-----------------+---------------+----------------+-----------+
|      InstanceID      |  InstanceName   | PrivateIPAdd  |  PublicIPAdd   |  Status   |
+----------------------+-----------------+---------------+----------------+-----------+
|  i-0c8dd7ee129df9f70 |  myeks-ng1-Node |  192.168.3.30 |  43.200.163.0  |  running  |
|  i-0cf5292e9106cff08 |  operator-host  |  172.20.1.100 |  13.124.11.68  |  running  |
|  i-013587fe8ee35bdf3 |  myeks-ng1-Node |  192.168.1.51 |  15.164.227.37 |  running  |
|  i-05e7d5c353553c7ff |  myeks-ng1-Node |  192.168.2.42 |  3.38.205.159  |  running  |
+----------------------+-----------------+---------------+----------------+-----------+

13. PrivateIP 변수 지정

(eks-user@myeks:default) [root@operator-host ~]# N1=$(kubectl get node --label-columns=topology.kubernetes.io/zone --selector=topology.kubernetes.io/zone=ap-northeast-2a -o jsonpath={.items[0].status.addresses[0].address})
(eks-user@myeks:default) [root@operator-host ~]# N2=$(kubectl get node --label-columns=topology.kubernetes.io/zone --selector=topology.kubernetes.io/zone=ap-northeast-2b -o jsonpath={.items[0].status.addresses[0].address})
(eks-user@myeks:default) [root@operator-host ~]# N3=$(kubectl get node --label-columns=topology.kubernetes.io/zone --selector=topology.kubernetes.io/zone=ap-northeast-2c -o jsonpath={.items[0].status.addresses[0].address})
(eks-user@myeks:default) [root@operator-host ~]# echo "export N1=$N1" >> /etc/profile
(eks-user@myeks:default) [root@operator-host ~]# echo "export N2=$N2" >> /etc/profile
(eks-user@myeks:default) [root@operator-host ~]# echo "export N3=$N3" >> /etc/profile
(eks-user@myeks:default) [root@operator-host ~]# echo $N1, $N2, $N3

✅ 출력

192.168.1.51, 192.168.2.42, 192.168.3.30

14. 노드 IP 로 ping 테스트

(eks-user@myeks:default) [root@operator-host ~]# for i in $N1 $N2 $N3; do echo ">> node $i <<"; ping -c 1 $i ; echo; done

✅ 출력

>> node 192.168.1.51 <<
PING 192.168.1.51 (192.168.1.51) 56(84) bytes of data.
64 bytes from 192.168.1.51: icmp_seq=1 ttl=127 time=0.830 ms

--- 192.168.1.51 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.830/0.830/0.830/0.000 ms

>> node 192.168.2.42 <<
PING 192.168.2.42 (192.168.2.42) 56(84) bytes of data.
64 bytes from 192.168.2.42: icmp_seq=1 ttl=127 time=1.04 ms

--- 192.168.2.42 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.047/1.047/1.047/0.000 ms

>> node 192.168.3.30 <<
PING 192.168.3.30 (192.168.3.30) 56(84) bytes of data.
64 bytes from 192.168.3.30: icmp_seq=1 ttl=127 time=1.39 ms

--- 192.168.3.30 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.392/1.392/1.392/0.000 ms

15. kube-ops-view 설치

helm repo add geek-cookbook https://geek-cookbook.github.io/charts/

# 결과
"geek-cookbook" already exists with the same configuration, skipping

helm install kube-ops-view geek-cookbook/kube-ops-view --version 1.2.2 --set service.main.type=ClusterIP  --set env.TZ="Asia/Seoul" --namespace kube-system

# 결과
NAME: kube-ops-view
LAST DEPLOYED: Tue Feb 25 23:43:00 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace kube-system -l "app.kubernetes.io/name=kube-ops-view,app.kubernetes.io/instance=kube-ops-view" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:8080

16. gp3 스토리지 클래스 생성 및 조회

(1) gp3 스토리지 클래스 생성

cat <<EOF | kubectl apply -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: gp3
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
allowVolumeExpansion: true
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
parameters:
  type: gp3
  allowAutoIOPSPerGBIncrease: 'true'
  encrypted: 'true'
  fsType: xfs # 기본값이 ext4
EOF

# 결과
storageclass.storage.k8s.io/gp3 created

(2) 조회

kubectl get sc

✅ 출력

NAME            PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
gp2             kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  101m
gp3 (default)   ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   31s

17. 환경변수 설정

(1) 본인 PC

export CLUSTER_NAME=myeks
export VPCID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=$CLUSTER_NAME-VPC" --query 'Vpcs[*].VpcId' --output text)
export PubSubnet1=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet1" --query "Subnets[0].[SubnetId]" --output text)
export PubSubnet2=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet2" --query "Subnets[0].[SubnetId]" --output text)
export PubSubnet3=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet3" --query "Subnets[0].[SubnetId]" --output text)
export N1=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2a" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
export N2=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2b" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
export N3=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2c" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
export CERT_ARN=$(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn[]' --output text) #사용 리전의 인증서 ARN 확인
MyDomain=gagajin.com # 각자 자신의 도메인 이름 입력
MyDnzHostedZoneId=$(aws route53 list-hosted-zones-by-name --dns-name "$MyDomain." --query "HostedZones[0].Id" --output text)

(2) 운영 서버

(eks-user@myeks:default) [root@operator-host ~]# export CLUSTER_NAME=myeks
(eks-user@myeks:default) [root@operator-host ~]# export VPCID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=$CLUSTER_NAME-VPC" --query 'Vpcs[*].VpcId' --output text)
(eks-user@myeks:default) [root@operator-host ~]# export PubSubnet1=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet1" --query "Subnets[0].[SubnetId]" --output text)
(eks-user@myeks:default) [root@operator-host ~]# export PubSubnet2=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet2" --query "Subnets[0].[SubnetId]" --output text)
(eks-user@myeks:default) [root@operator-host ~]# export PubSubnet3=$(aws ec2 describe-subnets --filters Name=tag:Name,Values="$CLUSTER_NAME-Vpc1PublicSubnet3" --query "Subnets[0].[SubnetId]" --output text)
(eks-user@myeks:default) [root@operator-host ~]# export N1=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2a" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
(eks-user@myeks:default) [root@operator-host ~]# export N2=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2b" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
(eks-user@myeks:default) [root@operator-host ~]# export N3=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$CLUSTER_NAME-ng1-Node" "Name=availability-zone,Values=ap-northeast-2c" --query 'Reservations[*].Instances[*].PublicIpAddress' --output text)
(eks-user@myeks:default) [root@operator-host ~]# export CERT_ARN=$(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn[]' --output text) #사용 리전의 인증서 ARN 확인
(eks-user@myeks:default) [root@operator-host ~]# MyDomain=gagajin.com # 각자 자신의 도메인 이름 입력
(eks-user@myeks:default) [root@operator-host ~]# MyDnzHostedZoneId=$(aws route53 list-hosted-zones-by-name --dns-name "$MyDomain." --query "HostedZones[0].Id" --output text)

18. ExternalDNS 생성

curl -s https://raw.githubusercontent.com/gasida/PKOS/main/aews/externaldns.yaml | MyDomain=$MyDomain MyDnzHostedZoneId=$MyDnzHostedZoneId envsubst | kubectl apply -f -

# 결과
serviceaccount/external-dns created
clusterrole.rbac.authorization.k8s.io/external-dns created
clusterrolebinding.rbac.authorization.k8s.io/external-dns-viewer created
deployment.apps/external-dns created

19. AWS LoadBalancerController 생성

helm repo add eks https://aws.github.io/eks-charts

# 결과
"eks" already exists with the same configuration, skipping

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=$CLUSTER_NAME \
  --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller

# 결과
NAME: aws-load-balancer-controller
LAST DEPLOYED: Tue Feb 25 23:46:40 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

20. kubeopsview Ingress 구성

그룹 설정을 통해 단일 ALB를 여러 Ingress가 공용으로 사용하도록 설정

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
    alb.ingress.kubernetes.io/group.name: study
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/load-balancer-name: $CLUSTER_NAME-ingress-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/success-codes: 200-399
    alb.ingress.kubernetes.io/target-type: ip
  labels:
    app.kubernetes.io/name: kubeopsview
  name: kubeopsview
  namespace: kube-system
spec:
  ingressClassName: alb
  rules:
  - host: kubeopsview.$MyDomain
    http:
      paths:
      - backend:
          service:
            name: kube-ops-view
            port:
              number: 8080
        path: /
        pathType: Prefix
EOF
# 결과
ingress.networking.k8s.io/kubeopsview created

21. 설치된 파드 정보 조회

kubectl get pods -n kube-system

✅ 출력

NAME                                          READY   STATUS    RESTARTS   AGE
aws-load-balancer-controller-554fbd9d-kbctn   1/1     Running   0          8m7s
aws-load-balancer-controller-554fbd9d-mtlsg   1/1     Running   0          8m7s
aws-node-p4v96                                2/2     Running   0          101m
aws-node-qgc5t                                2/2     Running   0          101m
aws-node-r5nbp                                2/2     Running   0          101m
coredns-86f5954566-c8wl2                      1/1     Running   0          106m
coredns-86f5954566-d6vwh                      1/1     Running   0          106m
ebs-csi-controller-7f8f8cb84-p57xw            6/6     Running   0          98m
ebs-csi-controller-7f8f8cb84-z4t4z            6/6     Running   0          98m
ebs-csi-node-gdh58                            3/3     Running   0          98m
ebs-csi-node-hx5jb                            3/3     Running   0          98m
ebs-csi-node-j46zg                            3/3     Running   0          98m
external-dns-dc4878f5f-fskxk                  1/1     Running   0          111s
kube-ops-view-657dbc6cd8-pxkvr                1/1     Running   0          11m
kube-proxy-s6tdr                              1/1     Running   0          101m
kube-proxy-v8nh9                              1/1     Running   0          101m
kube-proxy-z9l58                              1/1     Running   0          101m
metrics-server-6bf5998d9c-c8tbf               1/1     Running   0          106m
metrics-server-6bf5998d9c-tftq9               1/1     Running   0          106m

22. Ingress, 서비스 및 엔드포인트 조회

kubectl get ingress,svc,ep -n kube-system

✅ 출력

NAME                                    CLASS   HOSTS                     ADDRESS                                                       PORTS   AGE
ingress.networking.k8s.io/kubeopsview   alb     kubeopsview.gagajin.com   myeks-ingress-alb-77245841.ap-northeast-2.elb.amazonaws.com   80      2m2s

NAME                                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
service/aws-load-balancer-webhook-service   ClusterIP   10.100.246.75   <none>        443/TCP                  8m54s
service/eks-extension-metrics-api           ClusterIP   10.100.95.88    <none>        443/TCP                  112m
service/kube-dns                            ClusterIP   10.100.0.10     <none>        53/UDP,53/TCP,9153/TCP   107m
service/kube-ops-view                       ClusterIP   10.100.19.254   <none>        8080/TCP                 12m
service/metrics-server                      ClusterIP   10.100.8.241    <none>        443/TCP                  107m

NAME                                          ENDPOINTS                                                        AGE
endpoints/aws-load-balancer-webhook-service   192.168.1.114:9443,192.168.2.127:9443                            8m54s
endpoints/eks-extension-metrics-api           172.0.32.0:10443                                                 112m
endpoints/kube-dns                            192.168.3.140:53,192.168.3.184:53,192.168.3.140:53 + 3 more...   107m
endpoints/kube-ops-view                       192.168.2.249:8080                                               12m
endpoints/metrics-server                      192.168.3.110:10251,192.168.3.8:10251                            107m

23. Kube Ops View 접속 정보 확인

echo -e "Kube Ops View URL = https://kubeopsview.$MyDomain/#scale=1.5"

✅ 출력

Kube Ops View URL = https://kubeopsview.gagajin.com/#scale=1.5

접속 화면

📦 Bookinfo 어플리케이션 배포

1. Bookinfo 어플리케이션 배포

kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/bookinfo/platform/kube/bookinfo.yaml

# 결과
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

2. ALB Ingress 생성

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
    alb.ingress.kubernetes.io/group.name: study
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/load-balancer-name: $CLUSTER_NAME-ingress-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/success-codes: 200-399
    alb.ingress.kubernetes.io/target-type: ip
  labels:
    app.kubernetes.io/name: bookinfo
  name: bookinfo
spec:
  ingressClassName: alb
  rules:
  - host: bookinfo.$MyDomain
    http:
      paths:
      - backend:
          service:
            name: productpage
            port:
              number: 9080
        path: /
        pathType: Prefix
EOF

# 결과
ingress.networking.k8s.io/bookinfo created

3. ALB Ingress 조회

kubectl get ingress

✅ 출력

NAME       CLASS   HOSTS                  ADDRESS   PORTS   AGE
bookinfo   alb     bookinfo.gagajin.com             80      0s

HTTPS 리스너 규칙

• 도메인이 bookinfo.gagajin.com이고 경로가 /*이면, 트래픽은 k8s-default-productp-d3c7ff7881로 전달
• 도메인이 kubeopsview.gagajin.com이고 경로가 /*이면, 트래픽은 k8s-kubesyst-kubeopsv-d848006cb0로 전달

4. 반복 접속 실행

while true; do curl -s -k https://bookinfo.$MyDomain/productpage | grep -o "<title>.*</title>" ; echo "--------------" ; sleep 1; done

✅ 출력

<title>Simple Bookstore App</title>
--------------
<title>Simple Bookstore App</title>
--------------
<title>Simple Bookstore App</title>
--------------
<title>Simple Bookstore App</title>
--------------
<title>Simple Bookstore App</title>
...

5. productpage 접속

• 초기 진입

• 새로 고침 후 Reviews와 Ratings 변경 사항 확인

📊 prometheus-stack 설치

1. helm 저장소 추가

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts

"prometheus-community" already exists with the same configuration, skipping

2. 파라미터 파일 생성

cat monitor-values.yaml
prometheus:
  prometheusSpec:
    scrapeInterval: "15s"
    evaluationInterval: "15s"
    podMonitorSelectorNilUsesHelmValues: false
    serviceMonitorSelectorNilUsesHelmValues: false
    retention: 5d
    retentionSize: "10GiB"
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: gp3
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 30Gi

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - prometheus.gagajin.com
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

grafana:
  defaultDashboardsTimezone: Asia/Seoul
  adminPassword: prom-operator

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - grafana.gagajin.com
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

  persistence:
    enabled: true
    type: sts
    storageClassName: "gp3"
    accessModes:
      - ReadWriteOnce
    size: 20Gi

alertmanager:
  enabled: false
defaultRules:
  create: false
kubeControllerManager:
  enabled: false
kubeEtcd:
  enabled: false
kubeScheduler:
  enabled: false
prometheus-windows-exporter:
  prometheus:
    monitor:
      enabled: false

3. helm 배포

helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 69.3.1 \
-f monitor-values.yaml --create-namespace --namespace monitoring

✅ 출력

• 배포 후, 해당 Ingress와 외부 접근 서비스(ex. 그라파나)는 동일한 ALB를 공유함

NAME: kube-prometheus-stack
LAST DEPLOYED: Wed Feb 26 00:42:35 2025
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
NOTES:
kube-prometheus-stack has been installed. Check its status by running:
  kubectl --namespace monitoring get pods -l "release=kube-prometheus-stack"

Get Grafana 'admin' user password by running:

  kubectl --namespace monitoring get secrets kube-prometheus-stack-grafana -o jsonpath="{.data.admin-password}" | base64 -d ; echo

Access Grafana local instance:

  export POD_NAME=$(kubectl --namespace monitoring get pod -l "app.kubernetes.io/name=grafana,app.kubernetes.io/instance=kube-prometheus-stack" -oname)
  kubectl --namespace monitoring port-forward $POD_NAME 3000

Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.

• 4개의 Ingress가 하나의 ALB를 공유하고 있음

---

📝 Logging in EKS

1. 모든 로깅 활성화

aws eks update-cluster-config --region ap-northeast-2 --name $CLUSTER_NAME \
    --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'

✅ 출력

{
    "update": {
        "id": "ea2559f4-c4d8-3661-8735-63667c8ff514",
        "status": "InProgress",
        "type": "LoggingUpdate",
        "params": [
            {
                "type": "ClusterLogging",
                "value": "{\"clusterLogging\":[{\"types\":[\"api\",\"audit\",\"authenticator\",\"controllerManager\",\"scheduler\"],\"enabled\":true}]}"
            }
        ],
        "createdAt": "2025-02-26T00:53:57.522000+09:00",
        "errors": []
    }
}

2. 로그 그룹 확인

aws logs describe-log-groups | jq

✅ 출력

{
  "logGroups": [
    {
      "logGroupName": "/aws/eks/myeks/cluster",
      "creationTime": 1740498852305,
      "metricFilterCount": 0,
      "arn": "arn:aws:logs:ap-northeast-2:378102432899:log-group:/aws/eks/myeks/cluster:*",
      "storedBytes": 0,
      "logGroupClass": "STANDARD",
      "logGroupArn": "arn:aws:logs:ap-northeast-2:378102432899:log-group:/aws/eks/myeks/cluster"
    }
  ]
}

• 로그 그룹은 AWS CloudWatch의 Log Groups > Log Streams에서 확인 가능

• Log Streams 중 하나를 선택한 화면

• 클릭 시 각 로그의 상세 정보 확인 가능

3. 신규 로그 실시간 출력

aws logs tail /aws/eks/$CLUSTER_NAME/cluster --follow

✅ 출력

2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"2b3c4273-a038-4a6f-abd5-edc834383b56","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-scheduler?timeout=5s","verb":"update","user":{"username":"system:kube-scheduler","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"kube-scheduler/v1.31.5 (linux/amd64) kubernetes/226ac90/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"kube-scheduler","uid":"01d6ca7e-dd37-473d-aa26-01494c12e266","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"1724"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:03.969196Z","stageTimestamp":"2025-02-25T13:11:03.979371Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-scheduler\" of ClusterRole \"system:kube-scheduler\" to User \"system:kube-scheduler\""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"4df656f9-d98e-4235-82df-765e8fbff0f6","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-controller-manager?timeout=5s","verb":"update","user":{"username":"system:kube-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"kube-controller-manager/v1.31.5 (linux/amd64) kubernetes/226ac90/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"kube-controller-manager","uid":"c29f94f4-c32a-4257-bb39-a55ef1a5d344","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"1725"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.040056Z","stageTimestamp":"2025-02-25T13:11:04.047041Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"7561cbc1-669c-483d-beb4-e2d5f476db84","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cp-vpc-resource-controller","verb":"update","user":{"username":"eks:vpc-resource-controller","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"cp-vpc-resource-controller","uid":"f59db5c0-b9d4-44a6-ae4a-5ac89057d314","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"1715"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.141659Z","stageTimestamp":"2025-02-25T13:11:04.149050Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks-vpc-resource-controller-rolebinding/kube-system\" of Role \"eks-vpc-resource-controller-role\" to User \"eks:vpc-resource-controller\""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"1161d386-d9d5-4fb4-b502-badd4b8183f2","stage":"ResponseComplete","requestURI":"/apis/rbac.authorization.k8s.io/v1/roles?allowWatchBookmarks=true\u0026resourceVersion=1\u0026timeout=7m40s\u0026timeoutSeconds=460\u0026watch=true","verb":"watch","user":{"username":"system:apiserver","uid":"9ca9c2e9-c750-4409-8614-48aa8a617154","groups":["system:authenticated","system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.31.5 (linux/amd64) kubernetes/226ac90","objectRef":{"resource":"roles","apiGroup":"rbac.authorization.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:03:24.390790Z","stageTimestamp":"2025-02-25T13:11:04.391153Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"1c3da5ba-2fbc-4d35-b44b-ffac911ef1a2","stage":"ResponseComplete","requestURI":"/api/v1/resourcequotas?allowWatchBookmarks=true\u0026resourceVersion=1\u0026timeout=7m40s\u0026timeoutSeconds=460\u0026watch=true","verb":"watch","user":{"username":"system:apiserver","uid":"9ca9c2e9-c750-4409-8614-48aa8a617154","groups":["system:authenticated","system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.31.5 (linux/amd64) kubernetes/226ac90","objectRef":{"resource":"resourcequotas","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:03:24.390287Z","stageTimestamp":"2025-02-25T13:11:04.391156Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"16bbd516-cfef-4d53-b89c-c4f1748d4298","stage":"ResponseStarted","requestURI":"/api/v1/resourcequotas?allowWatchBookmarks=true\u0026resourceVersion=1719\u0026timeout=7m28s\u0026timeoutSeconds=448\u0026watch=true","verb":"watch","user":{"username":"system:apiserver","uid":"9ca9c2e9-c750-4409-8614-48aa8a617154","groups":["system:authenticated","system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.31.5 (linux/amd64) kubernetes/226ac90","objectRef":{"resource":"resourcequotas","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.391651Z","stageTimestamp":"2025-02-25T13:11:04.392143Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"24eccec6-3653-47a8-aeda-a673e79def24","stage":"ResponseStarted","requestURI":"/apis/rbac.authorization.k8s.io/v1/roles?allowWatchBookmarks=true\u0026resourceVersion=1709\u0026timeout=5m5s\u0026timeoutSeconds=305\u0026watch=true","verb":"watch","user":{"username":"system:apiserver","uid":"9ca9c2e9-c750-4409-8614-48aa8a617154","groups":["system:authenticated","system:masters"]},"sourceIPs":["::1"],"userAgent":"kube-apiserver/v1.31.5 (linux/amd64) kubernetes/226ac90","objectRef":{"resource":"roles","apiGroup":"rbac.authorization.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.391661Z","stageTimestamp":"2025-02-25T13:11:04.392143Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"bf6b9d21-54b8-41a6-805f-2876e4e548a7","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/eks-coredns-autoscaler","verb":"get","user":{"username":"eks:coredns-autoscaler","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"eks-coredns-autoscaler","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.726606Z","stageTimestamp":"2025-02-25T13:11:04.736303Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:coredns-autoscaler/kube-system\" of Role \"eks:coredns-autoscaler\" to User \"eks:coredns-autoscaler\""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"e923c96c-37ad-46e1-b8cf-cfdd70a223b4","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/eks-coredns-autoscaler","verb":"update","user":{"username":"eks:coredns-autoscaler","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"eks-coredns-autoscaler","uid":"932dade7-3029-44d3-97fe-d3e2ce464d77","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"1717"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:04.737429Z","stageTimestamp":"2025-02-25T13:11:04.744137Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:coredns-autoscaler/kube-system\" of Role \"eks:coredns-autoscaler\" to User \"eks:coredns-autoscaler\""}}
2025-02-25T15:54:13.360000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"6ae84f9d-e668-48d2-ad5b-b2ce59de7016","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cloud-controller-manager?timeout=5s","verb":"update","user":{"username":"eks:cloud-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"aws-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"cloud-controller-manager","uid":"1c063b11-ea0f-4687-957a-64abd9ba643f","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"1726"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:11:05.063753Z","stageTimestamp":"2025-02-25T13:11:05.069911Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"eks:cloud-controller-manager\" of ClusterRole \"eks:cloud-controller-manager\" to User \"eks:cloud-controller-manager\""}}
...

