AEWS 12์ฃผ์ฐจ ์ ๋ฆฌ
๐ฅ๏ธ๐๐ฅ๏ธ [์ค์ต 1] Simple Client to Server communication
https://aws-ia.github.io/terraform-aws-eks-blueprints/patterns/network/client-server-communication/ 
1. Terraform ์ฝ๋ ์ค๋น ๋ฐ ํ๋ก๋น์ ๋
1
2
git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
cd terraform-aws-eks-blueprints/patterns/vpc-lattice/client-server-communication
2. main.tf ์์
ํ์ผ ๋ด์ 29๋ฒ์งธ ๋ผ์ธ์์ region ๊ฐ์ ap-northeast-2๋ก ์์ 
3. Terrafrom init ์ํ
1
terraform init
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
Initializing the backend...
Initializing modules...
Downloading registry.terraform.io/aws-ia/eks-blueprints-addons/aws 1.21.0 for addons...
- addons in .terraform/modules/addons
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.argo_events...
- addons.argo_events in .terraform/modules/addons.argo_events
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.argo_rollouts...
- addons.argo_rollouts in .terraform/modules/addons.argo_rollouts
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.argo_workflows...
- addons.argo_workflows in .terraform/modules/addons.argo_workflows
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.argocd...
- addons.argocd in .terraform/modules/addons.argocd
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_cloudwatch_metrics...
- addons.aws_cloudwatch_metrics in .terraform/modules/addons.aws_cloudwatch_metrics
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_efs_csi_driver...
- addons.aws_efs_csi_driver in .terraform/modules/addons.aws_efs_csi_driver
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_for_fluentbit...
- addons.aws_for_fluentbit in .terraform/modules/addons.aws_for_fluentbit
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_fsx_csi_driver...
- addons.aws_fsx_csi_driver in .terraform/modules/addons.aws_fsx_csi_driver
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_gateway_api_controller...
- addons.aws_gateway_api_controller in .terraform/modules/addons.aws_gateway_api_controller
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_load_balancer_controller...
- addons.aws_load_balancer_controller in .terraform/modules/addons.aws_load_balancer_controller
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_node_termination_handler...
- addons.aws_node_termination_handler in .terraform/modules/addons.aws_node_termination_handler
Downloading registry.terraform.io/terraform-aws-modules/sqs/aws 4.0.1 for addons.aws_node_termination_handler_sqs...
- addons.aws_node_termination_handler_sqs in .terraform/modules/addons.aws_node_termination_handler_sqs
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.aws_privateca_issuer...
- addons.aws_privateca_issuer in .terraform/modules/addons.aws_privateca_issuer
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.bottlerocket_shadow...
- addons.bottlerocket_shadow in .terraform/modules/addons.bottlerocket_shadow
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.bottlerocket_update_operator...
- addons.bottlerocket_update_operator in .terraform/modules/addons.bottlerocket_update_operator
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.cert_manager...
- addons.cert_manager in .terraform/modules/addons.cert_manager
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.cluster_autoscaler...
- addons.cluster_autoscaler in .terraform/modules/addons.cluster_autoscaler
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.cluster_proportional_autoscaler...
- addons.cluster_proportional_autoscaler in .terraform/modules/addons.cluster_proportional_autoscaler
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.external_dns...
- addons.external_dns in .terraform/modules/addons.external_dns
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.external_secrets...
- addons.external_secrets in .terraform/modules/addons.external_secrets
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.gatekeeper...
- addons.gatekeeper in .terraform/modules/addons.gatekeeper
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.ingress_nginx...
- addons.ingress_nginx in .terraform/modules/addons.ingress_nginx
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.karpenter...
- addons.karpenter in .terraform/modules/addons.karpenter
Downloading registry.terraform.io/terraform-aws-modules/sqs/aws 4.0.1 for addons.karpenter_sqs...
- addons.karpenter_sqs in .terraform/modules/addons.karpenter_sqs
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.kube_prometheus_stack...
- addons.kube_prometheus_stack in .terraform/modules/addons.kube_prometheus_stack
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.metrics_server...
- addons.metrics_server in .terraform/modules/addons.metrics_server
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.secrets_store_csi_driver...
- addons.secrets_store_csi_driver in .terraform/modules/addons.secrets_store_csi_driver
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.secrets_store_csi_driver_provider_aws...