4. 필터 적용 신규 로그 실시간 출력

• kube-proxy

aws logs tail /aws/eks/$CLUSTER_NAME/cluster --filter-pattern kube-proxy

✅ 출력

2025-02-25T15:54:16.406000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"a82382c7-8df1-404c-bf42-2ef6298fe4b1","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-snapshotter-leader-ebs-csi-aws-com","verb":"update","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=865e7205-fc52-4566-9fce-c2cff49b97e0"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-snapshotter/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-snapshotter-leader-ebs-csi-aws-com","uid":"92ac90d6-7010-493c-b66b-e2ae3b219877","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"14090"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:19.049041Z","stageTimestamp":"2025-02-25T14:00:19.058387Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:54:16.406000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"35842df4-2154-4f96-85ee-fda63be025df","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cloud-controller-manager?timeout=5s","verb":"get","user":{"username":"eks:cloud-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.166.208"],"userAgent":"aws-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"cloud-controller-manager","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:19.276815Z","stageTimestamp":"2025-02-25T14:00:19.281496Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"eks:cloud-controller-manager\" of ClusterRole \"eks:cloud-controller-manager\" to User \"eks:cloud-controller-manager\""}}
2025-02-25T15:54:16.406000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"3af25ed2-f450-411c-be26-fb4b8c4705c6","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/eks-certificates-controller","verb":"get","user":{"username":"eks:certificate-controller","groups":["system:authenticated"]},"sourceIPs":["10.0.166.208"],"userAgent":"eks-certificates-controller/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"eks-certificates-controller","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:19.597957Z","stageTimestamp":"2025-02-25T14:00:19.602796Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:certificate-controller/kube-system\" of Role \"eks:certificate-controller\" to User \"eks:certificate-controller\""}}
2025-02-25T15:54:16.406000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"c1f85bd8-e8a2-401f-933c-7b0719df8801","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/ip-192-168-2-42.ap-northeast-2.compute.internal?timeout=10s","verb":"update","user":{"username":"system:node:ip-192-168-2-42.ap-northeast-2.compute.internal","uid":"aws-iam-authenticator:378102432899:AROAVQCFJISBU4MUNGJ6F","groups":["system:nodes","system:authenticated"],"extra":{"accessKeyId":["ASIAVQCFJISBXQFDTLPR"],"arn":["arn:aws:sts::378102432899:assumed-role/eksctl-myeks-nodegroup-ng1-NodeInstanceRole-L6JI06tBfF9M/i-05e7d5c353553c7ff"],"canonicalArn":["arn:aws:iam::378102432899:role/eksctl-myeks-nodegroup-ng1-NodeInstanceRole-L6JI06tBfF9M"],"principalId":["AROAVQCFJISBU4MUNGJ6F"],"sessionName":["i-05e7d5c353553c7ff"],"sigs.k8s.io/aws-iam-authenticator/principalId":["AROAVQCFJISBU4MUNGJ6F"]}},"sourceIPs":["192.168.2.42"],"userAgent":"kubelet/v1.31.5 (linux/amd64) kubernetes/5fcf7ca","objectRef":{"resource":"leases","namespace":"kube-node-lease","name":"ip-192-168-2-42.ap-northeast-2.compute.internal","uid":"8aede9d1-e662-4a6e-8485-9111f8361d31","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"14075"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:20.402559Z","stageTimestamp":"2025-02-25T14:00:20.411611Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:54:16.406000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"39c6e8c0-3efc-4487-bbf9-c91b02f80ab3","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-resizer-ebs-csi-aws-com","verb":"update","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=865e7205-fc52-4566-9fce-c2cff49b97e0"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-resizer/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-resizer-ebs-csi-aws-com","uid":"3f6b69bd-79a5-4eec-afbb-2e4dde349fd2","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"14098"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:20.535694Z","stageTimestamp":"2025-02-25T14:00:20.549846Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"1e99e72b-20d7-40ac-8c19-7d0993709028","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-controller-manager?timeout=5s","verb":"get","user":{"username":"system:kube-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.166.208"],"userAgent":"kube-controller-manager/v1.31.5 (linux/amd64) kubernetes/226ac90/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"kube-controller-manager","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:21.019326Z","stageTimestamp":"2025-02-25T14:00:21.023031Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"00642e57-9ceb-42e9-970b-d2a37f34246b","stage":"ResponseComplete","requestURI":"/apis/storage.k8s.io/v1/storageclasses?allowWatchBookmarks=true\u0026resourceVersion=12312\u0026timeout=7m14s\u0026timeoutSeconds=434\u0026watch=true","verb":"watch","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=865e7205-fc52-4566-9fce-c2cff49b97e0"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-provisioner/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"storageclasses","apiGroup":"storage.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T13:53:07.025573Z","stageTimestamp":"2025-02-25T14:00:21.027134Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"ebs-csi-provisioner-binding\" of ClusterRole \"ebs-external-provisioner-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"3145c12d-9b32-407d-8a52-4197e4992f8e","stage":"ResponseStarted","requestURI":"/apis/storage.k8s.io/v1/storageclasses?allowWatchBookmarks=true\u0026resourceVersion=14112\u0026timeout=9m27s\u0026timeoutSeconds=567\u0026watch=true","verb":"watch","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=865e7205-fc52-4566-9fce-c2cff49b97e0"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-provisioner/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"storageclasses","apiGroup":"storage.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:21.028988Z","stageTimestamp":"2025-02-25T14:00:21.029785Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"ebs-csi-provisioner-binding\" of ClusterRole \"ebs-external-provisioner-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"d34b1bc7-7757-408a-a570-0b14475f7903","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/ebs-csi-aws-com","verb":"update","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=865e7205-fc52-4566-9fce-c2cff49b97e0"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-provisioner/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"ebs-csi-aws-com","uid":"1f757aa3-b7b7-4f26-a1b4-f45e6cd16f2e","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"14105"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:21.830745Z","stageTimestamp":"2025-02-25T14:00:21.839082Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"5dee7581-096d-4e9c-9881-44c3e323292c","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cloud-controller-manager?timeout=5s","verb":"get","user":{"username":"eks:cloud-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.166.208"],"userAgent":"aws-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"cloud-controller-manager","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:22.000008Z","stageTimestamp":"2025-02-25T14:00:22.004881Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"eks:cloud-controller-manager\" of ClusterRole \"eks:cloud-controller-manager\" to User \"eks:cloud-controller-manager\""}}
2025-02-25T15:54:16.407000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"5702a190-62e1-4c05-8a38-47eaa94d7374","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-resizer-ebs-csi-aws-com","verb":"get","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=31351c1c-35cf-4748-a3f2-851d2e72fa8b"],"authentication.kubernetes.io/node-name":["ip-192-168-2-42.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["65d9b899-3d7d-4a54-a9b7-7fd4c0be0af4"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-p57xw"],"authentication.kubernetes.io/pod-uid":["4cf5ca4a-fae6-490f-9757-6fb2f93248bf"]}},"sourceIPs":["192.168.2.47"],"userAgent":"csi-resizer/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-resizer-ebs-csi-aws-com","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T14:00:22.178659Z","stageTimestamp":"2025-02-25T14:00:22.182656Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
...

5. 로그 스트림 실시간 출력

• kube-apiserver 로그 확인

aws logs tail /aws/eks/$CLUSTER_NAME/cluster --log-stream-name-prefix kube-apiserver --follow

✅ 출력

2025-02-25T15:59:06.241000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"b06fe424-afeb-4e3f-910b-e05548a7b5b2","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/ip-192-168-2-42.ap-northeast-2.compute.internal?timeout=10s","verb":"update","user":{"username":"system:node:ip-192-168-2-42.ap-northeast-2.compute.internal","uid":"aws-iam-authenticator:378102432899:AROAVQCFJISBU4MUNGJ6F","groups":["system:nodes","system:authenticated"],"extra":{"accessKeyId":["ASIAVQCFJISBVL7MICKQ"],"arn":["arn:aws:sts::378102432899:assumed-role/eksctl-myeks-nodegroup-ng1-NodeInstanceRole-L6JI06tBfF9M/i-05e7d5c353553c7ff"],"canonicalArn":["arn:aws:iam::378102432899:role/eksctl-myeks-nodegroup-ng1-NodeInstanceRole-L6JI06tBfF9M"],"principalId":["AROAVQCFJISBU4MUNGJ6F"],"sessionName":["i-05e7d5c353553c7ff"],"sigs.k8s.io/aws-iam-authenticator/principalId":["AROAVQCFJISBU4MUNGJ6F"]}},"sourceIPs":["192.168.2.42"],"userAgent":"kubelet/v1.31.5 (linux/amd64) kubernetes/5fcf7ca","objectRef":{"resource":"leases","namespace":"kube-node-lease","name":"ip-192-168-2-42.ap-northeast-2.compute.internal","uid":"8aede9d1-e662-4a6e-8485-9111f8361d31","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46557"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.088440Z","stageTimestamp":"2025-02-25T15:59:06.097720Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
2025-02-25T15:59:06.323000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"5bd76ccc-9d05-4ebc-9125-32f27207c823","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-controller-manager?timeout=5s","verb":"update","user":{"username":"system:kube-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"kube-controller-manager/v1.31.5 (linux/amd64) kubernetes/226ac90/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"kube-controller-manager","uid":"c29f94f4-c32a-4257-bb39-a55ef1a5d344","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46592"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:05.978575Z","stageTimestamp":"2025-02-25T15:59:05.989628Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}}
2025-02-25T15:59:06.323000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"87f7d01e-cee5-49e6-bdd1-7b8196c41235","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/eks-coredns-autoscaler","verb":"get","user":{"username":"eks:coredns-autoscaler","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"eks-coredns-autoscaler","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.137901Z","stageTimestamp":"2025-02-25T15:59:06.143032Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:coredns-autoscaler/kube-system\" of Role \"eks:coredns-autoscaler\" to User \"eks:coredns-autoscaler\""}}
2025-02-25T15:59:06.323000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"7478ba71-efe6-4415-85eb-4c2836c1e572","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/eks-coredns-autoscaler","verb":"update","user":{"username":"eks:coredns-autoscaler","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"eks-coredns-autoscaler","uid":"932dade7-3029-44d3-97fe-d3e2ce464d77","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46580"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.143926Z","stageTimestamp":"2025-02-25T15:59:06.156049Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:coredns-autoscaler/kube-system\" of Role \"eks:coredns-autoscaler\" to User \"eks:coredns-autoscaler\""}}
2025-02-25T15:59:06.573000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"ef9046f2-1f70-41d3-a7a2-f4d64f57e4a4","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/aws-load-balancer-controller-leader","verb":"update","user":{"username":"system:serviceaccount:kube-system:aws-load-balancer-controller","uid":"995573f3-a0e4-4424-9868-81cbf2295751","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=e5b23c6c-a2ce-448f-9aa8-0422d01ebae3"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["aws-load-balancer-controller-554fbd9d-kbctn"],"authentication.kubernetes.io/pod-uid":["dc66f5b2-ef3f-4ea7-908f-0db4fbd2f275"]}},"sourceIPs":["192.168.1.114"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"aws-load-balancer-controller-leader","uid":"29062207-ba15-45fd-a7f3-52b4580d16f3","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46593"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.198663Z","stageTimestamp":"2025-02-25T15:59:06.221411Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"aws-load-balancer-controller-leader-election-rolebinding/kube-system\" of Role \"aws-load-balancer-controller-leader-election-role\" to ServiceAccount \"aws-load-balancer-controller/kube-system\""}}
2025-02-25T15:59:06.828000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"abab7321-e086-4097-b246-924c9f1769b6","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-attacher-leader-ebs-csi-aws-com","verb":"get","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=ebc1f5d6-37da-45f3-b291-82cf0fcc6367"],"authentication.kubernetes.io/node-name":["ip-192-168-2-42.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["65d9b899-3d7d-4a54-a9b7-7fd4c0be0af4"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-p57xw"],"authentication.kubernetes.io/pod-uid":["4cf5ca4a-fae6-490f-9757-6fb2f93248bf"]}},"sourceIPs":["192.168.2.47"],"userAgent":"csi-attacher/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-attacher-leader-ebs-csi-aws-com","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.454289Z","stageTimestamp":"2025-02-25T15:59:06.457958Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:59:07.075000+00:00 kube-apiserver-audit-4e3006095bad62c5b3575ab7dbd2cfbb {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"47e16d35-f40b-4fdf-a301-4f1bd38e5879","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cloud-controller-manager?timeout=5s","verb":"update","user":{"username":"eks:cloud-controller-manager","groups":["system:authenticated"]},"sourceIPs":["10.0.116.214"],"userAgent":"aws-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"cloud-controller-manager","uid":"1c063b11-ea0f-4687-957a-64abd9ba643f","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46596"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.593881Z","stageTimestamp":"2025-02-25T15:59:06.601897Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"eks:cloud-controller-manager\" of ClusterRole \"eks:cloud-controller-manager\" to User \"eks:cloud-controller-manager\""}}
2025-02-25T15:59:07.244000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"7715eca9-a8e1-4752-a460-0515516362fd","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-attacher-leader-ebs-csi-aws-com","verb":"update","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=09a67c38-ccca-4b60-aed4-964aac7bfc6b"],"authentication.kubernetes.io/node-name":["ip-192-168-1-51.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["58a47c72-0c03-4bac-b427-6b6b69b61305"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-z4t4z"],"authentication.kubernetes.io/pod-uid":["5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee"]}},"sourceIPs":["192.168.1.226"],"userAgent":"csi-attacher/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-attacher-leader-ebs-csi-aws-com","uid":"a567568d-f785-4767-b0a2-204ca3a0fb95","apiGroup":"coordination.k8s.io","apiVersion":"v1","resourceVersion":"46581"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:06.183577Z","stageTimestamp":"2025-02-25T15:59:06.190737Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:59:07.244000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"76427af1-8ce6-467b-8c5e-1d54f3ba12b5","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/external-resizer-ebs-csi-aws-com","verb":"get","user":{"username":"system:serviceaccount:kube-system:ebs-csi-controller-sa","uid":"3f266af7-bcc9-4b75-9cd1-ef47f6fc1abb","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=ebc1f5d6-37da-45f3-b291-82cf0fcc6367"],"authentication.kubernetes.io/node-name":["ip-192-168-2-42.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["65d9b899-3d7d-4a54-a9b7-7fd4c0be0af4"],"authentication.kubernetes.io/pod-name":["ebs-csi-controller-7f8f8cb84-p57xw"],"authentication.kubernetes.io/pod-uid":["4cf5ca4a-fae6-490f-9757-6fb2f93248bf"]}},"sourceIPs":["192.168.2.47"],"userAgent":"csi-resizer/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"leases","namespace":"kube-system","name":"external-resizer-ebs-csi-aws-com","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:07.058273Z","stageTimestamp":"2025-02-25T15:59:07.063437Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"ebs-csi-leases-rolebinding/kube-system\" of Role \"ebs-csi-leases-role\" to ServiceAccount \"ebs-csi-controller-sa/kube-system\""}}
2025-02-25T15:59:07.244000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"7edc0aeb-e68d-40e2-96a5-5a795501f0e8","stage":"ResponseComplete","requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/amazon-network-policy-controller-k8s","verb":"get","user":{"username":"eks:network-policy-controller","groups":["system:authenticated"]},"sourceIPs":["10.0.166.208"],"userAgent":"controller/v0.0.0 (linux/amd64) kubernetes/$Format/leader-election","objectRef":{"resource":"leases","namespace":"kube-system","name":"amazon-network-policy-controller-k8s","apiGroup":"coordination.k8s.io","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:07.064113Z","stageTimestamp":"2025-02-25T15:59:07.070093Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by RoleBinding \"eks:network-policy-controller/kube-system\" of Role \"eks:network-policy-controller\" to User \"eks:network-policy-controller\""}}
2025-02-25T15:59:07.244000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"a2b02ed1-1be2-463c-8397-ff0bdbb72a96","stage":"ResponseComplete","requestURI":"/api/v1/nodes","verb":"list","user":{"username":"system:serviceaccount:kube-system:kube-ops-view","uid":"36439bb7-a7d4-464c-95fe-cfb4ff623176","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=220d0150-9f1a-4707-b10c-070055e30a53"],"authentication.kubernetes.io/node-name":["ip-192-168-2-42.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["65d9b899-3d7d-4a54-a9b7-7fd4c0be0af4"],"authentication.kubernetes.io/pod-name":["kube-ops-view-657dbc6cd8-pxkvr"],"authentication.kubernetes.io/pod-uid":["37bf2637-622f-4ee2-9804-a73d74e16f0e"]}},"sourceIPs":["192.168.2.249"],"userAgent":"pykube-ng/20.4.1","objectRef":{"resource":"nodes","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:07.188115Z","stageTimestamp":"2025-02-25T15:59:07.196179Z","annotations":{"authentication.k8s.io/stale-token":"subject: system:serviceaccount:kube-system:kube-ops-view, seconds after warning threshold: 959","authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"kube-ops-view\" of ClusterRole \"kube-ops-view\" to ServiceAccount \"kube-ops-view/kube-system\""}}
2025-02-25T15:59:07.244000+00:00 kube-apiserver-audit-4ff1d80de4851cc512375bb0568780f7 {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"6265477b-e567-4f35-89e4-bdbaf878bc61","stage":"ResponseComplete","requestURI":"/api/v1/pods","verb":"list","user":{"username":"system:serviceaccount:kube-system:kube-ops-view","uid":"36439bb7-a7d4-464c-95fe-cfb4ff623176","groups":["system:serviceaccounts","system:serviceaccounts:kube-system","system:authenticated"],"extra":{"authentication.kubernetes.io/credential-id":["JTI=220d0150-9f1a-4707-b10c-070055e30a53"],"authentication.kubernetes.io/node-name":["ip-192-168-2-42.ap-northeast-2.compute.internal"],"authentication.kubernetes.io/node-uid":["65d9b899-3d7d-4a54-a9b7-7fd4c0be0af4"],"authentication.kubernetes.io/pod-name":["kube-ops-view-657dbc6cd8-pxkvr"],"authentication.kubernetes.io/pod-uid":["37bf2637-622f-4ee2-9804-a73d74e16f0e"]}},"sourceIPs":["192.168.2.249"],"userAgent":"pykube-ng/20.4.1","objectRef":{"resource":"pods","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2025-02-25T15:59:07.202326Z","stageTimestamp":"2025-02-25T15:59:07.226347Z","annotations":{"authentication.k8s.io/stale-token":"subject: system:serviceaccount:kube-system:kube-ops-view, seconds after warning threshold: 959","authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"kube-ops-view\" of ClusterRole \"kube-ops-view\" to ServiceAccount \"kube-ops-view/kube-system\""}}
...