- addons.secrets_store_csi_driver_provider_aws in .terraform/modules/addons.secrets_store_csi_driver_provider_aws
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.velero...
- addons.velero in .terraform/modules/addons.velero
Downloading registry.terraform.io/aws-ia/eks-blueprints-addon/aws 1.1.1 for addons.vpa...
- addons.vpa in .terraform/modules/addons.vpa
Downloading registry.terraform.io/terraform-aws-modules/ec2-instance/aws 5.8.0 for client...
- client in .terraform/modules/client
Downloading registry.terraform.io/terraform-aws-modules/security-group/aws 5.3.0 for client_sg...
- client_sg in .terraform/modules/client_sg
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.21.0 for client_vpc...
- client_vpc in .terraform/modules/client_vpc
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.21.0 for cluster_vpc...
- cluster_vpc in .terraform/modules/cluster_vpc
Downloading registry.terraform.io/terraform-aws-modules/eks/aws 20.36.0 for eks...
- eks in .terraform/modules/eks
- eks.eks_managed_node_group in .terraform/modules/eks/modules/eks-managed-node-group
- eks.eks_managed_node_group.user_data in .terraform/modules/eks/modules/_user_data
- eks.fargate_profile in .terraform/modules/eks/modules/fargate-profile
Downloading registry.terraform.io/terraform-aws-modules/kms/aws 2.1.0 for eks.kms...
- eks.kms in .terraform/modules/eks.kms
- eks.self_managed_node_group in .terraform/modules/eks/modules/self-managed-node-group
- eks.self_managed_node_group.user_data in .terraform/modules/eks/modules/_user_data
Downloading registry.terraform.io/terraform-aws-modules/security-group/aws 5.3.0 for endpoint_sg...
- endpoint_sg in .terraform/modules/endpoint_sg
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.21.0 for vpc_endpoints...
- vpc_endpoints in .terraform/modules/vpc_endpoints/modules/vpc-endpoints
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 3.29.0, >= 4.33.0, >= 4.36.0, >= 4.47.0, >= 4.66.0, >= 5.0.0, >= 5.34.0, >= 5.79.0, >= 5.83.0, >= 5.95.0"...
- Finding hashicorp/helm versions matching ">= 2.9.0"...
- Finding hashicorp/time versions matching ">= 0.9.0, >= 0.10.0"...
- Finding hashicorp/kubernetes versions matching ">= 2.20.0"...
- Finding hashicorp/random versions matching ">= 3.6.0"...
- Finding hashicorp/tls versions matching ">= 3.0.0"...
- Finding hashicorp/null versions matching ">= 3.0.0"...
- Finding hashicorp/cloudinit versions matching ">= 2.0.0"...
- Installing hashicorp/aws v5.96.0...
- Installed hashicorp/aws v5.96.0 (signed by HashiCorp)
- Installing hashicorp/helm v2.17.0...
- Installed hashicorp/helm v2.17.0 (signed by HashiCorp)
- Installing hashicorp/time v0.13.0...
- Installed hashicorp/time v0.13.0 (signed by HashiCorp)
- Installing hashicorp/kubernetes v2.36.0...
- Installed hashicorp/kubernetes v2.36.0 (signed by HashiCorp)
- Installing hashicorp/random v3.7.2...
- Installed hashicorp/random v3.7.2 (signed by HashiCorp)
- Installing hashicorp/tls v4.1.0...
- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)
- Installing hashicorp/null v3.2.4...
- Installed hashicorp/null v3.2.4 (signed by HashiCorp)
- Installing hashicorp/cloudinit v2.3.7...
- Installed hashicorp/cloudinit v2.3.7 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
4. Terraform ๋ชจ๋ ํ๋ก๋น์ ๋
1
2
3
4
5
6
7
8
9
10
11
12
terraform apply -target="module.client_vpc" -auto-approve
terraform apply -target="module.cluster_vpc" -auto-approve
terraform apply -target=aws_route53_zone.primary -auto-approve
terraform apply -target="module.client_sg" -auto-approve
terraform apply -target="module.endpoint_sg" -auto-approve
terraform apply -target="module.client" -auto-approve
terraform apply -target="module.vpc_endpoints" -auto-approve
terraform apply -target="module.eks" -auto-approve
terraform apply -target="module.addons" -auto-approve
โ ย ์ถ๋ ฅ
1
2
3
4
5
...
Outputs:
configure_kubectl = "aws eks update-kubeconfig --name client-server-communication --alias client-server-communication --region ap-northeast-2"
5. Terraform ๋๋จธ์ง ๋ฆฌ์์ค ํ๋ก๋น์ ๋
1
terraform apply -auto-approve
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
...
time_sleep.wait_for_lattice_resources: Still creating... [1m20s elapsed]
time_sleep.wait_for_lattice_resources: Still creating... [1m30s elapsed]
time_sleep.wait_for_lattice_resources: Still creating... [1m40s elapsed]
time_sleep.wait_for_lattice_resources: Still creating... [1m50s elapsed]
time_sleep.wait_for_lattice_resources: Creation complete after 2m0s [id=2025-04-26T16:03:57Z]
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Outputs:
configure_kubectl = "aws eks update-kubeconfig --name client-server-communication --alias client-server-communication --region ap-northeast-2"
6. kubectl config ์ค์
1
2
3
4
aws eks update-kubeconfig --name client-server-communication --alias client-server-communication --region ap-northeast-2
# ๊ฒฐ๊ณผ
Added new context client-server-communication to /home/devshin/.kube/config
7. Amazon EKS ์๋ํฌ์ธํธ ์์ฒญ์ด ์ ์์ ์ผ๋ก ์์ ๋๋์ง ํ์ธ
1
kubectl get po -A
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
NAMESPACE NAME READY STATUS RESTARTS AGE
apps server-6d44dd47-h5n8b 1/1 Running 0 3m42s
apps server-6d44dd47-rv8lk 1/1 Running 0 3m42s
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-686b6cw 1/1 Running 0 5m36s
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-68qgktp 1/1 Running 0 5m36s
external-dns external-dns-555c676b8-b8ssx 1/1 Running 0 5m37s
kube-system aws-node-cvv9l 2/2 Running 0 6m48s
kube-system aws-node-fpt56 2/2 Running 0 6m49s
kube-system aws-node-qcgms 2/2 Running 0 6m49s
kube-system coredns-5b9dfbf96-kb5nc 1/1 Running 0 10m
kube-system coredns-5b9dfbf96-s5qtw 1/1 Running 0 10m
kube-system kube-proxy-885cd 1/1 Running 0 6m48s
kube-system kube-proxy-h4fdj 1/1 Running 0 6m49s
kube-system kube-proxy-wrv47 1/1 Running 0 6m49s
๐ ํ๋ก๋น์ ๋ ๋ ์ธํ๋ผ ํ์ธ
1. VPC
VPC ์์ฑ ์ฌ๋ถ ํ์ธ 
2. Amazon VPC Lattice Target Group ํ์ธ
(1) VPC Lattice Service์ ์ธ๋ถ ํญ๋ชฉ ์ค Routing ์น์
ํด๋ฆญ ํ Listener ๊ท์น ๋ฐ ๋์ ๊ทธ๋ฃน ํ์ธ 
(2) Registered targets ์น์
์์ IP address์ Port ๋ฒํธ๋ก ๋ผ์ฐํ
๋์ ํ์ธ 
(3) ๋์ server ํ๋ IP ์ฃผ์ ์กฐํ
1
kubectl get po -n apps -o wide
โ ย ์ถ๋ ฅ
1
2
3
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
server-6d44dd47-h5n8b 1/1 Running 0 11m 10.0.23.178 ip-10-0-24-149.ap-northeast-2.compute.internal <none> <none>
server-6d44dd47-rv8lk 1/1 Running 0 11m 10.0.35.113 ip-10-0-35-253.ap-northeast-2.compute.internal <none> <none>
(3) server ํ๋์ ์๋น์ค ์ ๋ณด ๋ฐ ํฌํธ ๋ฒํธ ์กฐํ
1
kubectl get svc -n apps
โ ย ์ถ๋ ฅ
1
2
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
server ClusterIP 172.20.120.176 <none> 8090/TCP 13m
3. AWS Gateway API Controller ๋์ ์ฒดํฌ
(1) AWS Gateway API Controller ๋ก๊ทธ lattice.log ํ์ผ๋ก ์ ์ฅ
1
2
3
4
kubectl logs deployment/aws-gateway-api-controller-aws-gateway-controller-chart -n aws-application-networking-system --all-containers=true > lattice.log
# ๊ฒฐ๊ณผ
Found 2 pods, using pod/aws-gateway-api-controller-aws-gateway-controller-chart-686b6cw
(2) AWS Gateway API Controller ๋์ ํ์ธ
1
vi lattice.log
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
{"level":"info","ts":"2025-04-26T16:00:00.213Z","logger":"setup","caller":"workspace/main.go:112","msg":"init config","VpcId":"vpc-03a61c5744e53f59d","Region":"ap-northeast-2","AccountId":"378102432899","DefaultServiceNetwork":"","ClusterName":"client-server-communication","LogLevel":"debug"}
{"level":"debug","ts":"2025-04-26T16:00:00.321Z","logger":"controller.iam-auth-policy","caller":"policyhelper/policy.go:252","msg":"add watchers for types: [{gateway.networking.k8s.io Gateway} {gateway.networking.k8s.io HTTPRoute} {gateway.networking.k8s.io GRPCRoute}]"}
{"level":"debug","ts":"2025-04-26T16:00:00.322Z","logger":"controller.target-group-policy","caller":"policyhelper/policy.go:252","msg":"add watchers for types: [{ Service}]"}
{"level":"debug","ts":"2025-04-26T16:00:00.322Z","logger":"controller.vpc-association-policy","caller":"policyhelper/policy.go:252","msg":"add watchers for types: [{gateway.networking.k8s.io Gateway}]"}
{"level":"info","ts":"2025-04-26T16:00:00.322Z","logger":"setup","caller":"workspace/main.go:217","msg":"starting manager"}
{"level":"info","ts":"2025-04-26T16:00:00.322Z","logger":"runtime.controller-runtime.metrics","caller":"server/server.go:185","msg":"Starting metrics server"}
I0426 16:00:00.322585 1 leaderelection.go:250] attempting to acquire leader lease aws-application-networking-system/amazon-vpc-lattice.io...
{"level":"info","ts":"2025-04-26T16:00:00.322Z","logger":"runtime.controller-runtime.metrics","caller":"server/server.go:224","msg":"Serving metrics server","bindAddress":":8080","secure":false}
{"level":"info","ts":"2025-04-26T16:00:00.322Z","logger":"runtime","caller":"manager/server.go:50","msg":"starting server","kind":"health probe","addr":"[::]:8081"}
{"level":"debug","ts":"2025-04-26T16:00:30.580Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:00:30.580Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.27270546}
{"level":"debug","ts":"2025-04-26T16:01:00.361Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:01:00.362Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.054292284}