• CoreDNS scale 축소 (2개 → 1개)

(eks-user@myeks:default) [root@operator-host ~]# kubectl scale deployment -n kube-system coredns --replicas=1
# 결과
deployment.apps/coredns scaled

aws logs tail /aws/eks/$CLUSTER_NAME/cluster --log-stream-name-prefix kube-controller-manager --follow

✅ 출력

2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.919710       9 replica_set.go:624] "Too many replicas" logger="replicaset-controller" replicaSet="kube-system/coredns-86f5954566" need=1 deleting=1
2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.919757       9 replica_set.go:251] "Found related ReplicaSets" logger="replicaset-controller" replicaSet="kube-system/coredns-86f5954566" relatedReplicaSets=["kube-system/coredns-86f5954566"]
2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.919823       9 controller_utils.go:608] "Deleting pod" logger="replicaset-controller" controller="coredns-86f5954566" pod="kube-system/coredns-86f5954566-c8wl2"
2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.980081       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="60.447223ms"
2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.993874       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="13.736734ms"
2025-02-25T16:11:02.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:02.996455       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="79.629µs"
2025-02-25T16:11:08.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:08.243402       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="102.085µs"
2025-02-25T16:11:09.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:09.191159       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="101.657µs"
2025-02-25T16:11:09.000000+00:00 kube-controller-manager-4e3006095bad62c5b3575ab7dbd2cfbb I0225 16:11:09.200150       9 replica_set.go:679] "Finished syncing" logger="replicaset-controller" kind="ReplicaSet" key="kube-system/coredns-86f5954566" duration="121.163µs"

6. CloudWatch Log Insights

(1) /aws/eks/myeks/cluster 로그 그룹을 선택 후 쿼리 실행

(2) EC2 Instance가 NodeNotReady 상태인 로그 검색

fields @timestamp, @message
| filter @message like /NodeNotReady/
| sort @timestamp desc

현재 노드에 이상이 없어 결과가 없음

(3) kube-apiserver-audit 로그에서 userAgent 정렬해서 아래 4개 필드 정보 검색

fields userAgent, requestURI, @timestamp, @message
| filter @logStream ~= "kube-apiserver-audit"
| stats count(userAgent) as count by userAgent
| sort count desc

7. 로깅 끄기

(1) EKS Control Plane 로깅(CloudWatch Logs) 비활성화

eksctl utils update-cluster-logging --cluster $CLUSTER_NAME --region ap-northeast-2 --disable-types all --approve

✅ 출력

2025-02-26 01:21:15 [ℹ]  will update CloudWatch logging for cluster "myeks" in "ap-northeast-2" (no types to enable & disable types: api, audit, authenticator, controllerManager, scheduler)
2025-02-26 01:21:46 [✔]  configured CloudWatch logging for cluster "myeks" in "ap-northeast-2" (no types enabled & disabled types: api, audit, authenticator, controllerManager, scheduler)

(2) 로그 그룹 삭제

aws logs delete-log-group --log-group-name /aws/eks/$CLUSTER_NAME/cluster

---

🐳 컨테이너 파드 로깅

1. NGINX 웹서버 배포 with Ingress(ALB)

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

# 결과
"bitnami" has been added to your repositories
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "prometheus-community" chart repository
...Successfully got an update from the "geek-cookbook" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈

2. 도메인, 인증서 확인

echo $MyDomain $CERT_ARN

✅ 출력

gagajin.com arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b

3. 파라미터 파일 생성

cat <<EOT > nginx-values.yaml
service:
  type: NodePort
  
networkPolicy:
  enabled: false
  
resourcesPreset: "nano"

ingress:
  enabled: true
  ingressClassName: alb
  hostname: nginx.$MyDomain
  pathType: Prefix
  path: /
  annotations: 
    alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
    alb.ingress.kubernetes.io/group.name: study
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/load-balancer-name: $CLUSTER_NAME-ingress-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/success-codes: 200-399
    alb.ingress.kubernetes.io/target-type: ip
EOT

4. 파라미터 파일 조회

cat nginx-values.yaml

✅ 출력

service:
  type: NodePort
  
networkPolicy:
  enabled: false
  
resourcesPreset: "nano"

ingress:
  enabled: true
  ingressClassName: alb
  hostname: nginx.gagajin.com
  pathType: Prefix
  path: /
  annotations: 
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b
    alb.ingress.kubernetes.io/group.name: study
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/success-codes: 200-399
    alb.ingress.kubernetes.io/target-type: ip

5. 배포

helm install nginx bitnami/nginx --version 19.0.0 -f nginx-values.yaml

✅ 출력

NAME: nginx
LAST DEPLOYED: Wed Feb 26 21:22:14 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: nginx
CHART VERSION: 19.0.0
APP VERSION: 1.27.4

Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.

** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:

    nginx.default.svc.cluster.local (port 80)

To access NGINX from outside the cluster, follow the steps below:

1. Get the NGINX URL and associate its hostname to your cluster external IP:

   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
   echo "NGINX URL: http://nginx.gagajin.com"
   echo "$CLUSTER_IP  nginx.gagajin.com" | sudo tee -a /etc/hosts

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - cloneStaticSiteFromGit.gitSync.resources
  - resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.

Substituted images detected:
  - docker.io/bitnami/nginx:1.27.4-debian-12-r1

⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior.

Retagged images:
  - docker.io/bitnami/nginx:1.27.4-debian-12-r1

6. Ingress, Deployment, 서비스, 엔드포인트 조회 - Nginx

kubectl get ingress,deploy,svc,ep nginx

✅ 출력

NAME                              CLASS   HOSTS               ADDRESS                                                       PORTS   AGE
ingress.networking.k8s.io/nginx   alb     nginx.gagajin.com   myeks-ingress-alb-77245841.ap-northeast-2.elb.amazonaws.com   80      64s

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx   1/1     1            1           64s

NAME            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
service/nginx   NodePort   10.100.47.81   <none>        80:32507/TCP,443:32693/TCP   64s

NAME              ENDPOINTS                             AGE
endpoints/nginx   192.168.2.63:8443,192.168.2.63:8080   64s

7. 배포 상세 정보 확인 - Nginx

kubectl describe deploy nginx

✅ 출력

Name:                   nginx
Namespace:              default
CreationTimestamp:      Wed, 26 Feb 2025 21:22:15 +0900
Labels:                 app.kubernetes.io/instance=nginx
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=nginx
                        app.kubernetes.io/version=1.27.4
                        helm.sh/chart=nginx-19.0.0
Annotations:            deployment.kubernetes.io/revision: 1
                        meta.helm.sh/release-name: nginx
                        meta.helm.sh/release-namespace: default
Selector:               app.kubernetes.io/instance=nginx,app.kubernetes.io/name=nginx
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app.kubernetes.io/instance=nginx
                    app.kubernetes.io/managed-by=Helm
                    app.kubernetes.io/name=nginx
                    app.kubernetes.io/version=1.27.4
                    helm.sh/chart=nginx-19.0.0
  Service Account:  nginx
  Init Containers:
   preserve-logs-symlinks:
    Image:           docker.io/bitnami/nginx:1.27.4-debian-12-r1
    Port:            <none>
    Host Port:       <none>
    SeccompProfile:  RuntimeDefault
    Command:
      /bin/bash
    Args:
      -ec
      #!/bin/bash
      . /opt/bitnami/scripts/libfs.sh
      # We copy the logs folder because it has symlinks to stdout and stderr
      if ! is_dir_empty /opt/bitnami/nginx/logs; then
        cp -r /opt/bitnami/nginx/logs /emptydir/app-logs-dir
      fi
      
    Limits:
      cpu:                150m
      ephemeral-storage:  2Gi
      memory:             192Mi
    Requests:
      cpu:                100m
      ephemeral-storage:  50Mi
      memory:             128Mi
    Environment:          <none>
    Mounts:
      /emptydir from empty-dir (rw)
  Containers:
   nginx:
    Image:           docker.io/bitnami/nginx:1.27.4-debian-12-r1
    Ports:           8080/TCP, 8443/TCP
    Host Ports:      0/TCP, 0/TCP
    SeccompProfile:  RuntimeDefault
    Limits:
      cpu:                150m
      ephemeral-storage:  2Gi
      memory:             192Mi
    Requests:
      cpu:                100m
      ephemeral-storage:  50Mi
      memory:             128Mi
    Liveness:             tcp-socket :http delay=30s timeout=5s period=10s #success=1 #failure=6
    Readiness:            http-get http://:http/ delay=5s timeout=3s period=5s #success=1 #failure=3
    Environment:
      BITNAMI_DEBUG:            false
      NGINX_HTTP_PORT_NUMBER:   8080
      NGINX_HTTPS_PORT_NUMBER:  8443
    Mounts:
      /certs from certificate (rw)
      /opt/bitnami/nginx/conf from empty-dir (rw,path="app-conf-dir")
      /opt/bitnami/nginx/logs from empty-dir (rw,path="app-logs-dir")
      /opt/bitnami/nginx/tmp from empty-dir (rw,path="app-tmp-dir")
      /tmp from empty-dir (rw,path="tmp-dir")
  Volumes:
   empty-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
   certificate:
    Type:          Secret (a volume populated by a Secret)
    SecretName:    nginx-tls
    Optional:      false
  Node-Selectors:  <none>
  Tolerations:     <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   nginx-7c94c9bdcb (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  102s  deployment-controller  Scaled up replica set nginx-7c94c9bdcb to 1

8. ALB TargetGroupBindings 확인

kubectl get targetgroupbindings

✅ 출력

NAME                              SERVICE-NAME   SERVICE-PORT   TARGET-TYPE   AGE
k8s-default-nginx-342d095714      nginx          http           ip            2m8s
k8s-default-productp-d3c7ff7881   productpage    9080           ip            21h

9. 접속 주소 확인 및 접속

(1) 확인

echo -e "Nginx WebServer URL = https://nginx.$MyDomain"

✅ 출력

Nginx WebServer URL = https://nginx.gagajin.com

(2) 접속

curl -s https://nginx.$MyDomain

✅ 출력

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

10. 반복 접속

nginx 로그 모니터링을 위해 반복 접속 설정

while true; do curl -s https://nginx.$MyDomain -I | head -n 1; date; sleep 1; done

✅ 출력

HTTP/2 200 
Wed Feb 26 09:27:31 PM KST 2025
HTTP/2 200 
Wed Feb 26 09:27:33 PM KST 2025
HTTP/2 200 
Wed Feb 26 09:27:34 PM KST 2025
...

---

☁️ CloudWatch Container observability 설치

1. IRSA 설정

eksctl create iamserviceaccount \
  --name cloudwatch-agent \
  --namespace amazon-cloudwatch --cluster $CLUSTER_NAME \
  --role-name $CLUSTER_NAME-cloudwatch-agent-role \
  --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \
  --role-only \
  --approve

✅ 출력

2025-02-26 21:46:00 [ℹ]  1 existing iamserviceaccount(s) (kube-system/aws-load-balancer-controller) will be excluded
2025-02-26 21:46:00 [ℹ]  1 iamserviceaccount (amazon-cloudwatch/cloudwatch-agent) was included (based on the include/exclude rules)
2025-02-26 21:46:00 [!]  serviceaccounts in Kubernetes will not be created or modified, since the option --role-only is used
2025-02-26 21:46:00 [ℹ]  1 task: { create IAM role for serviceaccount "amazon-cloudwatch/cloudwatch-agent" }
2025-02-26 21:46:00 [ℹ]  building iamserviceaccount stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-02-26 21:46:00 [ℹ]  deploying stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-02-26 21:46:00 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-02-26 21:46:30 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"

2. addon 배포

(1) AWS 계정 ID 조회 및 환경 변수 설정

export ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)

(2) EKS 클러스터에 amazon-cloudwatch-observability 애드온 배포

aws eks create-addon --addon-name amazon-cloudwatch-observability --cluster-name $CLUSTER_NAME --service-account-role-arn arn:aws:iam::$ACCOUNT_ID:role/$CLUSTER_NAME-cloudwatch-agent-role

✅ 출력

{
    "addon": {
        "addonName": "amazon-cloudwatch-observability",
        "clusterName": "myeks",
        "status": "CREATING",
        "addonVersion": "v3.3.1-eksbuild.1",
        "health": {
            "issues": []
        },
        "addonArn": "arn:aws:eks:ap-northeast-2:378102432899:addon/myeks/amazon-cloudwatch-observability/b8caa12a-714e-a4b9-05b5-a368820767bf",
        "createdAt": "2025-02-26T21:56:54.393000+09:00",
        "modifiedAt": "2025-02-26T21:56:54.411000+09:00",
        "serviceAccountRoleArn": "arn:aws:iam::378102432899:role/myeks-cloudwatch-agent-role",
        "tags": {}
    }
}

3. addon 확인

aws eks list-addons --cluster-name myeks --output table

✅ 출력

---------------------------------------
|             ListAddons              |
+-------------------------------------+
||              addons               ||
|+-----------------------------------+|
||  amazon-cloudwatch-observability  ||
||  aws-ebs-csi-driver               ||
||  coredns                          ||
||  kube-proxy                       ||
||  metrics-server                   ||
||  vpc-cni                          ||
|+-----------------------------------+|

• EKS 클러스터에 amazon-cloudwatch-observability 애드온이 추가됨

4. CRD 배포 확인

kubectl get crd | grep -i cloudwatch

✅ 출력

amazoncloudwatchagents.cloudwatch.aws.amazon.com   2025-02-26T12:57:16Z
dcgmexporters.cloudwatch.aws.amazon.com            2025-02-26T12:57:17Z
instrumentations.cloudwatch.aws.amazon.com         2025-02-26T12:57:17Z
neuronmonitors.cloudwatch.aws.amazon.com           2025-02-26T12:57:17Z

• CloudWatch 관련 4개의 CRD가 배포됨

5. amazon-cloudwatch 네임스페이스 리소스 조회

kubectl get ds,pod,cm,sa,amazoncloudwatchagent -n amazon-cloudwatch

✅ 출력

NAME                                                         DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR              AGE
daemonset.apps/cloudwatch-agent                              3         3         3       3            3           kubernetes.io/os=linux     14m
daemonset.apps/cloudwatch-agent-windows                      0         0         0       0            0           kubernetes.io/os=windows   14m
daemonset.apps/cloudwatch-agent-windows-container-insights   0         0         0       0            0           kubernetes.io/os=windows   14m
daemonset.apps/dcgm-exporter                                 0         0         0       0            0           kubernetes.io/os=linux     14m
daemonset.apps/fluent-bit                                    3         3         3       3            3           kubernetes.io/os=linux     14m
daemonset.apps/fluent-bit-windows                            0         0         0       0            0           kubernetes.io/os=windows   14m
daemonset.apps/neuron-monitor                                0         0         0       0            0           <none>                     14m

NAME                                                                  READY   STATUS    RESTARTS   AGE
pod/amazon-cloudwatch-observability-controller-manager-6f76854spzlp   1/1     Running   0          14m
pod/cloudwatch-agent-87hnx                                            1/1     Running   0          14m
pod/cloudwatch-agent-h6rpg                                            1/1     Running   0          14m
pod/cloudwatch-agent-kfwzk                                            1/1     Running   0          14m
pod/fluent-bit-8264s                                                  1/1     Running   0          14m
pod/fluent-bit-9l69f                                                  1/1     Running   0          14m
pod/fluent-bit-tfjbr                                                  1/1     Running   0          14m

NAME                                                    DATA   AGE
configmap/cloudwatch-agent                              1      14m
configmap/cloudwatch-agent-windows                      1      14m
configmap/cloudwatch-agent-windows-container-insights   1      14m
configmap/cwagent-clusterleader                         0      14m
configmap/dcgm-exporter-config-map                      2      14m
configmap/fluent-bit-config                             5      14m
configmap/fluent-bit-windows-config                     5      14m
configmap/kube-root-ca.crt                              1      14m
configmap/neuron-monitor-config-map                     1      14m

NAME                                                                SECRETS   AGE
serviceaccount/amazon-cloudwatch-observability-controller-manager   0         14m
serviceaccount/cloudwatch-agent                                     0         14m
serviceaccount/dcgm-exporter-service-acct                           0         14m
serviceaccount/default                                              0         14m
serviceaccount/neuron-monitor-service-acct                          0         14m

NAME                                                                                          MODE        VERSION   READY   AGE   IMAGE   MANAGEMENT
amazoncloudwatchagent.cloudwatch.aws.amazon.com/cloudwatch-agent                              daemonset   0.0.0             14m           managed
amazoncloudwatchagent.cloudwatch.aws.amazon.com/cloudwatch-agent-windows                      daemonset   0.0.0             14m           managed
amazoncloudwatchagent.cloudwatch.aws.amazon.com/cloudwatch-agent-windows-container-insights   daemonset   0.0.0             14m           managed

• 모든 노드에서 로그를 수집하기 위해 리눅스용 cloudwatch-agent 데몬셋이 노드 수에 맞게 배포됨
• Windows 노드는 존재하지 않아 cloudwatch-agent-windows 데몬셋은 0임

6. 노드의 로그 확인

(1) application 로그 소스(All log files in /var/log/containers → 심볼릭 링크 /var/log/pods/<컨테이너>, 각 컨테이너/파드 로그

for node in $N1 $N2 $N3; do echo ">>>>> $node <<<<<"; ssh ec2-user@$node sudo tree /var/log/containers; echo; done

✅ 출력

>>>>> 15.164.227.37 <<<<<
/var/log/containers
├── aws-load-balancer-controller-554fbd9d-kbctn_kube-system_aws-load-balancer-controller-ae03ebdd899a3b4960dc6eaf290d27f46ceff51545b68f2dad3b013ed05cf9a4.log -> /var/log/pods/kube-system_aws-load-balancer-controller-554fbd9d-kbctn_dc66f5b2-ef3f-4ea7-908f-0db4fbd2f275/aws-load-balancer-controller/0.log
├── aws-node-r5nbp_kube-system_aws-eks-nodeagent-97deaf50ee032a4728028115ecadc4df9800f763105986e526a375367aaff758.log -> /var/log/pods/kube-system_aws-node-r5nbp_d1476562-ea81-46d8-bc36-4da33468aaa5/aws-eks-nodeagent/0.log
├── aws-node-r5nbp_kube-system_aws-node-b011407ecb43724bd80edbfe11b5a306901b691b00b96400e4ce7c84666a967a.log -> /var/log/pods/kube-system_aws-node-r5nbp_d1476562-ea81-46d8-bc36-4da33468aaa5/aws-node/0.log
├── aws-node-r5nbp_kube-system_aws-vpc-cni-init-4c907842128039d3ff9c6ecaf89063504f5d80438084589f6a44445e6c54c591.log -> /var/log/pods/kube-system_aws-node-r5nbp_d1476562-ea81-46d8-bc36-4da33468aaa5/aws-vpc-cni-init/0.log
├── cloudwatch-agent-kfwzk_amazon-cloudwatch_otc-container-b64522fc2d70ee5ad6d8de6d49d866d636764c86f9231f18c9eb004c8587b20b.log -> /var/log/pods/amazon-cloudwatch_cloudwatch-agent-kfwzk_a5b6a6d2-d0c3-45de-89ac-d9c865c553f4/otc-container/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_csi-attacher-e6c94cfbc24f90637b32b7f596daec2007e13a35c61794bd5429fc573d2de07a.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/csi-attacher/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_csi-provisioner-903745a8a728c5de43eca34f2012a52a6ef0fe103722048a135d82fab33c9226.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/csi-provisioner/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_csi-resizer-37d345a943121b4e5d348d3147b7928fbf94783ea87baf7e1a29bee600e44c6b.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/csi-resizer/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_csi-snapshotter-796eb70b19fb6e9a72c8cae8d8f52762c0d0da4431f45eeb10dfeed6de63172d.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/csi-snapshotter/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_ebs-plugin-d50cc0f88f910d81a23c77774d8fe84f451bfa825496e60ececc442552eb1639.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/ebs-plugin/0.log
├── ebs-csi-controller-7f8f8cb84-z4t4z_kube-system_liveness-probe-8bb874394b3681e04338edd503c4a560c7ebabd2a6608261c88fa7e70529695b.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-z4t4z_5b150c0c-9d2b-4c5f-ba59-bbcff29bb0ee/liveness-probe/0.log
├── ebs-csi-node-j46zg_kube-system_ebs-plugin-0824d0fbca762ba2532e33435a5b448a400f52b5cd7516fc7671a5845605d51e.log -> /var/log/pods/kube-system_ebs-csi-node-j46zg_d160163c-dd04-4259-ab96-f6850b5a407a/ebs-plugin/0.log
├── ebs-csi-node-j46zg_kube-system_liveness-probe-3ca5cf0a203bb1eb886f05c02c308e79fd6e79777bbc98635d28e59fee8c88f8.log -> /var/log/pods/kube-system_ebs-csi-node-j46zg_d160163c-dd04-4259-ab96-f6850b5a407a/liveness-probe/0.log
├── ebs-csi-node-j46zg_kube-system_node-driver-registrar-4bfca921825f106ecd08694b261b361499bc612b6e1b3b34537b30edaea8d251.log -> /var/log/pods/kube-system_ebs-csi-node-j46zg_d160163c-dd04-4259-ab96-f6850b5a407a/node-driver-registrar/0.log
├── external-dns-dc4878f5f-fskxk_kube-system_external-dns-4c9f28bd84caed6a9f6e345991516527d2bcb271b1b161c5a58fd3c7710c7d5d.log -> /var/log/pods/kube-system_external-dns-dc4878f5f-fskxk_2f69ba60-e611-4718-8a4d-ea14f438867e/external-dns/0.log
├── fluent-bit-tfjbr_amazon-cloudwatch_fluent-bit-948fb449154984e2ceff0ed1ca6cb86fdad141ca144e1995353f35647e7e0207.log -> /var/log/pods/amazon-cloudwatch_fluent-bit-tfjbr_6280ec3f-666d-485a-be7a-9756737ee8cd/fluent-bit/0.log
├── kube-prometheus-stack-grafana-0_monitoring_grafana-07ff1d680b4d33ce368a00dcf109cb4278046c9d6b98b63c998de65312f4ac73.log -> /var/log/pods/monitoring_kube-prometheus-stack-grafana-0_b098dea3-a8ec-4fb1-a7b0-ff701a65f0ba/grafana/0.log
├── kube-prometheus-stack-grafana-0_monitoring_grafana-sc-dashboard-d15b03ba0da8001c49f9ae652817fdd8b4b650dbd864b9e9fb772fcefb1645d4.log -> /var/log/pods/monitoring_kube-prometheus-stack-grafana-0_b098dea3-a8ec-4fb1-a7b0-ff701a65f0ba/grafana-sc-dashboard/0.log
├── kube-prometheus-stack-grafana-0_monitoring_grafana-sc-datasources-31143a8a39f55140e75cbff4d3eb9d0e011582c8a15c2400287486b0f6f17014.log -> /var/log/pods/monitoring_kube-prometheus-stack-grafana-0_b098dea3-a8ec-4fb1-a7b0-ff701a65f0ba/grafana-sc-datasources/0.log
├── kube-prometheus-stack-grafana-0_monitoring_init-chown-data-be60a46537cc11fbbb453426899a8b9918ac0a922e59505d0b0ebf9cbb6846a2.log -> /var/log/pods/monitoring_kube-prometheus-stack-grafana-0_b098dea3-a8ec-4fb1-a7b0-ff701a65f0ba/init-chown-data/0.log
├── kube-prometheus-stack-prometheus-node-exporter-lt42c_monitoring_node-exporter-01861c25bd8c9d23b5535cf83af5dc3fea762d1cf1b35475dcbd351158c88cd1.log -> /var/log/pods/monitoring_kube-prometheus-stack-prometheus-node-exporter-lt42c_ec3fd0cb-6046-44ea-a6be-30e58ac0cbd2/node-exporter/0.log
├── kube-proxy-v8nh9_kube-system_kube-proxy-a99b17ae17e49653b07611fd64abd6cb31026644be61bbc40bc4829cb9ad4fbc.log -> /var/log/pods/kube-system_kube-proxy-v8nh9_3a48dd47-bf53-4ec0-8060-2db03b661f8c/kube-proxy/0.log
├── ratings-v1-65f797b499-fs82w_default_ratings-0bf6628633bfcca12bbdbbe1dfab7eb5c7ab97421a3fcc08ab3799287fc94dd5.log -> /var/log/pods/default_ratings-v1-65f797b499-fs82w_5ed60936-90e6-43bb-8ff9-cc48e8513767/ratings/0.log
└── reviews-v2-65cb66b45c-8rvgv_default_reviews-e1bf161e3331be5881dbc3c17a7ab70450454eb4242e8e4b0cd8d41ba5d3f74d.log -> /var/log/pods/default_reviews-v2-65cb66b45c-8rvgv_e577fc82-eff2-4eaf-9534-7b2a0e6d4851/reviews/0.log