{"level":"debug","ts":"2025-04-26T16:01:30.352Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:01:30.352Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.045031302}
{"level":"debug","ts":"2025-04-26T16:02:00.352Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:02:00.386Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"info","ts":"2025-04-26T16:02:00.489Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:122","msg":"Setting customer-domain-name: server.example.com for route server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:141","msg":"Added service server-apps to the stack (ID server-apps)"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_listener.go:23","msg":"Listener parentRef SectionName is http"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_listener.go:26","msg":"Building Listener for Route server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_listener.go:113","msg":"Added listener server-apps to the stack (ID id-30e2286f178f6d12b81339b408a83399dfca872e50a93aa718b1bdc94a4891ae)"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:84","msg":"Building rules for 1 listeners"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_rule.go:35","msg":"Processing 1 rules"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_rule.go:47","msg":"Processing rule match"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_rule.go:109","msg":"Examining pathmatch type PathPrefix value / for for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_rule.go:119","msg":"Using PathMatchPathPrefix for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_rule.go:226","msg":"Processing Service backendRef server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:00.590Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:298","msg":"buildTargetGroupSpec, kind Service"}
{"level":"debug","ts":"2025-04-26T16:02:00.796Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:264","msg":"Added target group for backendRef server to the stack id-918a728616f181548471cee5147610ef76a7cb6cf2c607bca3dbb8d9126774d9"}
{"level":"debug","ts":"2025-04-26T16:02:00.796Z","logger":"controller.route","caller":"gateway/model_build_targets.go:87","msg":"Processing targets for service server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:00.896Z","logger":"controller.route","caller":"gateway/model_build_rule.go:91","msg":"Added rule 1 to the stack (ID id-a78db65f9775cb7dc8fa73808642d463fa33af400de07c072eee55884268cac5)"}
{"level":"debug","ts":"2025-04-26T16:02:00.896Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:321","msg":"Route TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is up to date"}
{"level":"debug","ts":"2025-04-26T16:02:00.896Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.588905628}
{"level":"debug","ts":"2025-04-26T16:02:30.364Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"info","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:122","msg":"Setting customer-domain-name: server.example.com for route server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:141","msg":"Added service server-apps to the stack (ID server-apps)"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_listener.go:23","msg":"Listener parentRef SectionName is http"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_listener.go:26","msg":"Building Listener for Route server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_listener.go:113","msg":"Added listener server-apps to the stack (ID id-30e2286f178f6d12b81339b408a83399dfca872e50a93aa718b1bdc94a4891ae)"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:84","msg":"Building rules for 1 listeners"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:35","msg":"Processing 1 rules"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:47","msg":"Processing rule match"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:109","msg":"Examining pathmatch type PathPrefix value / for for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:119","msg":"Using PathMatchPathPrefix for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:226","msg":"Processing Service backendRef server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:298","msg":"buildTargetGroupSpec, kind Service"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:264","msg":"Added target group for backendRef server to the stack id-918a728616f181548471cee5147610ef76a7cb6cf2c607bca3dbb8d9126774d9"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_targets.go:87","msg":"Processing targets for service server-apps"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"gateway/model_build_rule.go:91","msg":"Added rule 1 to the stack (ID id-a78db65f9775cb7dc8fa73808642d463fa33af400de07c072eee55884268cac5)"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:321","msg":"Route TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is up to date"}
{"level":"debug","ts":"2025-04-26T16:02:30.386Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.079111387}