0 directories, 24 files

>>>>> 3.38.205.159 <<<<<
/var/log/containers
├── amazon-cloudwatch-observability-controller-manager-6f76854spzlp_amazon-cloudwatch_manager-21d672489b323c5ddde198ca793164cf1d83ada8a0aaa6ca1f271b17631174e3.log -> /var/log/pods/amazon-cloudwatch_amazon-cloudwatch-observability-controller-manager-6f76854spzlp_8c35db22-377e-4b33-819b-fa7324622171/manager/0.log
├── aws-load-balancer-controller-554fbd9d-mtlsg_kube-system_aws-load-balancer-controller-f3c273a6d3458a8641e154652ae4ddac77f9dac11a9989c19a2d8b1e649f152a.log -> /var/log/pods/kube-system_aws-load-balancer-controller-554fbd9d-mtlsg_5819b483-9f6b-4aee-96ac-2a6308632fc3/aws-load-balancer-controller/0.log
├── aws-node-qgc5t_kube-system_aws-eks-nodeagent-329a39ed4aa628e60b6de898061099e81899cf47eaea11b4de183bc047b0c273.log -> /var/log/pods/kube-system_aws-node-qgc5t_310d7c55-bc9e-474a-928f-b19218586bb2/aws-eks-nodeagent/0.log
├── aws-node-qgc5t_kube-system_aws-node-131feacde9ef43a840464fab4dfdcca474f22bf4c729cb72eb06a6b0e52775aa.log -> /var/log/pods/kube-system_aws-node-qgc5t_310d7c55-bc9e-474a-928f-b19218586bb2/aws-node/0.log
├── aws-node-qgc5t_kube-system_aws-vpc-cni-init-0955e671e6632f35365190de7baf154098e1874e15da88593d58c4c8b60b0ebe.log -> /var/log/pods/kube-system_aws-node-qgc5t_310d7c55-bc9e-474a-928f-b19218586bb2/aws-vpc-cni-init/0.log
├── cloudwatch-agent-h6rpg_amazon-cloudwatch_otc-container-60691c257f2dc3f6c88c750c4b62a063881ebd20191d22c0931c3e39edc530f0.log -> /var/log/pods/amazon-cloudwatch_cloudwatch-agent-h6rpg_acdaf801-9bdc-442a-aa75-382c955a6877/otc-container/0.log
├── details-v1-79dfbd6fff-584wb_default_details-b3894830ed1617fe5450afd0a995fd7b73b29cba7926429c5d097bde263655fc.log -> /var/log/pods/default_details-v1-79dfbd6fff-584wb_b48b1f96-e092-46d5-8e67-cd82ac2e6c37/details/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_csi-attacher-1e5760913f98d5f0bbe1a2b361ad912c868db722f01b60a9a7ce90a109e70b5d.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/csi-attacher/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_csi-provisioner-be3e325f052fe16b3092a07e91e114dc9dc432e5d22f243e6588827c212bc6a7.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/csi-provisioner/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_csi-resizer-bc3fcf25d070d8aba39417b1366d13792ca13effda7ccee5eac9c350aacf335f.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/csi-resizer/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_csi-snapshotter-b5c546a2c80d6b12dc57145efadd7096af9b26a617c96348e96c76dabfc6e9aa.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/csi-snapshotter/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_ebs-plugin-1f144c5d362b9aa9defc70faceceeca9aaf5bf2432ff29094ca7f14aff0d7286.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/ebs-plugin/0.log
├── ebs-csi-controller-7f8f8cb84-p57xw_kube-system_liveness-probe-5df88285ad500c9f746b9e2a33c300935449361510cf5257f5927bc244a00be2.log -> /var/log/pods/kube-system_ebs-csi-controller-7f8f8cb84-p57xw_4cf5ca4a-fae6-490f-9757-6fb2f93248bf/liveness-probe/0.log
├── ebs-csi-node-hx5jb_kube-system_ebs-plugin-3752c118d606b7aef00dc996750ad7a5ceb8cdd6c1fe52f6be372bbf7ac7c75d.log -> /var/log/pods/kube-system_ebs-csi-node-hx5jb_7d00ede6-b633-4562-ade4-5c61317bf843/ebs-plugin/0.log
├── ebs-csi-node-hx5jb_kube-system_liveness-probe-b4704bbfc6c455d7d5783c46f5d7edeaab33a1ff639fb3e705ae7339e7cc2fee.log -> /var/log/pods/kube-system_ebs-csi-node-hx5jb_7d00ede6-b633-4562-ade4-5c61317bf843/liveness-probe/0.log
├── ebs-csi-node-hx5jb_kube-system_node-driver-registrar-075052709e559f266c4781c82fd440ea8a242b22ef144b992315505de11821eb.log -> /var/log/pods/kube-system_ebs-csi-node-hx5jb_7d00ede6-b633-4562-ade4-5c61317bf843/node-driver-registrar/0.log
├── fluent-bit-9l69f_amazon-cloudwatch_fluent-bit-36dd0ff870718ead8bab9b0e527b10ce8ba557fc4fa0ca5739463cc3cbf06fbc.log -> /var/log/pods/amazon-cloudwatch_fluent-bit-9l69f_e07292b4-1788-44fb-8e6e-4d6da7d4bd24/fluent-bit/0.log
├── kube-ops-view-657dbc6cd8-pxkvr_kube-system_kube-ops-view-03cea4cf3d718da69b11be38f26cea545a73de5e067e258a2defdfe2717a1b5a.log -> /var/log/pods/kube-system_kube-ops-view-657dbc6cd8-pxkvr_37bf2637-622f-4ee2-9804-a73d74e16f0e/kube-ops-view/0.log
├── kube-prometheus-stack-prometheus-node-exporter-h442l_monitoring_node-exporter-990676e672a4e571e148c5fafb4a1a443ec0882f51c071a1ba4045888eedb35d.log -> /var/log/pods/monitoring_kube-prometheus-stack-prometheus-node-exporter-h442l_7627e5da-0717-4488-8ce1-c0e3cb456fc1/node-exporter/0.log
├── kube-proxy-z9l58_kube-system_kube-proxy-c8a65c0d7d4f876e3eec50f7adcd3a349af990918e6affddc365e25ecfc58265.log -> /var/log/pods/kube-system_kube-proxy-z9l58_143e79b7-03d1-4bc9-af70-4e316835bebb/kube-proxy/0.log
├── nginx-7c94c9bdcb-9g66b_default_nginx-caae567c481a991fbfc88920be6f7ad4b747d7157917de3f84861f2e4f9214d1.log -> /var/log/pods/default_nginx-7c94c9bdcb-9g66b_cfa0d8d5-8e43-4b49-8cac-2467feac7430/nginx/0.log
├── nginx-7c94c9bdcb-9g66b_default_preserve-logs-symlinks-05070e719f8e24ce045ecb8acafe47cd184eefaa68e42b7d929232b8f91c9093.log -> /var/log/pods/default_nginx-7c94c9bdcb-9g66b_cfa0d8d5-8e43-4b49-8cac-2467feac7430/preserve-logs-symlinks/0.log
├── productpage-v1-dffc47f64-t8bs9_default_productpage-a045f8233a3098e7bb02b6487751f7a2780ed628233317d1c45fa22103ecfebe.log -> /var/log/pods/default_productpage-v1-dffc47f64-t8bs9_82e8306c-9a93-42ad-a5c8-6b7960291bed/productpage/0.log
└── reviews-v1-5c4d6d447c-7b69s_default_reviews-a0c4cb095ac797334d9f33a2d5cfac40849e1aae7099f760d8fde06aa8cf29e3.log -> /var/log/pods/default_reviews-v1-5c4d6d447c-7b69s_440483a1-6ed2-4f1b-825c-73b5ba45393c/reviews/0.log

0 directories, 24 files

>>>>> 43.200.163.0 <<<<<
/var/log/containers
├── aws-node-p4v96_kube-system_aws-eks-nodeagent-29c619954bdcd1b8e8fe69944adc0a11efea521f7af573163f02e141836fdff8.log -> /var/log/pods/kube-system_aws-node-p4v96_c7f74999-0576-407f-8bb6-7363e257d07c/aws-eks-nodeagent/0.log
├── aws-node-p4v96_kube-system_aws-node-055f423d886edae30761d2c3cb3e0e6180947dcffa411525d1aadaaa1adff9a5.log -> /var/log/pods/kube-system_aws-node-p4v96_c7f74999-0576-407f-8bb6-7363e257d07c/aws-node/0.log
├── aws-node-p4v96_kube-system_aws-vpc-cni-init-4ad0fce252c9c30b0572d945e8f7bf9fd3e25ecf52a7ea7e92ddc4c24c081c4a.log -> /var/log/pods/kube-system_aws-node-p4v96_c7f74999-0576-407f-8bb6-7363e257d07c/aws-vpc-cni-init/0.log
├── cloudwatch-agent-87hnx_amazon-cloudwatch_otc-container-3970ce7ea4baccdfc1509e8f49e0a3bc647fe21be59ea60d25115d78df641de4.log -> /var/log/pods/amazon-cloudwatch_cloudwatch-agent-87hnx_97bb652a-8c32-42fb-a36b-f4c82301ca39/otc-container/0.log
├── coredns-86f5954566-d6vwh_kube-system_coredns-47afd8adff91e102d81a8465187fa4142b5974a191adb3a66bee6a571c6ae410.log -> /var/log/pods/kube-system_coredns-86f5954566-d6vwh_44a7e298-9a71-45c3-b013-78fd714dc910/coredns/0.log
├── ebs-csi-node-gdh58_kube-system_ebs-plugin-aadf0d58897fb5be64696bcea86e2069121224357deb2945b7d2209a712a6b92.log -> /var/log/pods/kube-system_ebs-csi-node-gdh58_125250cb-6169-4d7f-a67e-48f7a1dad6ef/ebs-plugin/0.log
├── ebs-csi-node-gdh58_kube-system_liveness-probe-bd1fe3ce30be5008c7d12090f240b8bb11b2688c6b1837344df1a8f5bd894c42.log -> /var/log/pods/kube-system_ebs-csi-node-gdh58_125250cb-6169-4d7f-a67e-48f7a1dad6ef/liveness-probe/0.log
├── ebs-csi-node-gdh58_kube-system_node-driver-registrar-0d2ae3e69caf9b791f1792fafa95b508d879e6e9bf1f667e6bd789db90c48076.log -> /var/log/pods/kube-system_ebs-csi-node-gdh58_125250cb-6169-4d7f-a67e-48f7a1dad6ef/node-driver-registrar/0.log
├── fluent-bit-8264s_amazon-cloudwatch_fluent-bit-acfa337b0c7ed38f64db47b027408a27f82f5857c23a2a518ba476b9052c6479.log -> /var/log/pods/amazon-cloudwatch_fluent-bit-8264s_956023fe-06a8-43b7-87f9-eaa5b3ebf6ed/fluent-bit/0.log
├── kube-prometheus-stack-kube-state-metrics-5dbfbd4b9-jgnqz_monitoring_kube-state-metrics-d936a02626be02bd153b9335309bdc58635eff941ad0a44024f62b227ae8a4d3.log -> /var/log/pods/monitoring_kube-prometheus-stack-kube-state-metrics-5dbfbd4b9-jgnqz_c3c88c9a-e333-45cc-94f3-17d463c1f6b5/kube-state-metrics/0.log
├── kube-prometheus-stack-operator-76bdd654bf-st47m_monitoring_kube-prometheus-stack-920d8607cf65582926adda2de88a16c8bfd2497bf9a6e95b36a420ce070d23ba.log -> /var/log/pods/monitoring_kube-prometheus-stack-operator-76bdd654bf-st47m_4ddc004c-c404-4afd-87e0-5b20c6658f4a/kube-prometheus-stack/0.log
├── kube-prometheus-stack-prometheus-node-exporter-kcpsg_monitoring_node-exporter-c55ed57dc100621c8862329c5ef6706661be5911e70543edec5d1e8f23440d10.log -> /var/log/pods/monitoring_kube-prometheus-stack-prometheus-node-exporter-kcpsg_8a6a5dd7-a90b-4b52-a9c0-0be029e6a60e/node-exporter/0.log
├── kube-proxy-s6tdr_kube-system_kube-proxy-e9f14023b1fa22b7635908d1f4f0a281ef488fdd505596a1b0c6fc6197f50bd0.log -> /var/log/pods/kube-system_kube-proxy-s6tdr_73fab99f-ca37-4889-bde3-41edd1bdb6e9/kube-proxy/0.log
├── metrics-server-6bf5998d9c-c8tbf_kube-system_metrics-server-11c9d62da3624469d83d05266914f32cb6eac70257e95fc25d7bd475155fb996.log -> /var/log/pods/kube-system_metrics-server-6bf5998d9c-c8tbf_438a7a99-9cdc-4162-a997-8079928f224e/metrics-server/0.log
├── metrics-server-6bf5998d9c-tftq9_kube-system_metrics-server-0ceb1cf3e114275f884451369ee24c7e6c0cd2a28cd32bd4eeece8a12a5feaf0.log -> /var/log/pods/kube-system_metrics-server-6bf5998d9c-tftq9_8079e24b-42c0-4f1d-9fe2-7ca81b85cef1/metrics-server/0.log
├── prometheus-kube-prometheus-stack-prometheus-0_monitoring_config-reloader-8d13b28d34f56a4929f1fb83781191d2a49f3a8b27e994e2a9d69ce2af86536e.log -> /var/log/pods/monitoring_prometheus-kube-prometheus-stack-prometheus-0_8ea36b37-436c-44d4-abee-8b9a013dc06e/config-reloader/0.log
├── prometheus-kube-prometheus-stack-prometheus-0_monitoring_init-config-reloader-f3b7bc42e009d5ea5c0c765da46c9a3176dea606e3f019403d4483a5a916bc90.log -> /var/log/pods/monitoring_prometheus-kube-prometheus-stack-prometheus-0_8ea36b37-436c-44d4-abee-8b9a013dc06e/init-config-reloader/0.log
├── prometheus-kube-prometheus-stack-prometheus-0_monitoring_prometheus-088bda24f30d1af1650405f1a411b15bb947f59868da68f56ac55f555fd8b3ea.log -> /var/log/pods/monitoring_prometheus-kube-prometheus-stack-prometheus-0_8ea36b37-436c-44d4-abee-8b9a013dc06e/prometheus/0.log
└── reviews-v3-f68f94645-nsbl8_default_reviews-783c91ace3e5873f33437ffa59ce1f210580e599d287b3cf725eced6386ca915.log -> /var/log/pods/default_reviews-v3-f68f94645-nsbl8_8cebd5e6-30ac-428f-b7d8-b694a2dd1e3a/reviews/0.log

0 directories, 19 files

(2) host 로그 소스(Logs from /var/log/dmesg, /var/log/secure, and /var/log/messages), 노드(호스트) 로그

for node in $N1 $N2 $N3; do echo ">>>>> $node <<<<<"; ssh ec2-user@$node sudo tree /var/log/ -L 1; echo; done

✅ 출력

>>>>> 15.164.227.37 <<<<<
/var/log/
├── README -> ../../usr/share/doc/systemd/README.logs
├── amazon
├── audit
├── aws-routed-eni
├── btmp
├── chrony
├── cloud-init-output.log
├── cloud-init.log
├── containers
├── dmesg
├── dnf.librepo.log
├── dnf.log
├── dnf.rpm.log
├── hawkey.log
├── journal
├── lastlog
├── pods
├── private
├── sa
├── tallylog
└── wtmp

10 directories, 11 files

>>>>> 3.38.205.159 <<<<<
/var/log/
├── README -> ../../usr/share/doc/systemd/README.logs
├── amazon
├── audit
├── aws-routed-eni
├── btmp
├── chrony
├── cloud-init-output.log
├── cloud-init.log
├── containers
├── dmesg
├── dnf.librepo.log
├── dnf.log
├── dnf.rpm.log
├── hawkey.log
├── journal
├── lastlog
├── pods
├── private
├── sa
├── tallylog
└── wtmp

10 directories, 11 files

>>>>> 43.200.163.0 <<<<<
/var/log/
├── README -> ../../usr/share/doc/systemd/README.logs
├── amazon
├── audit
├── aws-routed-eni
├── btmp
├── chrony
├── cloud-init-output.log
├── cloud-init.log
├── containers
├── dmesg
├── dnf.librepo.log
├── dnf.log
├── dnf.rpm.log
├── hawkey.log
├── journal
├── lastlog
├── pods
├── private
├── sa
├── tallylog
└── wtmp

10 directories, 11 files

(3) dataplane 로그 소스(/var/log/journal for kubelet.service, kubeproxy.service, and docker.service), 쿠버네티스 데이터플레인 로그

for node in $N1 $N2 $N3; do echo ">>>>> $node <<<<<"; ssh ec2-user@$node sudo tree /var/log/journal -L 1; echo; done

✅ 출력

>>>>> 15.164.227.37 <<<<<
/var/log/journal
├── ec22753c501541d270d53e1cc6b319a7
└── ec290d14e0f34366b2d3f2ea33b06253

2 directories, 0 files

>>>>> 3.38.205.159 <<<<<
/var/log/journal
├── ec22753c501541d270d53e1cc6b319a7
└── ec23b4795af458cac1beebec40e88e9b

2 directories, 0 files

>>>>> 43.200.163.0 <<<<<
/var/log/journal
├── ec203a98663eebbcd25282168fa4a01d
└── ec22753c501541d270d53e1cc6b319a7

2 directories, 0 files

7. cloudwatch-agent 설정 확인

kubectl describe cm cloudwatch-agent -n amazon-cloudwatch

✅ 출력

Name:         cloudwatch-agent
Namespace:    amazon-cloudwatch
Labels:       app.kubernetes.io/component=amazon-cloudwatch-agent
              app.kubernetes.io/instance=amazon-cloudwatch.cloudwatch-agent
              app.kubernetes.io/managed-by=amazon-cloudwatch-agent-operator
              app.kubernetes.io/name=cloudwatch-agent
              app.kubernetes.io/part-of=amazon-cloudwatch-agent
              app.kubernetes.io/version=1.300052.0b1024
Annotations:  <none>

Data
====
cwagentconfig.json:
----
{"agent":{"region":"ap-northeast-2"},"logs":{"metrics_collected":{"application_signals":{"hosted_in":"myeks"},"kubernetes":{"cluster_name":"myeks","enhanced_container_insights":true}}},"traces":{"traces_collected":{"application_signals":{}}}}

BinaryData
====

Events:  <none>

8. cloudwatch-agent 데몬셋 상세 조회

kubectl describe -n amazon-cloudwatch ds cloudwatch-agent

✅ 출력

Name:           cloudwatch-agent
Selector:       app.kubernetes.io/component=amazon-cloudwatch-agent,app.kubernetes.io/instance=amazon-cloudwatch.cloudwatch-agent,app.kubernetes.io/managed-by=amazon-cloudwatch-agent-operator,app.kubernetes.io/part-of=amazon-cloudwatch-agent
Node-Selector:  kubernetes.io/os=linux
Labels:         app.kubernetes.io/component=amazon-cloudwatch-agent
                app.kubernetes.io/instance=amazon-cloudwatch.cloudwatch-agent
                app.kubernetes.io/managed-by=amazon-cloudwatch-agent-operator
                app.kubernetes.io/name=cloudwatch-agent
                app.kubernetes.io/part-of=amazon-cloudwatch-agent
                app.kubernetes.io/version=1.300052.0b1024
Annotations:    amazon-cloudwatch-agent-operator-config/sha256: f76363aaebaaaa494aa0e7edfc9a2329b93ab3e4ad302f54e8e3e2a284dbef1c
                deprecated.daemonset.template.generation: 1
                prometheus.io/path: /metrics
                prometheus.io/port: 8888
                prometheus.io/scrape: true
Desired Number of Nodes Scheduled: 3
Current Number of Nodes Scheduled: 3
Number of Nodes Scheduled with Up-to-date Pods: 3
Number of Nodes Scheduled with Available Pods: 3
Number of Nodes Misscheduled: 0
Pods Status:  3 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:           app.kubernetes.io/component=amazon-cloudwatch-agent
                    app.kubernetes.io/instance=amazon-cloudwatch.cloudwatch-agent
                    app.kubernetes.io/managed-by=amazon-cloudwatch-agent-operator
                    app.kubernetes.io/name=cloudwatch-agent
                    app.kubernetes.io/part-of=amazon-cloudwatch-agent
                    app.kubernetes.io/version=1.300052.0b1024
  Annotations:      amazon-cloudwatch-agent-operator-config/sha256: f76363aaebaaaa494aa0e7edfc9a2329b93ab3e4ad302f54e8e3e2a284dbef1c
                    prometheus.io/path: /metrics
                    prometheus.io/port: 8888
                    prometheus.io/scrape: true
  Service Account:  cloudwatch-agent
  Containers:
   otc-container:
    Image:       602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/eks/observability/cloudwatch-agent:1.300052.0b1024
    Ports:       4315/TCP, 4316/TCP, 2000/TCP, 4311/TCP
    Host Ports:  0/TCP, 0/TCP, 0/TCP, 0/TCP
    Limits:
      cpu:     500m
      memory:  512Mi
    Requests:
      cpu:     250m
      memory:  128Mi
    Environment:
      K8S_NODE_NAME:   (v1:spec.nodeName)
      HOST_IP:         (v1:status.hostIP)
      HOST_NAME:       (v1:spec.nodeName)
      K8S_NAMESPACE:   (v1:metadata.namespace)
      POD_NAME:        (v1:metadata.name)
    Mounts:
      /dev/disk from devdisk (ro)
      /etc/amazon-cloudwatch-observability-agent-cert from agenttls (ro)
      /etc/amazon-cloudwatch-observability-agent-client-cert from agentclienttls (ro)
      /etc/amazon-cloudwatch-observability-agent-server-cert from agentservertls (ro)
      /etc/cwagentconfig from otc-internal (rw)
      /rootfs from rootfs (ro)
      /run/containerd/containerd.sock from containerdsock (rw)
      /sys from sys (ro)
      /var/lib/docker from varlibdocker (ro)
      /var/lib/kubelet/pod-resources from kubelet-podresources (rw)
      /var/run/docker.sock from dockersock (ro)
  Volumes:
   otc-internal:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      cloudwatch-agent
    Optional:  false
   kubelet-podresources:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/kubelet/pod-resources
    HostPathType:  Directory
   rootfs:
    Type:          HostPath (bare host directory volume)
    Path:          /
    HostPathType:  
   dockersock:
    Type:          HostPath (bare host directory volume)
    Path:          /var/run/docker.sock
    HostPathType:  
   varlibdocker:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker
    HostPathType:  
   containerdsock:
    Type:          HostPath (bare host directory volume)
    Path:          /run/containerd/containerd.sock
    HostPathType:  
   sys:
    Type:          HostPath (bare host directory volume)
    Path:          /sys
    HostPathType:  
   devdisk:
    Type:          HostPath (bare host directory volume)
    Path:          /dev/disk/
    HostPathType:  
   agenttls:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  amazon-cloudwatch-observability-agent-cert
    Optional:    false
   agentclienttls:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  amazon-cloudwatch-observability-agent-client-cert
    Optional:    false
   agentservertls:
    Type:               Secret (a volume populated by a Secret)
    SecretName:         amazon-cloudwatch-observability-agent-server-cert
    Optional:           false
  Priority Class Name:  system-node-critical
  Node-Selectors:       kubernetes.io/os=linux
  Tolerations:          op=Exists
Events:
  Type    Reason            Age   From                  Message
  ----    ------            ----  ----                  -------
  Normal  SuccessfulCreate  50m   daemonset-controller  Created pod: cloudwatch-agent-87hnx
  Normal  SuccessfulCreate  50m   daemonset-controller  Created pod: cloudwatch-agent-h6rpg
  Normal  SuccessfulCreate  50m   daemonset-controller  Created pod: cloudwatch-agent-kfwzk