{"level":"debug","ts":"2025-04-26T16:03:00.350Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:03:00.374Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"info","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:122","msg":"Setting customer-domain-name: server.example.com for route server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:141","msg":"Added service server-apps to the stack (ID server-apps)"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_listener.go:23","msg":"Listener parentRef SectionName is http"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_listener.go:26","msg":"Building Listener for Route server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_listener.go:113","msg":"Added listener server-apps to the stack (ID id-30e2286f178f6d12b81339b408a83399dfca872e50a93aa718b1bdc94a4891ae)"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:84","msg":"Building rules for 1 listeners"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:35","msg":"Processing 1 rules"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:47","msg":"Processing rule match"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:109","msg":"Examining pathmatch type PathPrefix value / for for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:119","msg":"Using PathMatchPathPrefix for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:226","msg":"Processing Service backendRef server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:298","msg":"buildTargetGroupSpec, kind Service"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:264","msg":"Added target group for backendRef server to the stack id-918a728616f181548471cee5147610ef76a7cb6cf2c607bca3dbb8d9126774d9"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_targets.go:87","msg":"Processing targets for service server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"gateway/model_build_rule.go:91","msg":"Added rule 1 to the stack (ID id-a78db65f9775cb7dc8fa73808642d463fa33af400de07c072eee55884268cac5)"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:321","msg":"Route TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is up to date"}
{"level":"debug","ts":"2025-04-26T16:03:00.375Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.066947268}
{"level":"debug","ts":"2025-04-26T16:03:30.359Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:03:30.381Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"info","ts":"2025-04-26T16:03:30.381Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:122","msg":"Setting customer-domain-name: server.example.com for route server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:30.381Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:141","msg":"Added service server-apps to the stack (ID server-apps)"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_listener.go:23","msg":"Listener parentRef SectionName is http"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_listener.go:26","msg":"Building Listener for Route server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_listener.go:113","msg":"Added listener server-apps to the stack (ID id-30e2286f178f6d12b81339b408a83399dfca872e50a93aa718b1bdc94a4891ae)"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:84","msg":"Building rules for 1 listeners"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:35","msg":"Processing 1 rules"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:47","msg":"Processing rule match"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:109","msg":"Examining pathmatch type PathPrefix value / for for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:119","msg":"Using PathMatchPathPrefix for httproute server-apps "}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:226","msg":"Processing Service backendRef server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:298","msg":"buildTargetGroupSpec, kind Service"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_targetgroup.go:264","msg":"Added target group for backendRef server to the stack id-918a728616f181548471cee5147610ef76a7cb6cf2c607bca3dbb8d9126774d9"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_targets.go:87","msg":"Processing targets for service server-apps"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"gateway/model_build_rule.go:91","msg":"Added rule 1 to the stack (ID id-a78db65f9775cb7dc8fa73808642d463fa33af400de07c072eee55884268cac5)"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:321","msg":"Route TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is up to date"}
{"level":"debug","ts":"2025-04-26T16:03:30.382Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.073790243}
{"level":"debug","ts":"2025-04-26T16:04:00.363Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:04:00.382Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:04:00.382Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:04:00.382Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.073984275}
{"level":"debug","ts":"2025-04-26T16:04:30.371Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:04:30.395Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:04:30.395Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:04:30.395Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.087691915}
{"level":"debug","ts":"2025-04-26T16:05:00.359Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:05:00.384Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:05:00.384Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:05:00.384Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.076177087}