9. Fluent Bit 로그 INPUT/FILTER/OUTPUT 설정 확인

kubectl describe cm fluent-bit-config -n amazon-cloudwatch

✅ 출력

Name:         fluent-bit-config
Namespace:    amazon-cloudwatch
Labels:       k8s-app=fluent-bit
Annotations:  <none>

Data
====
application-log.conf:
----
[INPUT]
  Name                tail
  Tag                 application.*
  Exclude_Path        /var/log/containers/cloudwatch-agent*, /var/log/containers/fluent-bit*, /var/log/containers/aws-node*, /var/log/containers/kube-proxy*
  Path                /var/log/containers/*.log
  multiline.parser    docker, cri
  DB                  /var/fluent-bit/state/flb_container.db
  Mem_Buf_Limit       50MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Rotate_Wait         30
  storage.type        filesystem
  Read_from_Head      ${READ_FROM_HEAD}

[INPUT]
  Name                tail
  Tag                 application.*
  Path                /var/log/containers/fluent-bit*
  multiline.parser    docker, cri
  DB                  /var/fluent-bit/state/flb_log.db
  Mem_Buf_Limit       5MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Read_from_Head      ${READ_FROM_HEAD}

[INPUT]
  Name                tail
  Tag                 application.*
  Path                /var/log/containers/cloudwatch-agent*
  multiline.parser    docker, cri
  DB                  /var/fluent-bit/state/flb_cwagent.db
  Mem_Buf_Limit       5MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Read_from_Head      ${READ_FROM_HEAD}

[FILTER]
  Name                aws
  Match               application.*
  az                  false
  ec2_instance_id     false
  Enable_Entity       true

[FILTER]
  Name                kubernetes
  Match               application.*
  Kube_URL            https://kubernetes.default.svc:443
  Kube_Tag_Prefix     application.var.log.containers.
  Merge_Log           On
  Merge_Log_Key       log_processed
  K8S-Logging.Parser  On
  K8S-Logging.Exclude Off
  Labels              Off
  Annotations         Off
  Use_Kubelet         On
  Kubelet_Port        10250
  Buffer_Size         0
  Use_Pod_Association On

[OUTPUT]
  Name                cloudwatch_logs
  Match               application.*
  region              ${AWS_REGION}
  log_group_name      /aws/containerinsights/${CLUSTER_NAME}/application
  log_stream_prefix   ${HOST_NAME}-
  auto_create_group   true
  extra_user_agent    container-insights
  add_entity          true

dataplane-log.conf:
----
[INPUT]
  Name                systemd
  Tag                 dataplane.systemd.*
  Systemd_Filter      _SYSTEMD_UNIT=docker.service
  Systemd_Filter      _SYSTEMD_UNIT=containerd.service
  Systemd_Filter      _SYSTEMD_UNIT=kubelet.service
  DB                  /var/fluent-bit/state/systemd.db
  Path                /var/log/journal
  Read_From_Tail      ${READ_FROM_TAIL}

[INPUT]
  Name                tail
  Tag                 dataplane.tail.*
  Path                /var/log/containers/aws-node*, /var/log/containers/kube-proxy*
  multiline.parser    docker, cri
  DB                  /var/fluent-bit/state/flb_dataplane_tail.db
  Mem_Buf_Limit       50MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Rotate_Wait         30
  storage.type        filesystem
  Read_from_Head      ${READ_FROM_HEAD}

[FILTER]
  Name                modify
  Match               dataplane.systemd.*
  Rename              _HOSTNAME                   hostname
  Rename              _SYSTEMD_UNIT               systemd_unit
  Rename              MESSAGE                     message
  Remove_regex        ^((?!hostname|systemd_unit|message).)*$

[FILTER]
  Name                aws
  Match               dataplane.*
  imds_version        v2

[OUTPUT]
  Name                cloudwatch_logs
  Match               dataplane.*
  region              ${AWS_REGION}
  log_group_name      /aws/containerinsights/${CLUSTER_NAME}/dataplane
  log_stream_prefix   ${HOST_NAME}-
  auto_create_group   true
  extra_user_agent    container-insights

fluent-bit.conf:
----
[SERVICE]
  Flush                     5
  Grace                     30
  Log_Level                 error
  Daemon                    off
  Parsers_File              parsers.conf
  storage.path              /var/fluent-bit/state/flb-storage/
  storage.sync              normal
  storage.checksum          off
  storage.backlog.mem_limit 5M

@INCLUDE application-log.conf
@INCLUDE dataplane-log.conf
@INCLUDE host-log.conf

host-log.conf:
----
[INPUT]
  Name                tail
  Tag                 host.dmesg
  Path                /var/log/dmesg
  Key                 message
  DB                  /var/fluent-bit/state/flb_dmesg.db
  Mem_Buf_Limit       5MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Read_from_Head      ${READ_FROM_HEAD}

[INPUT]
  Name                tail
  Tag                 host.messages
  Path                /var/log/messages
  Parser              syslog
  DB                  /var/fluent-bit/state/flb_messages.db
  Mem_Buf_Limit       5MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Read_from_Head      ${READ_FROM_HEAD}

[INPUT]
  Name                tail
  Tag                 host.secure
  Path                /var/log/secure
  Parser              syslog
  DB                  /var/fluent-bit/state/flb_secure.db
  Mem_Buf_Limit       5MB
  Skip_Long_Lines     On
  Refresh_Interval    10
  Read_from_Head      ${READ_FROM_HEAD}

[FILTER]
  Name                aws
  Match               host.*
  imds_version        v2

[OUTPUT]
  Name                cloudwatch_logs
  Match               host.*
  region              ${AWS_REGION}
  log_group_name      /aws/containerinsights/${CLUSTER_NAME}/host
  log_stream_prefix   ${HOST_NAME}.
  auto_create_group   true
  extra_user_agent    container-insights

parsers.conf:
----
[PARSER]
  Name                syslog
  Format              regex
  Regex               ^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
  Time_Key            time
  Time_Format         %b %d %H:%M:%S

[PARSER]
  Name                container_firstline
  Format              regex
  Regex               (?<log>(?<="log":")\S(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=})
  Time_Key            time
  Time_Format         %Y-%m-%dT%H:%M:%S.%LZ

[PARSER]
  Name                cwagent_firstline
  Format              regex
  Regex               (?<log>(?<="log":")\d{4}[\/-]\d{1,2}[\/-]\d{1,2}[ T]\d{2}:\d{2}:\d{2}(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=})
  Time_Key            time
  Time_Format         %Y-%m-%dT%H:%M:%S.%LZ

BinaryData
====

Events:  <none>

• Path에 지정된 경로가 로그 수집 대상임

10. Fluent Bit 파드 로그 수집: HostPath 볼륨 확인

kubectl describe -n amazon-cloudwatch ds fluent-bit

✅ 출력

Name:           fluent-bit
Selector:       k8s-app=fluent-bit
Node-Selector:  kubernetes.io/os=linux
Labels:         k8s-app=fluent-bit
                kubernetes.io/cluster-service=true
                version=v1
Annotations:    deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 3
Current Number of Nodes Scheduled: 3
Number of Nodes Scheduled with Up-to-date Pods: 3
Number of Nodes Scheduled with Available Pods: 3
Number of Nodes Misscheduled: 0
Pods Status:  3 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:           k8s-app=fluent-bit
                    kubernetes.io/cluster-service=true
                    version=v1
  Annotations:      checksum/config: 343bfdc4f6cc519ad04fcf86e8ed75b5adb1dbbf7352093d37c3acbdc05bdd69
  Service Account:  cloudwatch-agent
  Containers:
   fluent-bit:
    Image:      602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/eks/observability/aws-for-fluent-bit:2.32.5
    Port:       <none>
    Host Port:  <none>
    Limits:
      cpu:     500m
      memory:  250Mi
    Requests:
      cpu:     50m
      memory:  25Mi
    Environment:
      AWS_REGION:      ap-northeast-2
      CLUSTER_NAME:    myeks
      READ_FROM_HEAD:  Off
      READ_FROM_TAIL:  On
      HOST_NAME:        (v1:spec.nodeName)
      HOSTNAME:         (v1:metadata.name)
      CI_VERSION:      k8s/1.3.17
    Mounts:
      /etc/amazon-cloudwatch-observability-agent-client-cert from agentclienttls (ro)
      /etc/amazon-cloudwatch-observability-agent-server-cert from agentservertls (ro)
      /fluent-bit/etc/ from fluent-bit-config (rw)
      /run/log/journal from runlogjournal (ro)
      /var/fluent-bit/state from fluentbitstate (rw)
      /var/lib/docker/containers from varlibdockercontainers (ro)
      /var/log from varlog (ro)
      /var/log/dmesg from dmesg (ro)
  Volumes:
   fluentbitstate:
    Type:          HostPath (bare host directory volume)
    Path:          /var/fluent-bit/state
    HostPathType:  
   varlog:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log
    HostPathType:  
   varlibdockercontainers:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker/containers
    HostPathType:  
   fluent-bit-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      fluent-bit-config
    Optional:  false
   runlogjournal:
    Type:          HostPath (bare host directory volume)
    Path:          /run/log/journal
    HostPathType:  
   dmesg:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log/dmesg
    HostPathType:  
   agentclienttls:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  amazon-cloudwatch-observability-agent-client-cert
    Optional:    false
   agentservertls:
    Type:               Secret (a volume populated by a Secret)
    SecretName:         amazon-cloudwatch-observability-agent-server-cert
    Optional:           false
  Priority Class Name:  system-node-critical
  Node-Selectors:       kubernetes.io/os=linux
  Tolerations:          op=Exists
Events:                 <none>

11. CloudWatch 로그 그룹 구성

• CloudWatch에 3가지 로그 그룹이 생성됨: application, dataplane, performance

• application 로그 그룹

• dataplane 로그 그룹
• 노드가 3개이므로, 3개의 개별 로그 정보가 확인됨

• Syncing iptables Rules
• iptables 규칙 동기화 로그를 확인할 수 있음

• performance 로그 그룹

12. 운영 서버 EC2 로그 확인

(1) httpd 설치

(eks-user@myeks:default) [root@operator-host ~]# yum install -y httpd

✅ 출력

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                       | 3.6 kB     00:00     
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.62-1.amzn2.0.2 will be installed
--> Processing Dependency: httpd-filesystem = 2.4.62-1.amzn2.0.2 for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: httpd-tools = 2.4.62-1.amzn2.0.2 for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: httpd-filesystem for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: mod_http2 for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: system-logos-httpd for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.62-1.amzn2.0.2.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.7.2-1.amzn2.0.1 will be installed
---> Package apr-util.x86_64 0:1.6.3-1.amzn2.0.1 will be installed
--> Processing Dependency: apr-util-bdb(x86-64) = 1.6.3-1.amzn2.0.1 for package: apr-util-1.6.3-1.amzn2.0.1.x86_64
---> Package generic-logos-httpd.noarch 0:18.0.0-4.amzn2 will be installed
---> Package httpd-filesystem.noarch 0:2.4.62-1.amzn2.0.2 will be installed
---> Package httpd-tools.x86_64 0:2.4.62-1.amzn2.0.2 will be installed
---> Package mailcap.noarch 0:2.1.41-2.amzn2 will be installed
---> Package mod_http2.x86_64 0:1.15.19-1.amzn2.0.2 will be installed
--> Running transaction check
---> Package apr-util-bdb.x86_64 0:1.6.3-1.amzn2.0.1 will be installed
--> Finished Dependency Resolution
...                          

Complete!

(2) Apache Bench 부하 테스트

• Apache Bench(ab) 도구를 사용해 30,000번의 요청 부하 테스트를 실행

(eks-user@myeks:default) [root@operator-host ~]# ab -c 500 -n 30000 https://nginx.$MyDomain/

✅ 출력

This is ApacheBench, Version 2.3 <$Revision: 1913912 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking nginx.gagajin.com (be patient)
Completed 3000 requests
Completed 6000 requests
Completed 9000 requests
Completed 12000 requests
Completed 15000 requests
Completed 18000 requests
Completed 21000 requests
Completed 24000 requests
Completed 27000 requests
Completed 30000 requests
Finished 30000 requests

Server Software:        nginx
Server Hostname:        nginx.gagajin.com
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
Server Temp Key:        ECDH P-256 256 bits
TLS Server Name:        nginx.gagajin.com

Document Path:          /
Document Length:        615 bytes

Concurrency Level:      500
Time taken for tests:   36.291 seconds
Complete requests:      30000
Failed requests:        0
Total transferred:      26100000 bytes
HTML transferred:       18450000 bytes
Requests per second:    826.66 [#/sec] (mean)
Time per request:       604.845 [ms] (mean)
Time per request:       1.210 [ms] (mean, across all concurrent requests)
Transfer rate:          702.34 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        8  569 172.0    559    1022
Processing:     5   30  37.5     14     223
Waiting:        3   22  24.7     12     218
Total:         60  599 177.1    606    1115

Percentage of the requests served within a certain time (ms)
  50%    606
  66%    699
  75%    729
  80%    751
  90%    816
  95%    878
  98%    974
  99%   1013
 100%   1115 (longest request)

(3) Nginx 로그 실시간 모니터링

(eks-user@myeks:default) [root@operator-host ~]# kubectl stern deploy/nginx
....
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
nginx-7c94c9bdcb-9g66b nginx 192.168.1.98 - - [26/Feb/2025:14:19:59 +0000] "GET / HTTP/1.1" 200 615 "-" "ApacheBench/2.3" "13.124.11.68"
...

(4) cloudWatch 로그그룹 확인

• application에서 nginx 검색
• nginx 관련로그의 user-agent가 ApacheBench인 것을 확인할 수 있었음

13. Logs Insights 확인

(1) application 로그 그룹

• 로그 그룹 선택 : /aws/containerinsights/<CLUSTER_NAME>/application
• 분석 예시 - 컨테이너별 애플리케이션 오류
• 컨테이너 이름별로, stderr 스트림에 기록된 오류 수를 집계하여 내림차순 정렬함

stats count() as error_count by kubernetes.container_name
| filter stream="stderr"
| sort error_count desc

(2) performance 로그 그룹

• 로그 그룹 선택 : /aws/containerinsights/<CLUSTER_NAME>/performance
• 분석 예시 - 노드별 평균 CPU 사용률
• 각 노드의 평균 CPU 사용률을 계산하여 내림차순 정렬함

STATS avg(node_cpu_utilization) as avg_node_cpu_utilization by NodeName
| SORT avg_node_cpu_utilization DESC

• 추가 분석 예시 - 요청된 Pod와 실행 중인 Pod 간 비교
• 각 Pod에서 요청된 컨테이너 수와 실제 실행 중인 컨테이너 수를 비교하여 부족한 Pod 수를 계산함

fields @timestamp, @message 
| sort @timestamp desc 
| filter Type="Pod" 
| stats min(pod_number_of_containers) as requested, min(pod_number_of_running_containers) as running, ceil(avg(pod_number_of_containers-pod_number_of_running_containers)) as pods_missing by kubernetes.pod_name 
| sort pods_missing desc

(3) Container Insights 대시보드

• 접근 방법: CloudWatch 콘솔 → Insights → Container Insights
• 분석 내용: 클러스터별, Pod별 CPU 사용률 등 다양한 리소스 정보를 시각화함

(4) Container map

(5) Container Insights

14. CloudWatch Container Observability 삭제

aws eks delete-addon --cluster-name $CLUSTER_NAME --addon-name amazon-cloudwatch-observability

✅ 출력

{
    "addon": {
        "addonName": "amazon-cloudwatch-observability",
        "clusterName": "myeks",
        "status": "DELETING",
        "addonVersion": "v3.3.1-eksbuild.1",
        "health": {
            "issues": []
        },
        "addonArn": "arn:aws:eks:ap-northeast-2:378102432899:addon/myeks/amazon-cloudwatch-observability/b8caa12a-714e-a4b9-05b5-a368820767bf",
        "createdAt": "2025-02-26T21:56:54.393000+09:00",
        "modifiedAt": "2025-02-26T23:44:23.726000+09:00",
        "serviceAccountRoleArn": "arn:aws:iam::378102432899:role/myeks-cloudwatch-agent-role",
        "tags": {}
    }
}

15. CloudWatch 로그 그룹 삭제

---

📊 프로메테우스 설치

1. 프로메테우스 다운로드

(eks-user@myeks:default) [root@operator-host ~]# wget https://github.com/prometheus/prometheus/releases/download/v3.2.0/prometheus-3.2.0.linux-amd64.tar.gz

✅ 출력

--2025-03-01 09:28:27--  https://github.com/prometheus/prometheus/releases/download/v3.2.0/prometheus-3.2.0.linux-amd64.tar.gz
Resolving github.com (github.com)... 20.200.245.247
Connecting to github.com (github.com)|20.200.245.247|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/6838921/ea79bd2f-216d-454e-8d68-b9093ea1bb3a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250301T002827Z&X-Amz-Expires=300&X-Amz-Signature=21dff9d3f7513db6d5054b11f86136d020903db8aadccee79da5407c67fa8583&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dprometheus-3.2.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2025-03-01 09:28:27--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/6838921/ea79bd2f-216d-454e-8d68-b9093ea1bb3a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250301T002827Z&X-Amz-Expires=300&X-Amz-Signature=21dff9d3f7513db6d5054b11f86136d020903db8aadccee79da5407c67fa8583&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dprometheus-3.2.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.110.133, 185.199.108.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 114163078 (109M) [application/octet-stream]
Saving to: ‘prometheus-3.2.0.linux-amd64.tar.gz’

100%[==============================>] 114,163,078 51.0MB/s   in 2.1s   

2025-03-01 09:28:30 (51.0 MB/s) - ‘prometheus-3.2.0.linux-amd64.tar.gz’ saved [114163078/114163078]

2. 압축 해제

(eks-user@myeks:default) [root@operator-host ~]# tar -xvf prometheus-3.2.0.linux-amd64.tar.gz
# 결과
prometheus-3.2.0.linux-amd64/
prometheus-3.2.0.linux-amd64/prometheus.yml
prometheus-3.2.0.linux-amd64/LICENSE
prometheus-3.2.0.linux-amd64/NOTICE
prometheus-3.2.0.linux-amd64/prometheus
prometheus-3.2.0.linux-amd64/promtool

(eks-user@myeks:default) [root@operator-host ~]# cd prometheus-3.2.0.linux-amd64
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# ls -l
total 285504
-rw-r--r-- 1 1001 docker     11357 Feb 18 04:00 LICENSE
-rw-r--r-- 1 1001 docker      3773 Feb 18 04:00 NOTICE
-rwxr-xr-x 1 1001 docker 150306663 Feb 18 03:44 prometheus
-rw-r--r-- 1 1001 docker       934 Feb 18 04:00 prometheus.yml
-rwxr-xr-x 1 1001 docker 142027433 Feb 18 03:45 promtool

3. 프로메테우스 설치 및 초기 구성

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# mv prometheus /usr/local/bin/
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# mv promtool /usr/local/bin/
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# mkdir -p /etc/prometheus /var/lib/prometheus
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# mv prometheus.yml /etc/prometheus/
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# cat /etc/prometheus/prometheus.yml
# my global config
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
    - static_configs:
        - targets:
          # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: "prometheus"

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
      - targets: ["localhost:9090"]

• 9090 포트가 열려 있어 해당 포트의 메트릭 데이터를 스크래핑함
• 스크래핑 대상(target)은 로컬호스트의 9090 포트이며, 이는 Prometheus 자체 메트릭을 의미함
• 이 스크래핑 작업은 “prometheus”라는 job으로 구분되어 있음
• 구성 파일(prometheus.yml)에서는 전역 설정(스크랩 및 평가 간격 15초)과 Alertmanager, 규칙 파일, 그리고 스크래핑 대상이 정의되어 있음

4. User 및 권한 설정

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# useradd --no-create-home --shell /sbin/nologin prometheus
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# chown -R prometheus:prometheus /etc/prometheus /var/lib/prometheus
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# chown prometheus:prometheus /usr/local/bin/prometheus /usr/local/bin/promtool

5. 프로메테우스 서비스 파일 생성

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# tee /etc/systemd/system/prometheus.service > /dev/null <<EOF
> [Unit]
> Description=Prometheus
> Wants=network-online.target
> After=network-online.target
> 
> [Service]
> User=prometheus
> Group=prometheus
> Type=simple
> ExecStart=/usr/local/bin/prometheus \
>   --config.file=/etc/prometheus/prometheus.yml \
>   --storage.tsdb.path=/var/lib/prometheus \
>   --web.listen-address=0.0.0.0:9090
> 
> [Install]
> WantedBy=multi-user.target
> EOF

6. 시스템 데몬 리로드 및 서비스 활성화

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# systemctl daemon-reload
(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# systemctl enable --now prometheus
Created symlink from /etc/systemd/system/multi-user.target.wants/prometheus.service to /etc/systemd/system/prometheus.service.

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# systemctl status prometheus
● prometheus.service - Prometheus
   Loaded: loaded (/etc/systemd/system/prometheus.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2025-03-01 09:48:32 KST; 184ms ago
 Main PID: 21312 (prometheus)
    Tasks: 8
   Memory: 15.4M
   CGroup: /system.slice/prometheus.service
           └─21312 /usr/local/bin/prometheus --config.file=/etc/prome...

Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4…ms
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4…ms
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Mar 01 09:48:32 operator-host prometheus[21312]: time=2025-03-01T00:4...
Hint: Some lines were ellipsized, use -l to show in full.

7. 네트워크 포트 상태 확인

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# ss -tnlp
State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port  Process                                                                 
LISTEN   0        128              0.0.0.0:111            0.0.0.0:*      users:(("rpcbind",pid=1718,fd=8))                                      
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=2363,fd=3))                                         
LISTEN   0        100            127.0.0.1:25             0.0.0.0:*      users:(("master",pid=2160,fd=13))                                      
LISTEN   0        128            127.0.0.1:46109          0.0.0.0:*      users:(("containerd",pid=2806,fd=9))                                   
LISTEN   0        128                 [::]:111               [::]:*      users:(("rpcbind",pid=1718,fd=11))                                     
LISTEN   0        128                 [::]:22                [::]:*      users:(("sshd",pid=2363,fd=4))                                         
LISTEN   0        128                    *:9090                 *:*      users:(("prometheus",pid=21312,fd=6))   

• Prometheus 프로세스가 0.0.0.0:9090에서 정상적으로 LISTEN 중임을 확인함

8. 프로메테우스 메트릭 조회

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# curl localhost:9090/metrics
...
prometheus_engine_query_duration_seconds{slice="inner_eval",quantile="0.5"} NaN
prometheus_engine_query_duration_seconds{slice="inner_eval",quantile="0.9"} NaN
prometheus_engine_query_duration_seconds{slice="inner_eval",quantile="0.99"} NaN
prometheus_engine_query_duration_seconds_sum{slice="inner_eval"} 0
prometheus_engine_query_duration_seconds_count{slice="inner_eval"} 0
prometheus_engine_query_duration_seconds{slice="prepare_time",quantile="0.5"} NaN
prometheus_engine_query_duration_seconds{slice="prepare_time",quantile="0.9"} NaN
prometheus_engine_query_duration_seconds{slice="prepare_time",quantile="0.99"} NaN
prometheus_engine_query_duration_seconds_sum{slice="prepare_time"} 0
prometheus_engine_query_duration_seconds_count{slice="prepare_time"} 0
prometheus_engine_query_duration_seconds{slice="queue_time",quantile="0.5"} NaN
prometheus_engine_query_duration_seconds{slice="queue_time",quantile="0.9"} NaN
prometheus_engine_query_duration_seconds{slice="queue_time",quantile="0.99"} NaN
prometheus_engine_query_duration_seconds_sum{slice="queue_time"} 0
prometheus_engine_query_duration_seconds_count{slice="queue_time"} 0
prometheus_engine_query_duration_seconds{slice="result_sort",quantile="0.5"} NaN
prometheus_engine_query_duration_seconds{slice="result_sort",quantile="0.9"} NaN
prometheus_engine_query_duration_seconds{slice="result_sort",quantile="0.99"} NaN
prometheus_engine_query_duration_seconds_sum{slice="result_sort"} 0
prometheus_engine_query_duration_seconds_count{slice="result_sort"} 0
...
promhttp_metric_handler_requests_total{code="200"} 8
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0

9. 프로메테우스 웹접속

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# echo -e "http://$(curl -s ipinfo.io/ip):9090"

✅ 출력

http://13.124.11.68:9090

• Status > Target health에서 "job=prometheus"로 등록된 엔드포인트가 정상임을 확인함

• Query 탭에서 다양한 메트릭(ex. prometheus_build_info)을 탐색하여 시스템 상태 및 성능 정보를 확인할 수 있음

---

🖥️ Node Exporter 설치

1. Node Exporter 최신버전 다운로드

(eks-user@myeks:default) [root@operator-host prometheus-3.2.0.linux-amd64]# cd ~
(eks-user@myeks:default) [root@operator-host ~]# wget https://github.com/prometheus/node_exporter/releases/download/v1.9.0/node_exporter-1.9.0.linux-amd64.tar.gz
# 결과
--2025-03-01 10:12:16--  https://github.com/prometheus/node_exporter/releases/download/v1.9.0/node_exporter-1.9.0.linux-amd64.tar.gz
Resolving github.com (github.com)... 20.200.245.247
Connecting to github.com (github.com)|20.200.245.247|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/9524057/c181ae2d-a1b3-4bac-883f-2a071c7ba341?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250301T011216Z&X-Amz-Expires=300&X-Amz-Signature=4dfa054b7bea1d228763e4611ccb54632f7a3d23a5ae551ddc93f7ba3fac4cd1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dnode_exporter-1.9.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2025-03-01 10:12:16--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/9524057/c181ae2d-a1b3-4bac-883f-2a071c7ba341?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250301T011216Z&X-Amz-Expires=300&X-Amz-Signature=4dfa054b7bea1d228763e4611ccb54632f7a3d23a5ae551ddc93f7ba3fac4cd1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dnode_exporter-1.9.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11569068 (11M) [application/octet-stream]
Saving to: ‘node_exporter-1.9.0.linux-amd64.tar.gz’

100%[==============================>] 11,569,068  42.1MB/s   in 0.3s   

2025-03-01 10:12:18 (42.1 MB/s) - ‘node_exporter-1.9.0.linux-amd64.tar.gz’ saved [11569068/11569068]

2. 압축 해제

(eks-user@myeks:default) [root@operator-host ~]# tar xvfz node_exporter-1.9.0.linux-amd64.tar.gz
# 결과
node_exporter-1.9.0.linux-amd64/
node_exporter-1.9.0.linux-amd64/LICENSE
node_exporter-1.9.0.linux-amd64/NOTICE
node_exporter-1.9.0.linux-amd64/node_exporter

3. 바이너리 복사

(eks-user@myeks:default) [root@operator-host ~]# cd node_exporter-1.9.0.linux-amd64
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# cp node_exporter /usr/local/bin/

4. 사용자 및 권한 설정

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# groupadd -f node_exporter
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# useradd -g node_exporter --no-create-home --shell /sbin/nologin node_exporter
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# chown node_exporter:node_exporter /usr/local/bin/node_exporter

5. systemd 서비스 파일 생성 및 서비스 실행

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# tee /etc/systemd/system/node_exporter.service > /dev/null <<EOF
> [Unit]
> Description=Node Exporter
> Documentation=https://prometheus.io/docs/guides/node-exporter/
> Wants=network-online.target
> After=network-online.target
> 
> [Service]
> User=node_exporter
> Group=node_exporter
> Type=simple
> Restart=on-failure
> ExecStart=/usr/local/bin/node_exporter \
>   --web.listen-address=:9200
> 
> [Install]
> WantedBy=multi-user.target
> EOF

6. 서비스 활성화 및 상태 확인

(1) 시스템 데몬을 리로드한 후, Node Exporter 서비스 활성화

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# systemctl daemon-reload
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# systemctl enable --now node_exporter
# 결과
Created symlink from /etc/systemd/system/multi-user.target.wants/node_exporter.service to /etc/systemd/system/node_exporter.service.

(2) Node Exporter 상태 확인

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# systemctl status node_exporter

✅ 출력

● node_exporter.service - Node Exporter
   Loaded: loaded (/etc/systemd/system/node_exporter.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2025-03-01 10:17:08 KST; 192ms ago
     Docs: https://prometheus.io/docs/guides/node-exporter/
 Main PID: 22042 (node_exporter)
    Tasks: 4
   Memory: 2.2M
   CGroup: /system.slice/node_exporter.service
           └─22042 /usr/local/bin/node_exporter --web.listen-address=...

Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Mar 01 10:17:08 operator-host node_exporter[22042]: time=2025-03-01T0...
Hint: Some lines were ellipsized, use -l to show in full.

(3) 포트 확인

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# ss -tnlp   

✅ 출력

State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port  Process                                                                 
LISTEN   0        128              0.0.0.0:111            0.0.0.0:*      users:(("rpcbind",pid=1718,fd=8))                                      
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=2363,fd=3))                                         
LISTEN   0        100            127.0.0.1:25             0.0.0.0:*      users:(("master",pid=2160,fd=13))                                      
LISTEN   0        128            127.0.0.1:46109          0.0.0.0:*      users:(("containerd",pid=2806,fd=9))                                   
LISTEN   0        128                 [::]:111               [::]:*      users:(("rpcbind",pid=1718,fd=11))                                     
LISTEN   0        128                    *:9200                 *:*      users:(("node_exporter",pid=22042,fd=3))                               
LISTEN   0        128                 [::]:22                [::]:*      users:(("sshd",pid=2363,fd=4))                                         
LISTEN   0        128                    *:9090                 *:*      users:(("prometheus",pid=21312,fd=6)) 

• 9200 포트가 Node Exporter 프로세스에 의해 LISTEN 중임을 확인함

7. Node Exporter 메트릭 확인

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# curl localhost:9200/metrics

✅ 출력

# HELP go_gc_duration_seconds A summary of the wall-time pause (stop-the-world) duration in garbage collection cycles.
# TYPE go_gc_duration_seconds summary
...
node_scrape_collector_duration_seconds{collector="hwmon"} 7.93e-06
node_scrape_collector_duration_seconds{collector="infiniband"} 2.0005e-05
node_scrape_collector_duration_seconds{collector="ipvs"} 2.2186e-05
node_scrape_collector_duration_seconds{collector="loadavg"} 2.8009e-05
node_scrape_collector_duration_seconds{collector="mdadm"} 4.2583e-05
node_scrape_collector_duration_seconds{collector="meminfo"} 0.000220746
node_scrape_collector_duration_seconds{collector="netclass"} 0.003341259
node_scrape_collector_duration_seconds{collector="netdev"} 0.000211741
node_scrape_collector_duration_seconds{collector="netstat"} 0.001199888
node_scrape_collector_duration_seconds{collector="nfs"} 1.4731e-05
node_scrape_collector_duration_seconds{collector="nfsd"} 2.0009e-05
...
promhttp_metric_handler_requests_total{code="200"} 0
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0

• 프로메테우스 웹(http://13.124.11.68:9090/query)에서 “node”를 검색해도 결과가 나타나지 않음

• 이는 Node Exporter가 설치되어 있으나, 프로메테우스의 수집 대상(target)으로 등록되지 않았기 때문임

8. 프로메테우스 설정에 수집 대상 node_exporter 추가

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# cat << EOF >> /etc/prometheus/prometheus.yml
> 
>   - job_name: 'node_exporter'
>     static_configs:
>       - targets: ["127.0.0.1:9200"]
>         labels:
>           alias: 'myec2'
> EOF

• 프로메테우스 설정 파일에 ‘node_exporter’ job을 추가하고, static_config에서 타겟으로 [“127.0.0.1:9200”]을 지정함

9. 프로메테우스 데몬 재기동

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# systemctl restart prometheus.service
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# systemctl status prometheus

✅ 출력

● prometheus.service - Prometheus
   Loaded: loaded (/etc/systemd/system/prometheus.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2025-03-01 10:29:29 KST; 17s ago
 Main PID: 22319 (prometheus)
    Tasks: 7
   Memory: 24.0M
   CGroup: /system.slice/prometheus.service
           └─22319 /usr/local/bin/prometheus --config.file=/etc/prome...

Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2…ms
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2…ms
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Mar 01 10:29:29 operator-host prometheus[22319]: time=2025-03-01T01:2...
Hint: Some lines were ellipsized, use -l to show in full.

10. 프로메테우스 웹 새로고침

• node_exporter가 UP 상태로 표시됨
• static 타겟 관리 방식은 매번 수동으로 수정해야 하는 불편함이 있음

• node 관련 메트릭(ex. node_disk_read_bytes_total 등) 조회 가능함

---

📊 프로메테우스-스택 설치

1. Helm 저장소 등록

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
# 결과
"prometheus-community" already exists with the same configuration, skipping

2. 파라미터 파일 생성

cat <<EOT > monitor-values.yaml
prometheus:
  prometheusSpec:
    scrapeInterval: "15s"
    evaluationInterval: "15s"
    podMonitorSelectorNilUsesHelmValues: false
    serviceMonitorSelectorNilUsesHelmValues: false
    retention: 5d
    retentionSize: "10GiB"
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: gp3
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 30Gi

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - prometheus.$MyDomain
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

grafana:
  defaultDashboardsTimezone: Asia/Seoul
  adminPassword: prom-operator

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - grafana.$MyDomain
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

  persistence:
    enabled: true
    type: sts
    storageClassName: "gp3"
    accessModes:
      - ReadWriteOnce
    size: 20Gi

alertmanager:
  enabled: false
defaultRules:
  create: false
kubeControllerManager:
  enabled: false
kubeEtcd:
  enabled: false
kubeScheduler:
  enabled: false
prometheus-windows-exporter:
  prometheus:
    monitor:
      enabled: false
EOT

3. 파라미터 파일 조회

cat monitor-values.yaml

✅ 출력

prometheus:
  prometheusSpec:
    scrapeInterval: "15s"
    evaluationInterval: "15s"
    podMonitorSelectorNilUsesHelmValues: false
    serviceMonitorSelectorNilUsesHelmValues: false
    retention: 5d
    retentionSize: "10GiB"
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: gp3
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 30Gi

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - prometheus.gagajin.com
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

grafana:
  defaultDashboardsTimezone: Asia/Seoul
  adminPassword: prom-operator

  ingress:
    enabled: true
    ingressClassName: alb
    hosts: 
      - grafana.gagajin.com
    paths: 
      - /*
    annotations:
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:378102432899:certificate/f967e8ca-f0b5-471d-bbe4-bee231aeb32b
      alb.ingress.kubernetes.io/success-codes: 200-399
      alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb
      alb.ingress.kubernetes.io/group.name: study
      alb.ingress.kubernetes.io/ssl-redirect: '443'

  persistence:
    enabled: true
    type: sts
    storageClassName: "gp3"
    accessModes:
      - ReadWriteOnce
    size: 20Gi

alertmanager:
  enabled: false
defaultRules:
  create: false
kubeControllerManager:
  enabled: false
kubeEtcd:
  enabled: false
kubeScheduler:
  enabled: false
prometheus-windows-exporter:
  prometheus:
    monitor:
      enabled: false

4. 배포

helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 69.3.1 -f monitor-values.yaml --create-namespace --namespace monitoring
# 결과
NAME: kube-prometheus-stack
LAST DEPLOYED: Sat Mar  1 10:55:37 2025
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
NOTES:
kube-prometheus-stack has been installed. Check its status by running:
  kubectl --namespace monitoring get pods -l "release=kube-prometheus-stack"

Get Grafana 'admin' user password by running:

  kubectl --namespace monitoring get secrets kube-prometheus-stack-grafana -o jsonpath="{.data.admin-password}" | base64 -d ; echo

Access Grafana local instance:

  export POD_NAME=$(kubectl --namespace monitoring get pod -l "app.kubernetes.io/name=grafana,app.kubernetes.io/instance=kube-prometheus-stack" -oname)
  kubectl --namespace monitoring port-forward $POD_NAME 3000

Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.

5. Helm 릴리스 상태 확인

helm list -n monitoring

✅ 출력

NAME                 	NAMESPACE 	REVISION	UPDATED                                	STATUS  	CHART                       	APP VERSION
kube-prometheus-stack	monitoring	1       	2025-03-01 10:55:37.941454098 +0900 KST	deployed	kube-prometheus-stack-69.3.1	v0.80.0    

6. 쿠버네티스 리소스 확인

kubectl get sts,ds,deploy,pod,svc,ep,ingress,pvc,pv -n monitoring

✅ 출력

NAME                                                           READY   AGE
statefulset.apps/kube-prometheus-stack-grafana                 1/1     73s
statefulset.apps/prometheus-kube-prometheus-stack-prometheus   1/1     71s

NAME                                                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/kube-prometheus-stack-prometheus-node-exporter   3         3         3       3            3           kubernetes.io/os=linux   73s

NAME                                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kube-prometheus-stack-kube-state-metrics   1/1     1            1           73s
deployment.apps/kube-prometheus-stack-operator             1/1     1            1           73s

NAME                                                           READY   STATUS    RESTARTS   AGE
pod/kube-prometheus-stack-grafana-0                            3/3     Running   0          73s
pod/kube-prometheus-stack-kube-state-metrics-5dbfbd4b9-b2bfq   1/1     Running   0          73s
pod/kube-prometheus-stack-operator-76bdd654bf-t5gh7            1/1     Running   0          73s
pod/kube-prometheus-stack-prometheus-node-exporter-44zpf       1/1     Running   0          73s
pod/kube-prometheus-stack-prometheus-node-exporter-b2zk8       1/1     Running   0          73s
pod/kube-prometheus-stack-prometheus-node-exporter-x79kf       1/1     Running   0          73s
pod/prometheus-kube-prometheus-stack-prometheus-0              2/2     Running   0          71s

NAME                                                     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
service/kube-prometheus-stack-grafana                    ClusterIP   10.100.33.238    <none>        80/TCP              73s
service/kube-prometheus-stack-grafana-headless           ClusterIP   None             <none>        9094/TCP            73s
service/kube-prometheus-stack-kube-state-metrics         ClusterIP   10.100.131.25    <none>        8080/TCP            73s
service/kube-prometheus-stack-operator                   ClusterIP   10.100.186.182   <none>        443/TCP             73s
service/kube-prometheus-stack-prometheus                 ClusterIP   10.100.140.111   <none>        9090/TCP,8080/TCP   73s
service/kube-prometheus-stack-prometheus-node-exporter   ClusterIP   10.100.122.125   <none>        9100/TCP            73s
service/prometheus-operated                              ClusterIP   None             <none>        9090/TCP            71s

NAME                                                       ENDPOINTS                                               AGE
endpoints/kube-prometheus-stack-grafana                    192.168.1.82:3000                                       73s
endpoints/kube-prometheus-stack-grafana-headless           192.168.1.82:9094                                       73s
endpoints/kube-prometheus-stack-kube-state-metrics         192.168.1.238:8080                                      73s
endpoints/kube-prometheus-stack-operator                   192.168.3.147:10250                                     73s
endpoints/kube-prometheus-stack-prometheus                 192.168.3.89:9090,192.168.3.89:8080                     73s
endpoints/kube-prometheus-stack-prometheus-node-exporter   192.168.1.51:9100,192.168.2.42:9100,192.168.3.30:9100   73s
endpoints/prometheus-operated                              192.168.3.89:9090                                       71s

NAME                                                         CLASS   HOSTS                    ADDRESS                                                       PORTS   AGE
ingress.networking.k8s.io/kube-prometheus-stack-grafana      alb     grafana.gagajin.com      myeks-ingress-alb-77245841.ap-northeast-2.elb.amazonaws.com   80      73s
ingress.networking.k8s.io/kube-prometheus-stack-prometheus   alb     prometheus.gagajin.com   myeks-ingress-alb-77245841.ap-northeast-2.elb.amazonaws.com   80      73s

NAME                                                                                                                 STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
persistentvolumeclaim/prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0   Bound    pvc-afacff05-8dfd-4a4d-a597-1d76f1d05be5   30Gi       RWO            gp3            <unset>                 3d10h
persistentvolumeclaim/storage-kube-prometheus-stack-grafana-0                                                        Bound    pvc-86ba8583-882e-4d2b-837b-dac7c7ac231d   20Gi       RWO            gp3            <unset>                 3d10h

NAME                                                        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                                                                                     STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
persistentvolume/pvc-86ba8583-882e-4d2b-837b-dac7c7ac231d   20Gi       RWO            Delete           Bound    monitoring/storage-kube-prometheus-stack-grafana-0                                                        gp3            <unset>                          3d10h
persistentvolume/pvc-afacff05-8dfd-4a4d-a597-1d76f1d05be5   30Gi       RWO            Delete           Bound    monitoring/prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0   gp3            <unset>                          3d10h