{"level":"debug","ts":"2025-04-26T16:05:30.355Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:05:30.371Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:05:30.371Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:05:30.371Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.062691019}
{"level":"debug","ts":"2025-04-26T16:06:00.370Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:06:00.392Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:06:00.392Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:06:00.393Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.085102621}
{"level":"debug","ts":"2025-04-26T16:06:30.351Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:06:30.369Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:06:30.369Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:06:30.369Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.061314786}
{"level":"debug","ts":"2025-04-26T16:07:00.354Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:07:00.377Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:07:00.377Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:07:00.377Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.069906855}
{"level":"debug","ts":"2025-04-26T16:07:30.365Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:07:30.388Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:07:30.388Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:07:30.388Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.080493519}
{"level":"debug","ts":"2025-04-26T16:08:00.357Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:08:00.378Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:08:00.378Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:08:00.378Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.070793292}
{"level":"debug","ts":"2025-04-26T16:08:30.365Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:08:30.386Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:08:30.386Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:08:30.386Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.079021571}
{"level":"debug","ts":"2025-04-26T16:09:00.354Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:09:00.378Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:09:00.378Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:09:00.378Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.071219754}
{"level":"debug","ts":"2025-04-26T16:09:30.349Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:09:30.371Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:09:30.371Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:09:30.371Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.06362976}
{"level":"debug","ts":"2025-04-26T16:10:00.354Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:10:00.375Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:10:00.375Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:10:00.375Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.068111398}
{"level":"debug","ts":"2025-04-26T16:10:30.358Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:10:30.375Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:10:30.375Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:10:30.375Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.067431472}
{"level":"debug","ts":"2025-04-26T16:11:00.360Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:11:00.377Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:11:00.377Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:11:00.377Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.070150803}
{"level":"debug","ts":"2025-04-26T16:11:30.352Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:11:30.373Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:11:30.373Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:11:30.373Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.065527826}
{"level":"debug","ts":"2025-04-26T16:12:00.356Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:12:00.377Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:12:00.377Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:12:00.377Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.069280145}
{"level":"debug","ts":"2025-04-26T16:12:30.355Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:12:30.381Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:12:30.381Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:12:30.381Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.073713078}
{"level":"debug","ts":"2025-04-26T16:13:00.367Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:13:00.390Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:13:00.390Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:13:00.390Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.082478873}
{"level":"debug","ts":"2025-04-26T16:13:30.366Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:13:30.391Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:13:30.391Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:13:30.391Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.083265847}