7. 전체 리소스 확인

kubectl get-all -n monitoring

✅ 출력

NAME                                                                                                                NAMESPACE   AGE
configmap/kube-prometheus-stack-apiserver                                                                           monitoring  3m13s  
configmap/kube-prometheus-stack-cluster-total                                                                       monitoring  3m13s  
configmap/kube-prometheus-stack-grafana                                                                             monitoring  3m13s  
configmap/kube-prometheus-stack-grafana-config-dashboards                                                           monitoring  3m13s  
configmap/kube-prometheus-stack-grafana-datasource                                                                  monitoring  3m13s  
configmap/kube-prometheus-stack-grafana-overview                                                                    monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-coredns                                                                         monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-cluster                                                               monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-multicluster                                                          monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-namespace                                                             monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-node                                                                  monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-pod                                                                   monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-workload                                                              monitoring  3m13s  
configmap/kube-prometheus-stack-k8s-resources-workloads-namespace                                                   monitoring  3m13s  
configmap/kube-prometheus-stack-kubelet                                                                             monitoring  3m13s  
configmap/kube-prometheus-stack-namespace-by-pod                                                                    monitoring  3m13s  
configmap/kube-prometheus-stack-namespace-by-workload                                                               monitoring  3m13s  
configmap/kube-prometheus-stack-node-cluster-rsrc-use                                                               monitoring  3m13s  
configmap/kube-prometheus-stack-node-rsrc-use                                                                       monitoring  3m13s  
configmap/kube-prometheus-stack-nodes                                                                               monitoring  3m13s  
configmap/kube-prometheus-stack-nodes-aix                                                                           monitoring  3m13s  
configmap/kube-prometheus-stack-nodes-darwin                                                                        monitoring  3m13s  
configmap/kube-prometheus-stack-persistentvolumesusage                                                              monitoring  3m13s  
configmap/kube-prometheus-stack-pod-total                                                                           monitoring  3m13s  
configmap/kube-prometheus-stack-prometheus                                                                          monitoring  3m13s  
configmap/kube-prometheus-stack-proxy                                                                               monitoring  3m13s  
configmap/kube-prometheus-stack-workload-total                                                                      monitoring  3m13s  
configmap/kube-root-ca.crt                                                                                          monitoring  3d10h  
configmap/prometheus-kube-prometheus-stack-prometheus-rulefiles-0                                                   monitoring  3m11s  
endpoints/kube-prometheus-stack-grafana                                                                             monitoring  3m13s  
endpoints/kube-prometheus-stack-grafana-headless                                                                    monitoring  3m13s  
endpoints/kube-prometheus-stack-kube-state-metrics                                                                  monitoring  3m13s  
endpoints/kube-prometheus-stack-operator                                                                            monitoring  3m13s  
endpoints/kube-prometheus-stack-prometheus                                                                          monitoring  3m13s  
endpoints/kube-prometheus-stack-prometheus-node-exporter                                                            monitoring  3m13s  
endpoints/prometheus-operated                                                                                       monitoring  3m11s  
persistentvolumeclaim/prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0  monitoring  3d10h  
persistentvolumeclaim/storage-kube-prometheus-stack-grafana-0                                                       monitoring  3d10h  
pod/kube-prometheus-stack-grafana-0                                                                                 monitoring  3m13s  
pod/kube-prometheus-stack-kube-state-metrics-5dbfbd4b9-b2bfq                                                        monitoring  3m13s  
pod/kube-prometheus-stack-operator-76bdd654bf-t5gh7                                                                 monitoring  3m13s  
pod/kube-prometheus-stack-prometheus-node-exporter-44zpf                                                            monitoring  3m13s  
pod/kube-prometheus-stack-prometheus-node-exporter-b2zk8                                                            monitoring  3m13s  
pod/kube-prometheus-stack-prometheus-node-exporter-x79kf                                                            monitoring  3m13s  
pod/prometheus-kube-prometheus-stack-prometheus-0                                                                   monitoring  3m11s  
secret/kube-prometheus-stack-admission                                                                              monitoring  3d10h  
secret/kube-prometheus-stack-grafana                                                                                monitoring  3m13s  
secret/prometheus-kube-prometheus-stack-prometheus                                                                  monitoring  3m11s  
secret/prometheus-kube-prometheus-stack-prometheus-thanos-prometheus-http-client-file                               monitoring  3m11s  
secret/prometheus-kube-prometheus-stack-prometheus-tls-assets-0                                                     monitoring  3m11s  
secret/prometheus-kube-prometheus-stack-prometheus-web-config                                                       monitoring  3m11s  
secret/sh.helm.release.v1.kube-prometheus-stack.v1                                                                  monitoring  3m23s  
serviceaccount/default                                                                                              monitoring  3d10h  
serviceaccount/kube-prometheus-stack-grafana                                                                        monitoring  3m13s  
serviceaccount/kube-prometheus-stack-kube-state-metrics                                                             monitoring  3m13s  
serviceaccount/kube-prometheus-stack-operator                                                                       monitoring  3m13s  
serviceaccount/kube-prometheus-stack-prometheus                                                                     monitoring  3m13s  
serviceaccount/kube-prometheus-stack-prometheus-node-exporter                                                       monitoring  3m13s  
service/kube-prometheus-stack-grafana                                                                               monitoring  3m13s  
service/kube-prometheus-stack-grafana-headless                                                                      monitoring  3m13s  
service/kube-prometheus-stack-kube-state-metrics                                                                    monitoring  3m13s  
service/kube-prometheus-stack-operator                                                                              monitoring  3m13s  
service/kube-prometheus-stack-prometheus                                                                            monitoring  3m13s  
service/kube-prometheus-stack-prometheus-node-exporter                                                              monitoring  3m13s  
service/prometheus-operated                                                                                         monitoring  3m11s  
controllerrevision.apps/kube-prometheus-stack-grafana-56f654f5d6                                                    monitoring  3m13s  
controllerrevision.apps/kube-prometheus-stack-prometheus-node-exporter-89f764479                                    monitoring  3m13s  
controllerrevision.apps/prometheus-kube-prometheus-stack-prometheus-88cb76465                                       monitoring  3m11s  
daemonset.apps/kube-prometheus-stack-prometheus-node-exporter                                                       monitoring  3m13s  
deployment.apps/kube-prometheus-stack-kube-state-metrics                                                            monitoring  3m13s  
deployment.apps/kube-prometheus-stack-operator                                                                      monitoring  3m13s  
replicaset.apps/kube-prometheus-stack-kube-state-metrics-5dbfbd4b9                                                  monitoring  3m13s  
replicaset.apps/kube-prometheus-stack-operator-76bdd654bf                                                           monitoring  3m13s  
statefulset.apps/kube-prometheus-stack-grafana                                                                      monitoring  3m13s  
statefulset.apps/prometheus-kube-prometheus-stack-prometheus                                                        monitoring  3m11s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-grafana-cs68n                                                  monitoring  3m13s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-grafana-headless-g5tcd                                         monitoring  3m13s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-kube-state-metrics-8kqsr                                       monitoring  3m13s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-operator-ffmfx                                                 monitoring  3m13s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-prometheus-bplw2                                               monitoring  3m13s  
endpointslice.discovery.k8s.io/kube-prometheus-stack-prometheus-node-exporter-tpjll                                 monitoring  3m13s  
endpointslice.discovery.k8s.io/prometheus-operated-srd8x                                                            monitoring  3m11s  
targetgroupbinding.elbv2.k8s.aws/k8s-monitori-kubeprom-1c4114721c                                                   monitoring  3m11s  
targetgroupbinding.elbv2.k8s.aws/k8s-monitori-kubeprom-8a6213e683                                                   monitoring  3m9s   
prometheus.monitoring.coreos.com/kube-prometheus-stack-prometheus                                                   monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-apiserver                                                monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-coredns                                                  monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-grafana                                                  monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kube-proxy                                               monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kube-state-metrics                                       monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kubelet                                                  monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-operator                                                 monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-prometheus                                               monitoring  3m13s  
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-prometheus-node-exporter                                 monitoring  3m13s  
ingress.networking.k8s.io/kube-prometheus-stack-grafana                                                             monitoring  3m13s  
ingress.networking.k8s.io/kube-prometheus-stack-prometheus                                                          monitoring  3m13s  
rolebinding.rbac.authorization.k8s.io/kube-prometheus-stack-grafana                                                 monitoring  3m13s  
role.rbac.authorization.k8s.io/kube-prometheus-stack-grafana                                                        monitoring  3m13s

8. 모니터링 CRD 및 ServiceMonitor 확인

kubectl get prometheus,servicemonitors -n monitoring

✅ 출력

NAME                                                                VERSION   DESIRED   READY   RECONCILED   AVAILABLE   AGE
prometheus.monitoring.coreos.com/kube-prometheus-stack-prometheus   v3.1.0    1         1       True         True        3m52s

NAME                                                                                  AGE
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-apiserver                  3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-coredns                    3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-grafana                    3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kube-proxy                 3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kube-state-metrics         3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-kubelet                    3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-operator                   3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-prometheus                 3m52s
servicemonitor.monitoring.coreos.com/kube-prometheus-stack-prometheus-node-exporter   3m52s

• Alertmanager, ServiceMonitor 등 모니터링 관련 CRD들이 존재함을 확인

kubectl get crd | grep monitoring

✅ 출력

alertmanagerconfigs.monitoring.coreos.com    2025-02-25T15:42:28Z
alertmanagers.monitoring.coreos.com          2025-02-25T15:42:29Z
podmonitors.monitoring.coreos.com            2025-02-25T15:42:30Z
probes.monitoring.coreos.com                 2025-02-25T15:42:30Z
prometheusagents.monitoring.coreos.com       2025-02-25T15:42:31Z
prometheuses.monitoring.coreos.com           2025-02-25T15:42:31Z
prometheusrules.monitoring.coreos.com        2025-02-25T15:42:32Z
scrapeconfigs.monitoring.coreos.com          2025-02-25T15:42:32Z
servicemonitors.monitoring.coreos.com        2025-02-25T15:42:33Z
thanosrulers.monitoring.coreos.com           2025-02-25T15:42:33Z

9. Persistent Volume 및 PVC 상태 점검

kubectl df-pv

✅ 출력

 PV NAME                                   PVC NAME                                                                                      NAMESPACE   NODE NAME                                        POD NAME                                       VOLUME MOUNT NAME                               SIZE  USED    AVAILABLE  %USED  IUSED  IFREE     %IUSED 
 pvc-86ba8583-882e-4d2b-837b-dac7c7ac231d  storage-kube-prometheus-stack-grafana-0                                                       monitoring  ip-192-168-1-51.ap-northeast-2.compute.internal  kube-prometheus-stack-grafana-0                storage                                         19Gi  196Mi   19Gi       0.96   85     10485675  0.00   
 pvc-afacff05-8dfd-4a4d-a597-1d76f1d05be5  prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0  monitoring  ip-192-168-3-30.ap-northeast-2.compute.internal  prometheus-kube-prometheus-stack-prometheus-0  prometheus-kube-prometheus-stack-prometheus-db  29Gi  1956Mi  28Gi       6.38   113    15728527  0.00   

10. 프로메테우스 버전 및 빌드 정보 확인

echo -e "https://prometheus.$MyDomain/api/v1/status/buildinfo"

✅ 출력

https://prometheus.gagajin.com/api/v1/status/buildinfo

11. 프로메테우스 웹 대시보드 및 그라파나 접속

• 프로메테우스 웹 접속 화면

• 그라파나 웹 접속 화면
• Grafana는 Helm 파라미터에 설정된 로그인 정보(admin/prom-operator)를 사용해 접속하며, 다양한 대시보드를 통해 모니터링 데이터를 시각화할 수 있음

12. ALB 확인

• Ingress 리소스를 통해 외부 접근을 위한 ALB가 정상적으로 구성되어 있음을 확인함

---

AWS CNI Metrics 수집을 위한 사전 설정

• 추가 어플리케이션의 메트릭 수집을 위해, 대상에 손쉽게 메트릭을 올릴 수 있는 방법으로 ServiceMonitor와 PodMonitor를 활용함
• Prometheus Operator는 기존 Config 수정 대신, PodMonitor CRD를 생성하여 수집 대상을 동적으로 등록할 수 있도록 지원함

1. PodMonitor CRD 생성

cat <<EOF | kubectl create -f -
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: aws-cni-metrics
  namespace: kube-system
spec:
  jobLabel: k8s-app
  namespaceSelector:
    matchNames:
    - kube-system
  podMetricsEndpoints:
  - interval: 30s
    path: /metrics
    port: metrics
  selector:
    matchLabels:
      k8s-app: aws-node
EOF

# 결과
podmonitor.monitoring.coreos.com/aws-cni-metrics created

2. PodMonitor 생성 확인

kubectl get podmonitor -n kube-system

✅ 출력

NAME              AGE
aws-cni-metrics   40s

3. AWS CNI Metrics 확인

• 워커 노드에서 61678 포트로 접근하여, AWS CNI 관련 메트릭(ex. awscni_add_ip_req_count 등)이 출력되는지 확인함

curl -s $N1:61678/metrics | grep '^awscni'

✅ 출력

awscni_add_ip_req_count 11
awscni_assigned_ip_addresses 8
awscni_assigned_ip_per_cidr{cidr="192.168.1.114/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.127/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.134/32"} 0
awscni_assigned_ip_per_cidr{cidr="192.168.1.194/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.226/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.238/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.62/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.71/32"} 0
awscni_assigned_ip_per_cidr{cidr="192.168.1.82/32"} 1
awscni_assigned_ip_per_cidr{cidr="192.168.1.87/32"} 1
awscni_assigned_ip_per_eni{eni="eni-022faaaa5981f056b"} 0
awscni_assigned_ip_per_eni{eni="eni-0417b2799144172b1"} 5
awscni_assigned_ip_per_eni{eni="eni-0940759276408f3f7"} 3
awscni_aws_api_latency_ms_sum{api="AssignPrivateIpAddresses",error="false",status="200"} 363
awscni_aws_api_latency_ms_count{api="AssignPrivateIpAddresses",error="false",status="200"} 1
awscni_aws_api_latency_ms_sum{api="AttachNetworkInterface",error="false",status="200"} 1494
awscni_aws_api_latency_ms_count{api="AttachNetworkInterface",error="false",status="200"} 2
awscni_aws_api_latency_ms_sum{api="CreateNetworkInterface",error="false",status="200"} 898
awscni_aws_api_latency_ms_count{api="CreateNetworkInterface",error="false",status="200"} 2
awscni_aws_api_latency_ms_sum{api="CreateTags",error="false",status="200"} 141
awscni_aws_api_latency_ms_count{api="CreateTags",error="false",status="200"} 1
awscni_aws_api_latency_ms_sum{api="DescribeInstances",error="false",status="200"} 276
awscni_aws_api_latency_ms_count{api="DescribeInstances",error="false",status="200"} 2
awscni_aws_api_latency_ms_sum{api="DescribeNetworkInterfaces",error="false",status="200"} 235
awscni_aws_api_latency_ms_count{api="DescribeNetworkInterfaces",error="false",status="200"} 1
awscni_aws_api_latency_ms_sum{api="DescribeSubnets",error="false",status="200"} 304
awscni_aws_api_latency_ms_count{api="DescribeSubnets",error="false",status="200"} 2
awscni_aws_api_latency_ms_sum{api="GetMetadata",error="false",status="200"} 79921
awscni_aws_api_latency_ms_count{api="GetMetadata",error="false",status="200"} 132346
awscni_aws_api_latency_ms_sum{api="GetMetadata",error="true",status="404"} 8654
awscni_aws_api_latency_ms_count{api="GetMetadata",error="true",status="404"} 15247
awscni_aws_api_latency_ms_sum{api="ModifyNetworkInterfaceAttribute",error="false",status="200"} 993
awscni_aws_api_latency_ms_count{api="ModifyNetworkInterfaceAttribute",error="false",status="200"} 3
awscni_aws_api_latency_ms_sum{api="waitForENIAndIPsAttached",error="false",status="200"} 1703
awscni_aws_api_latency_ms_count{api="waitForENIAndIPsAttached",error="false",status="200"} 2
awscni_build_info{goversion="go1.22.10",version=""} 1
awscni_del_ip_req_count{reason="PodDeleted"} 9
awscni_ec2api_req_count{fn="AssignPrivateIpAddresses"} 1
awscni_ec2api_req_count{fn="AttachNetworkInterface"} 2
awscni_ec2api_req_count{fn="CreateNetworkInterface"} 2
awscni_ec2api_req_count{fn="CreateTags"} 1
awscni_ec2api_req_count{fn="DescribeInstances"} 2
awscni_ec2api_req_count{fn="DescribeNetworkInterfaces"} 83
awscni_ec2api_req_count{fn="DescribeSubnets"} 2
awscni_ec2api_req_count{fn="ModifyNetworkInterfaceAttribute"} 3
awscni_eni_allocated 3
awscni_eni_max 3
awscni_force_removed_enis 0
awscni_force_removed_ips 0
awscni_ip_max 15
awscni_ipamd_action_inprogress{fn="increaseDatastorePool"} 0
awscni_ipamd_action_inprogress{fn="nodeIPPoolReconcile"} 0
awscni_ipamd_action_inprogress{fn="nodeInit"} 0
awscni_no_available_ip_addresses 0
awscni_reconcile_count{fn="eniDataStorePoolReconcileAdd"} 76160
awscni_total_ip_addresses 15
awscni_total_ipv4_prefixes 0

• PodMonitor의 aws-cni-metrics가 대상 타겟에 올라감

4. 워커노드 포트 상태 확인

• 워커 노드에 SSH 접속 후, ss -tnlp 명령어를 통해 포트 61678이 열려 있으며, aws-k8s-agent가 해당 포트를 사용 중임을 확인함
• PodMonitor를 생성하면 Prometheus 타겟에 aws-cni-metrics가 자동으로 등록되고, 이후 ServiceMonitor 설정도 자동으로 반영됨

ssh ec2-user@$N1

A newer release of "Amazon Linux" is available.
  Version 2023.6.20250211:
  Version 2023.6.20250218:
Run "/usr/bin/dnf check-release-update" for full release and version update info
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Sat Mar  1 02:39:19 2025 from 182.230.60.93
[ec2-user@ip-192-168-1-51 ~]$ sudo ss -tnlp
State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port  Process                                                                 
LISTEN   0        4096           127.0.0.1:50052          0.0.0.0:*      users:(("controller",pid=3098,fd=13))                                  
LISTEN   0        4096           127.0.0.1:50051          0.0.0.0:*      users:(("aws-k8s-agent",pid=2975,fd=10))                               
LISTEN   0        4096           127.0.0.1:61679          0.0.0.0:*      users:(("aws-k8s-agent",pid=2975,fd=12))                               
LISTEN   0        4096           127.0.0.1:10248          0.0.0.0:*      users:(("kubelet",pid=2493,fd=22))                                     
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=1566,fd=3))                                         
LISTEN   0        4096           127.0.0.1:46111          0.0.0.0:*      users:(("containerd",pid=2478,fd=11))                                  
LISTEN   0        4096                   *:8163                 *:*      users:(("controller",pid=3098,fd=7))                                   
LISTEN   0        4096                   *:8162                 *:*      users:(("controller",pid=3098,fd=8))                                   
LISTEN   0        4096                   *:10256                *:*      users:(("kube-proxy",pid=2715,fd=16))                                  
LISTEN   0        128                 [::]:22                [::]:*      users:(("sshd",pid=1566,fd=4))                                         
LISTEN   0        4096                   *:10249                *:*      users:(("kube-proxy",pid=2715,fd=12))                                  
LISTEN   0        4096                   *:10250                *:*      users:(("kubelet",pid=2493,fd=12))                                     
LISTEN   0        4096                   *:61680                *:*      users:(("controller",pid=3098,fd=12))                                  
LISTEN   0        4096                   *:61678                *:*      users:(("aws-k8s-agent",pid=2975,fd=11))                               
LISTEN   0        4096                   *:9100                 *:*      users:(("node_exporter",pid=1591439,fd=3))         

---

🌐 nginx 웹 서버(with helm)에 metrics 수집 설정 추가

1. 메트릭 수집 대상 확인

• 프로메테우스 서버는 노드의 OS 및 상태 정보를 9100 포트의 /metrics 엔드포인트에서 수집함
• 프로메테우스가 이 엔드포인트로 통신할 수 있어야 하며, 내부 IP(예: http://192.168.1.51:9100/metrics)는 프로메테우스 서버와의 네트워크 연결이 가능해야 함

2. 웹 인터페이스 옵션 및 설정 확인

• Status → Configuration 메뉴에서 Runtime & Build Information을 확인하여 버전, 작업 디렉토리, 스토리지 보존 기간 등의 정보를 점검함

• TSDB에 대한 상태

• Command-line flags

• Configuration

3. Service Discovery 및 대상 타겟 관리

• Kubernetes의 ServiceMonitor와 PodMonitor를 사용해 대상 엔드포인트를 자동으로 검색하고, 설정이 올바른 대상만 Prometheus 타겟에 등록됨
• 예를 들어, kube-system 네임스페이스에서 PodMonitor를 생성했을 때 44개의 엔드포인트 중 3개만 올바른 pod 라벨 매칭으로 Target Health에 표시됨
• 올바른 라벨이 지정된 대상만 수집되어 Prometheus에서 모니터링되며, 이는 서비스의 실제 active Pod 정보를 반영하는 데 도움이 됨

4. kube-apiserver 타겟 상태 확인

• API 서버의 엔드포인트인 192.168.2.241과 192.168.3.124는 owned ENI에 속하며, Prometheus가 해당 엔드포인트를 정상적으로 타겟에 등록하여 메트릭 정보를 수집하고 있음

5. 메트릭 조회

• node_cpu_seconds_total: 각 노드가 CPU를 사용한 총 시간을 측정하여, CPU 사용량을 나타냄

6. PromQL 쿼리 확인

(1) mode="idle" 상태인 CPU 사용량만 조회

node_cpu_seconds_total{mode="idle"}

(2) 1분 간격의 데이터 확인

• 기본 쿼리는 15초 간격의 실시간 데이터를 보여줌
• 1분 동안 수집된 데이터를 확인하려면 아래 쿼리를 사용함

(node_cpu_seconds_total{mode="idle"}[1m])