{"level":"debug","ts":"2025-04-26T16:14:00.352Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:14:00.374Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:14:00.374Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:14:00.374Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.066375036}
{"level":"debug","ts":"2025-04-26T16:14:30.367Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:14:30.382Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:14:30.382Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:14:30.382Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.074266469}
{"level":"debug","ts":"2025-04-26T16:15:00.352Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:15:00.373Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:15:00.373Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:15:00.373Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.065129722}
{"level":"debug","ts":"2025-04-26T16:15:30.350Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:15:30.373Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:15:30.373Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:15:30.373Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.065587581}
{"level":"debug","ts":"2025-04-26T16:16:00.355Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"VPC Lattice","operation":"ListTargetGroups","params":"{\n\n}"}
{"level":"debug","ts":"2025-04-26T16:16:00.379Z","logger":"cloud","caller":"aws/cloud.go:65","msg":"response","serviceName":"tagging","operation":"GetResources","params":"{\n ResourceARNList: [\"arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a\"]\n}"}
{"level":"debug","ts":"2025-04-26T16:16:00.380Z","logger":"controller.route","caller":"lattice/target_group_synthesizer.go:184","msg":"TargetGroup arn:aws:vpc-lattice:ap-northeast-2:378102432899:targetgroup/tg-0858b1446d1c60a9a (k8s-apps-server-bytaygpvhu) is referenced by lattice service"}
{"level":"debug","ts":"2025-04-26T16:16:00.380Z","logger":"controller.route.tg-gc","caller":"deploy/stack_deployer.go:178","msg":"gc stats","delete_attempts":0,"delete_success":0,"duration":0.072554688}
serverService์my-servicesGateway ์์ฑ ๊ฐ์ง ๋ฐ reconcile ์์ ์ํserver-appsRoute ๋์์ผ๋กserver.example.com๋๋ฉ์ธ๊ณผ VPC Lattice Service ๊ตฌ์ฑ- Listener rule ์์ฑ, PathPrefix ์ค์ , backendRefs ๋์ ๊ทธ๋ฃน ๊ตฌ์ฑ
- ๋์ ๊ทธ๋ฃน์ ๋ผ์ฐํ ๋์ Pod์ IP ์ฃผ์ ๋ฐ Port ๋ฒํธ ์ธํ
๐๏ธ ์ค์ต ๋ฆฌ์์ค ์ ๋ฆฌ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
terraform destroy -target="module.client_vpc" -auto-approve
terraform destroy -target="module.cluster_vpc" -auto-approve
terraform destroy -target=aws_route53_zone.primary -auto-approve
terraform destroy -target="module.client_sg" -auto-approve
terraform destroy -target="module.endpoint_sg" -auto-approve
terraform destroy -target="module.client" -auto-approve
terraform destroy -target="module.vpc_endpoints" -auto-approve
terraform destroy -target="module.eks" -auto-approve
terraform destroy -target="module.addons" -auto-approve
terraform destroy -auto-approve
๐ก๏ธ [์ค์ต 2] Multi Cluster secure communication
๐ environment ํ๋ก๋น์ ๋
1. ์ค์ต ๋๋ ํฐ๋ฆฌ ์ด๋
1
cd terraform-aws-eks-blueprints/patterns/vpc-lattice/cross-cluster-pod-communication/environment/
2. main.tf ์์
7๋ฒ์งธ ๋ผ์ธ region ap-northeast-2๋ก ์์ 
3. environment ์ธํ๋ผ ํ๋ก๋น์ ๋
1
2
terraform init
terraform apply --auto-approve
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.34.0"...
- Installing hashicorp/aws v5.96.0...
- Installed hashicorp/aws v5.96.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
data.aws_iam_policy_document.eks_assume: Reading...
data.aws_iam_policy_document.eks_assume: Read complete after 0s [id=819195744]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
...
๐๏ธ cluster ํ๋ก๋น์ ๋
1. cross-cluster-pod-communication/cluster/ ๋๋ ํฐ๋ฆฌ๋ก ์ด๋
1
cd ../cluster/
2. main.tf ํ์ผ ์์
31๋ฒ์งธ ๋ผ์ธ์ region ap-northeast-2๋ก ์์ 
3. ์ฒซ๋ฒ์งธ EKS ํด๋ฌ์คํฐ ๋ฐฐํฌ
1
./deploy.sh cluster1
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
...
helm_release.demo_application: Still creating... [10s elapsed]
helm_release.demo_application: Still creating... [20s elapsed]
helm_release.demo_application: Still creating... [30s elapsed]
helm_release.demo_application: Creation complete after 35s [id=demo-cluster1]
Apply complete! Resources: 81 added, 0 changed, 0 destroyed.
Outputs:
configure_kubectl = "aws eks update-kubeconfig --name eks-cluster1 --alias eks-cluster1 --region ap-northeast-2"
๋ฐฐํฌ ์๋ฃ ํ ์๋ ๋ช ๋ น์ด๋ก kubectl config ์ค์
1
2
3
4
eval `terraform output -raw configure_kubectl`
# ๊ฒฐ๊ณผ
Added new context eks-cluster1 to /home/devshin/.kube/config
4. ๋๋ฒ์งธ EKS ํด๋ฌ์คํฐ ๋ฐฐํฌ
1
./deploy.sh cluster2
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
...
module.eks_blueprints_addons.aws_eks_addon.this["coredns"]: Creation complete after 15m26s [id=eks-cluster2:coredns]
helm_release.platform_application: Creating...
helm_release.platform_application: Creation complete after 1s [id=platform-cluster2]
helm_release.demo_application: Creating...
helm_release.demo_application: Still creating... [10s elapsed]
helm_release.demo_application: Still creating... [20s elapsed]
helm_release.demo_application: Still creating... [30s elapsed]
helm_release.demo_application: Creation complete after 33s [id=demo-cluster2]
Apply complete! Resources: 81 added, 0 changed, 0 destroyed.