• 이 쿼리는 1분 동안 수집된 4개의 시계열 데이터를 출력함 —

🔍 nginx 파드 확인

1. nginx 파드내에 컨테이너 갯수 확인

kubectl describe pod -l app.kubernetes.io/instance=nginx

✅ 출력

Name:             nginx-7c94c9bdcb-9g66b
Namespace:        default
Priority:         0
Service Account:  nginx
Node:             ip-192-168-2-42.ap-northeast-2.compute.internal/192.168.2.42
Start Time:       Wed, 26 Feb 2025 21:22:15 +0900
Labels:           app.kubernetes.io/instance=nginx
                  app.kubernetes.io/managed-by=Helm
                  app.kubernetes.io/name=nginx
                  app.kubernetes.io/version=1.27.4
                  helm.sh/chart=nginx-19.0.0
                  pod-template-hash=7c94c9bdcb
Annotations:      <none>
Status:           Running
IP:               192.168.2.63
IPs:
  IP:           192.168.2.63
Controlled By:  ReplicaSet/nginx-7c94c9bdcb
Init Containers:
  preserve-logs-symlinks:
    Container ID:    containerd://05070e719f8e24ce045ecb8acafe47cd184eefaa68e42b7d929232b8f91c9093
    Image:           docker.io/bitnami/nginx:1.27.4-debian-12-r1
    Image ID:        docker.io/bitnami/nginx@sha256:a633d685dae033ffde21c0b87445f5e7c20c3895126443f6d7c9d9d325e071be
    Port:            <none>
    Host Port:       <none>
    SeccompProfile:  RuntimeDefault
    Command:
      /bin/bash
    Args:
      -ec
      #!/bin/bash
      . /opt/bitnami/scripts/libfs.sh
      # We copy the logs folder because it has symlinks to stdout and stderr
      if ! is_dir_empty /opt/bitnami/nginx/logs; then
        cp -r /opt/bitnami/nginx/logs /emptydir/app-logs-dir
      fi
      
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 26 Feb 2025 21:22:24 +0900
      Finished:     Wed, 26 Feb 2025 21:22:24 +0900
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:                150m
      ephemeral-storage:  2Gi
      memory:             192Mi
    Requests:
      cpu:                100m
      ephemeral-storage:  50Mi
      memory:             128Mi
    Environment:          <none>
    Mounts:
      /emptydir from empty-dir (rw)
Containers:
  nginx:
    Container ID:    containerd://caae567c481a991fbfc88920be6f7ad4b747d7157917de3f84861f2e4f9214d1
    Image:           docker.io/bitnami/nginx:1.27.4-debian-12-r1
    Image ID:        docker.io/bitnami/nginx@sha256:a633d685dae033ffde21c0b87445f5e7c20c3895126443f6d7c9d9d325e071be
    Ports:           8080/TCP, 8443/TCP
    Host Ports:      0/TCP, 0/TCP
    SeccompProfile:  RuntimeDefault
    State:           Running
      Started:       Wed, 26 Feb 2025 21:22:26 +0900
    Ready:           True
    Restart Count:   0
    Limits:
      cpu:                150m
      ephemeral-storage:  2Gi
      memory:             192Mi
    Requests:
      cpu:                100m
      ephemeral-storage:  50Mi
      memory:             128Mi
    Liveness:             tcp-socket :http delay=30s timeout=5s period=10s #success=1 #failure=6
    Readiness:            http-get http://:http/ delay=5s timeout=3s period=5s #success=1 #failure=3
    Environment:
      BITNAMI_DEBUG:            false
      NGINX_HTTP_PORT_NUMBER:   8080
      NGINX_HTTPS_PORT_NUMBER:  8443
    Mounts:
      /certs from certificate (rw)
      /opt/bitnami/nginx/conf from empty-dir (rw,path="app-conf-dir")
      /opt/bitnami/nginx/logs from empty-dir (rw,path="app-logs-dir")
      /opt/bitnami/nginx/tmp from empty-dir (rw,path="app-tmp-dir")
      /tmp from empty-dir (rw,path="tmp-dir")
Conditions:
  Type                        Status
  PodReadyToStartContainers   True
  Initialized                 True
  Ready                       True
  ContainersReady             True
  PodScheduled                True
Volumes:
  empty-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  certificate:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  nginx-tls
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:          <none>

2. 파라미터 파일 생성

• nginx-values.yaml 파일을 생성해 Metrics 기능을 활성화하고, 서비스 포트를 9113으로 변경함
• 또한, ServiceMonitor CRD 설정을 통해 nginx를 모니터링 대상에 추가하도록 구성함

cat <<EOT > nginx-values.yaml
metrics:
  enabled: true

  service:
    port: 9113

  serviceMonitor:
    enabled: true
    namespace: monitoring
    interval: 10s
EOT

3. 배포

helm upgrade nginx bitnami/nginx --reuse-values -f nginx-values.yaml

✅ 출력

Release "nginx" has been upgraded. Happy Helming!
NAME: nginx
LAST DEPLOYED: Sat Mar  1 15:03:00 2025
NAMESPACE: default
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
CHART NAME: nginx
CHART VERSION: 19.0.0
APP VERSION: 1.27.4

Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.

** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:

    nginx.default.svc.cluster.local (port 80)

To access NGINX from outside the cluster, follow the steps below:

1. Get the NGINX URL and associate its hostname to your cluster external IP:

   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
   echo "NGINX URL: http://nginx.gagajin.com"
   echo "$CLUSTER_IP  nginx.gagajin.com" | sudo tee -a /etc/hosts

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - cloneStaticSiteFromGit.gitSync.resources
  - metrics.resources
  - resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.

Substituted images detected:
  - docker.io/bitnami/nginx:1.27.4-debian-12-r1

⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior.

Retagged images:
  - docker.io/bitnami/nginx:1.27.4-debian-12-r1

4. 모니터링

watch -d "kubectl get pod; echo; kubectl get servicemonitors -n monitoring"

✅ 출력

Every 2.0s: kubectl get pod; echo; kubectl get servicemonitors -n monitoring    gram88: 03:04:35 PM

NAME                             READY   STATUS    RESTARTS   AGE
details-v1-79dfbd6fff-584wb      1/1     Running   0          3d15h
nginx-85df7754bf-55bj4           2/2     Running   0          94s
productpage-v1-dffc47f64-t8bs9   1/1     Running   0          3d15h
ratings-v1-65f797b499-fs82w      1/1     Running   0          3d15h
reviews-v1-5c4d6d447c-7b69s      1/1     Running   0          3d15h
reviews-v2-65cb66b45c-8rvgv      1/1     Running   0          3d15h
reviews-v3-f68f94645-nsbl8       1/1     Running   0          3d15h

NAME                                             AGE
kube-prometheus-stack-apiserver                  4h8m
kube-prometheus-stack-coredns                    4h8m
kube-prometheus-stack-grafana                    4h8m
kube-prometheus-stack-kube-proxy                 4h8m
kube-prometheus-stack-kube-state-metrics         4h8m
kube-prometheus-stack-kubelet                    4h8m
kube-prometheus-stack-operator                   4h8m
kube-prometheus-stack-prometheus                 4h8m
kube-prometheus-stack-prometheus-node-exporter   4h8m
nginx                                            95s

5. nginx 모니터링 대상 및 ServiceMonitor 리소스 조회 작업

(1) Pod, Service, Endpoint 정보 조회

kubectl get pod,svc,ep

✅ 출력

NAME                                 READY   STATUS    RESTARTS   AGE
pod/details-v1-79dfbd6fff-584wb      1/1     Running   0          3d15h
pod/nginx-85df7754bf-55bj4           2/2     Running   0          5m42s
pod/productpage-v1-dffc47f64-t8bs9   1/1     Running   0          3d15h
pod/ratings-v1-65f797b499-fs82w      1/1     Running   0          3d15h
pod/reviews-v1-5c4d6d447c-7b69s      1/1     Running   0          3d15h
pod/reviews-v2-65cb66b45c-8rvgv      1/1     Running   0          3d15h
pod/reviews-v3-f68f94645-nsbl8       1/1     Running   0          3d15h

NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
service/details       ClusterIP   10.100.244.166   <none>        9080/TCP                                    3d15h
service/kubernetes    ClusterIP   10.100.0.1       <none>        443/TCP                                     3d17h
service/nginx         NodePort    10.100.47.81     <none>        80:32507/TCP,443:32693/TCP,9113:31463/TCP   2d17h
service/productpage   ClusterIP   10.100.98.77     <none>        9080/TCP                                    3d15h
service/ratings       ClusterIP   10.100.232.111   <none>        9080/TCP                                    3d15h
service/reviews       ClusterIP   10.100.139.243   <none>        9080/TCP                                    3d15h

NAME                    ENDPOINTS                                                  AGE
endpoints/details       192.168.2.48:9080                                          3d15h
endpoints/kubernetes    192.168.2.241:443,192.168.3.124:443                        3d17h
endpoints/nginx         192.168.3.184:9113,192.168.3.184:8443,192.168.3.184:8080   2d17h
endpoints/productpage   192.168.2.34:9080                                          3d15h
endpoints/ratings       192.168.1.194:9080                                         3d15h
endpoints/reviews       192.168.1.127:9080,192.168.2.176:9080,192.168.3.36:9080    3d15h

(2) nginx ServiceMonitor 조회

kubectl get servicemonitor -n monitoring nginx

✅ 출력

NAME    AGE
nginx   6m11s

(3) nginx ServiceMonitor YAML

kubectl get servicemonitor -n monitoring nginx -o yaml | kubectl neat

✅ 출력

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  annotations:
    meta.helm.sh/release-name: nginx
    meta.helm.sh/release-namespace: default
  labels:
    app.kubernetes.io/instance: nginx
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nginx
    app.kubernetes.io/version: 1.27.4
    helm.sh/chart: nginx-19.0.0
  name: nginx
  namespace: monitoring
spec:
  endpoints:
  - interval: 10s
    path: /metrics
    port: metrics
  jobLabel: ""
  namespaceSelector:
    matchNames:
    - default
  selector:
    matchLabels:
      app.kubernetes.io/instance: nginx
      app.kubernetes.io/name: nginx

6. view-secret 플러그인 설치

kubectl krew install view-secret

# 결과
Updated the local copy of plugin index.
  New plugins available:
    * apidocs
    * cnp-viz
    * pickdeep
    * slowdrain
    * vault-login
Installing plugin: view-secret
Installed plugin: view-secret
\
 | Use this plugin:
 | 	kubectl view-secret
 | Documentation:
 | 	https://github.com/elsesiy/kubectl-view-secret
/
WARNING: You installed plugin "view-secret" from the krew-index plugin repository.
   These plugins are not audited for security by the Krew maintainers.
   Run them at your own risk.

7. 프로메테우스 웹 UI 확인

• nginx가 ServiceMonitor CRD를 통해 서비스 디스커버리 대상에 자동 등록됨

• 또한, 대상 타겟에 자동 등록됨

8. 동적 대상 타겟 구성 및 Config-Reload 적용 확인

• 변경 사항 확인 : monitoring 네임스페이스의 secret 중 “stack prometheus” 항목에서 변경 사항을 확인할 수 있음

kubectl get secret  -n monitoring

✅ 출력

NAME                                                                             TYPE                 DATA   AGE
kube-prometheus-stack-admission                                                  Opaque               3      3d14h
kube-prometheus-stack-grafana                                                    Opaque               3      4h27m
prometheus-kube-prometheus-stack-prometheus                                      Opaque               1      4h26m
prometheus-kube-prometheus-stack-prometheus-thanos-prometheus-http-client-file   Opaque               1      4h26m
prometheus-kube-prometheus-stack-prometheus-tls-assets-0                         Opaque               1      4h26m
prometheus-kube-prometheus-stack-prometheus-web-config                           Opaque               1      4h26m
sh.helm.release.v1.kube-prometheus-stack.v1                                      helm.sh/release.v1   1      4h27m

• nginx 관련 구성 확인 : kubectl view-secret 플러그인으로 secret의 내용을 zcat하여 nginx 관련 부분을 확인하면, job_name이 자동으로 추가된 것을 볼 수 있음
• 적용 매커니즘 : config-reloader가 동적으로 대상을 발견하고, 해당 대상이 구성 파일에 반영되며, 변경된 설정이 Prometheus 서버에 자동 적용되도록 처리됨

kubectl view-secret -n monitoring prometheus-kube-prometheus-stack-prometheus | zcat | grep nginx -A 20

✅ 출력

Viewing only available key: prometheus.yaml.gz

gzip: stdin: unexpected end of file
- job_name: serviceMonitor/monitoring/nginx/0
  honor_labels: false
  kubernetes_sd_configs:
  - role: endpoints
    namespaces:
      names:
      - default
  scrape_interval: 10s
  metrics_path: /metrics
  relabel_configs:
  - source_labels:
    - job
    target_label: __tmp_prometheus_job_name
  - action: keep
    source_labels:
    - __meta_kubernetes_service_label_app_kubernetes_io_instance
    - __meta_kubernetes_service_labelpresent_app_kubernetes_io_instance
    regex: (nginx);true
  - action: keep
    source_labels:
    - __meta_kubernetes_service_label_app_kubernetes_io_name
    - __meta_kubernetes_service_labelpresent_app_kubernetes_io_name
    regex: (nginx);true
  - action: keep
    source_labels:
    - __meta_kubernetes_endpoint_port_name
    regex: metrics
  - source_labels:
    - __meta_kubernetes_endpoint_address_target_kind
    - __meta_kubernetes_endpoint_address_target_name
    separator: ;
    regex: Node;(.*)
    replacement: ${1}
    target_label: node
  - source_labels:
    - __meta_kubernetes_endpoint_address_target_kind
    - __meta_kubernetes_endpoint_address_target_name
    separator: ;
    regex: Pod;(.*)
    replacement: ${1}
    target_label: pod
  - source_labels:
    - __meta_kubernetes_namespace

9. 매트릭 확인

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# NGINXIP=$(kubectl get pod -l app.kubernetes.io/instance=nginx -o jsonpath="{.items[0].status.podIP}")
(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# curl -s http://$NGINXIP:9113/metrics

✅ 출력

# HELP go_gc_duration_seconds A summary of the wall-time pause (stop-the-world) duration in garbage collection cycles.
# TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 3.8562e-05
go_gc_duration_seconds{quantile="0.25"} 8.4429e-05
go_gc_duration_seconds{quantile="0.5"} 0.000116249
go_gc_duration_seconds{quantile="0.75"} 0.000185463
go_gc_duration_seconds{quantile="1"} 0.003941106
go_gc_duration_seconds_sum 0.014826624
go_gc_duration_seconds_count 62
...
promhttp_metric_handler_requests_total{code="200"} 484
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0

10. 실제 커넥션, 웹 접속 및 스케일링 검증

(1) 실제 커넥션 Active 정보 확인

• Nginx-exporter 엔드포인트에서 활성 커넥션 수를 조회함

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# curl -s http://$NGINXIP:9113/metrics | grep ^nginx_connections_active

✅ 출력

nginx_connections_active 1

(2) 반복 접속을 통한 응답 확인

(eks-user@myeks:default) [root@operator-host node_exporter-1.9.0.linux-amd64]# while true; do curl -s https://nginx.$MyDomain -I | head -n 1; date; sleep 1; done

✅ 출력

HTTP/2 200 
Sat Mar  1 15:56:46 KST 2025
HTTP/2 200 
Sat Mar  1 15:56:47 KST 2025
HTTP/2 200 
Sat Mar  1 15:56:48 KST 2025
HTTP/2 200 
...

(3) 웹 접속 주소 확인

echo -e "Nginx WebServer URL = https://nginx.$MyDomain"

✅ 출력

Nginx WebServer URL = https://nginx.gagajin.com

(4) 웹 페이지 접속 확인

curl -s https://nginx.$MyDomain

✅ 출력

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

(5) nginx 스케일 아웃 검증

kubectl scale deployment nginx --replicas 2
# 결과
deployment.apps/nginx scaled

• 확장 후 Prometheus에서 nginx_up 쿼리를 실행하여 2개의 대상이 출력됨

---

📊 그라파나

1. 대시보드 임포트 및 CPU 점유율 대시보드 편집

• Dashboard에서 New → Import로 이동한 후, 17900을 입력하고 Load를 클릭함
• 3가지를 셋팅해보자. (CPU 점유율, 메모리 점유율, 디스크 사용률)

2. CPU 점유율 대시보드 편집

• 기존 쿼리에서는 레이블 필터가 node="$node"로 되어 있어 “No data”가 출력됨

sum by (instance) (irate(node_cpu_seconds_total{mode!~"guest.*|idle|iowait", node="$node"}[5m]))

• 쿼리의 필터를 instance="$instance"로 수정하니 CPU 사용량 데이터가 정상적으로 표시됨

sum by (instance) (irate(node_cpu_seconds_total{mode!~"guest.*|idle|iowait", instance="$instance"}[5m]))

• 변경 후 대시보드를 저장함

3. 메모리 점유율 대시보드 편집

• 기존 쿼리

(node_memory_MemTotal_bytes{node="$node"}-node_memory_MemAvailable_bytes{node="$node"})/node_memory_MemTotal_bytes{node="$node"}

• 수정된 쿼리

(node_memory_MemTotal_bytes{instance="$instance"}-node_memory_MemAvailable_bytes{instance="$instance"})/node_memory_MemTotal_bytes{instance="$instance"}

• 변경 후 대시보드를 저장함

4. 디스크 사용률 대시보드 편집

• 기존 쿼리

sum(node_filesystem_size_bytes{node="$node"} - node_filesystem_avail_bytes{node="$node"}) by (node) / sum(node_filesystem_size_bytes{node="$node"}) by (node)

• 수정된 쿼리

sum(node_filesystem_size_bytes{instance="$instance"} - node_filesystem_avail_bytes{instance="$instance"}) by (instance) / sum(node_filesystem_size_bytes{instance="$instance"}) by (instance)

• 변경 후 대시보드를 저장함

5. 수정 결과 확인

• 변경된 쿼리들을 적용한 후, 각 대시보드에서 정상적으로 메트릭 데이터가 표시됨

---

🎛️ 중급 패널

1. 노드별 5분간 CPU 사용 변화율

sum(rate(node_cpu_seconds_total[5m])) **by (instance)**

2. 네임스페이스 별 디플로이먼트 갯수

count(kube_deployment_status_replicas_available) by (namespace)

3. nginx 파드 수

kube_deployment_spec_replicas{deployment="nginx"}

4. 노드 별 1분간 CPU 사용률

1 - (avg(rate(node_cpu_seconds_total{mode="idle"}[1m])) by (instance))

5. 노드 OS 정보

node_os_info

• Transform data → Organize fields by name : id_like, instance, name, pretty_name 선택

6. 최종 결과

---

🗑️ (실습 완료 후) 자원 삭제

(eks-user@myeks:default) [root@operator-host ~]# nohup sh -c "eksctl delete cluster --name $CLUSTER_NAME && aws cloudformation delete-stack --stack-name $CLUSTER_NAME" > /root/delete.log 2>&1 &
[1] 16984

(eks-user@myeks:default) [root@operator-host ~]# tail -f delete.log

# 결과
nohup: ignoring input
2025-03-01 19:14:50 [ℹ]  deleting EKS cluster "myeks"
2025-03-01 19:14:50 [ℹ]  will drain 0 unmanaged nodegroup(s) in cluster "myeks"
2025-03-01 19:14:50 [ℹ]  starting parallel draining, max in-flight of 1
2025-03-01 19:14:51 [ℹ]  deleted 0 Fargate profile(s)
2025-03-01 19:14:51 [✔]  kubeconfig has been updated
2025-03-01 19:14:51 [ℹ]  cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress
2025-03-01 19:15:40 [ℹ]  
4 sequential tasks: { delete nodegroup "ng1", 
    2 sequential sub-tasks: { 
        2 parallel sub-tasks: { 
            2 sequential sub-tasks: { 
                delete IAM role for serviceaccount "amazon-cloudwatch/cloudwatch-agent",
                delete serviceaccount "amazon-cloudwatch/cloudwatch-agent",
            },
            2 sequential sub-tasks: { 
                delete IAM role for serviceaccount "kube-system/aws-load-balancer-controller",
                delete serviceaccount "kube-system/aws-load-balancer-controller",
            },
        },
        delete IAM OIDC provider,
    }, 
    2 parallel sub-tasks: { 
        delete addon IAM "eksctl-myeks-addon-aws-ebs-csi-driver",
        delete addon IAM "eksctl-myeks-addon-vpc-cni",
    }, delete cluster control plane "myeks" [async] 
}
2025-03-01 19:15:40 [ℹ]  will delete stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:15:40 [ℹ]  waiting for stack "eksctl-myeks-nodegroup-ng1" to get deleted
2025-03-01 19:15:41 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:16:11 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:17:09 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:18:09 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:19:28 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:20:53 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:21:29 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:23:01 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:23:39 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:25:17 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-nodegroup-ng1"
2025-03-01 19:25:18 [ℹ]  will delete stack "eksctl-myeks-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2025-03-01 19:25:18 [ℹ]  waiting for stack "eksctl-myeks-addon-iamserviceaccount-kube-system-aws-load-balancer-controller" to get deleted
2025-03-01 19:25:18 [ℹ]  will delete stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-03-01 19:25:18 [ℹ]  waiting for stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent" to get deleted
2025-03-01 19:25:18 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2025-03-01 19:25:18 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-03-01 19:25:48 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-amazon-cloudwatch-cloudwatch-agent"
2025-03-01 19:25:48 [ℹ]  waiting for CloudFormation stack "eksctl-myeks-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2025-03-01 19:25:48 [ℹ]  serviceaccount "amazon-cloudwatch/cloudwatch-agent" was already deleted
2025-03-01 19:25:48 [ℹ]  deleted serviceaccount "kube-system/aws-load-balancer-controller"
2025-03-01 19:25:49 [ℹ]  will delete stack "eksctl-myeks-addon-aws-ebs-csi-driver"
2025-03-01 19:25:49 [ℹ]  will delete stack "eksctl-myeks-addon-vpc-cni"
2025-03-01 19:25:49 [ℹ]  will delete stack "eksctl-myeks-cluster"
2025-03-01 19:25:49 [✔]  all cluster resources were deleted