Outputs:
configure_kubectl = "aws eks update-kubeconfig --name eks-cluster2 --alias eks-cluster2 --region ap-northeast-2"
๋ฐฐํฌ ์๋ฃ ํ ์๋ ๋ช ๋ น์ด๋ก kubectl config ์ค์
1
2
3
4
eval `terraform output -raw configure_kubectl`
# ๊ฒฐ๊ณผ
Added new context eks-cluster2 to /home/devshin/.kube/config
๐ฆ ํ๋ก๋น์ ๋ ๋ ์ธํ๋ผ ๋ฐ ์ ํ๋ฆฌ์ผ์ด์ ํ์ธ
1. Amazon EKS ํด๋ฌ์คํฐ
(1) Amazon EKS ์ฝ์ ์ ์ ํ, ๋ ๊ฐ์ EKS ํด๋ฌ์คํฐ ์์ฑ ํ์ธ 
(2) eks-cluster1 ํด๋ฌ์คํฐ ์ง์
ํ Access > Pod Identity associations ์ด๋
vpc-lattice-sig4-client IAM role์ด apps ๋ค์์คํ์ด์ค์ default Service account์ associate ๋จ 
(3) IAM role ํด๋ฆญ ์ ACM PCA ์ก์ธ์ค ๊ถํ ๋ฐ VPC Lattice Service invoke ๊ถํ ํ์ธ ๊ฐ๋ฅ 
2. VPC Lattice
(1) VPC ์ฝ์ > PrivateLink and Lattice > Lattice services ๊ฒฝ๋ก๋ก ์ด๋ํ์ฌ VPC Lattice Service ๋ชฉ๋ก ํ์ธ 
(2) ๊ฐ Service๊ฐ ์ปค์คํ
๋๋ฉ์ธ ๋ช
์ ๋งคํ๋ ์ํ ํ์ธ 
(3) ๊ฐ Service๊ฐ Private Hosted Zone์ associate๋์ด ์๊ณ PCA ์ธ์ฆ์ ์ฌ์ฉ ์ค 
3. Route53 Private Hosted Zone
4. EKS ํด๋ฌ์คํฐ๋ณ ์ ํ๋ฆฌ์ผ์ด์ ํ์ธ
(1) eks-cluster1์ผ๋ก context ์ค์์นญ
1
2
3
4
kubectl config use-context eks-cluster1
# ๊ฒฐ๊ณผ
Switched to context "eks-cluster1".
(2) eks-cluster1์ ๋ชจ๋ Pod ๋ชฉ๋ก ์กฐํ
1
kubectl get po -A
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
NAMESPACE NAME READY STATUS RESTARTS AGE
apps demo-cluster1-v1-77d97c96d9-dmczp 2/2 Running 0 56m
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-6c5l5xr 1/1 Running 0 59m
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-6cfj2m2 1/1 Running 0 59m
external-dns external-dns-5c6f9b9b87-gcpkk 1/1 Running 0 59m
kube-system aws-node-jjxgl 2/2 Running 0 57m
kube-system aws-node-qtlfc 2/2 Running 0 57m
kube-system aws-node-sqc94 2/2 Running 0 57m
kube-system coredns-5fc547d667-gnjbh 1/1 Running 0 57m
kube-system coredns-5fc547d667-nct4t 1/1 Running 0 57m
kube-system eks-pod-identity-agent-ckkq5 1/1 Running 0 57m
kube-system eks-pod-identity-agent-vgw2g 1/1 Running 0 57m
kube-system eks-pod-identity-agent-zqfw5 1/1 Running 0 57m
kube-system kube-proxy-bpglm 1/1 Running 0 57m
kube-system kube-proxy-c8wxp 1/1 Running 0 57m
kube-system kube-proxy-mrdpw 1/1 Running 0 57m
kyverno kyverno-admission-controller-54b8bdb86f-pflfw 1/1 Running 0 59m
kyverno kyverno-background-controller-64fcf87c7b-z7vlc 1/1 Running 0 59m
kyverno kyverno-cleanup-admission-reports-29094840-5kvqt 0/1 Completed 0 7m24s
kyverno kyverno-cleanup-cluster-admission-reports-29094840-f82qb 0/1 Completed 0 7m24s
kyverno kyverno-cleanup-controller-5b4b8f645b-twrwq 1/1 Running 0 59m
kyverno kyverno-reports-controller-55b9787f78-5pxvb 1/1 Running 0 59m
(3) ๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์
Pod (demo-cluster1-v1) ์์ธ ์ ๋ณด ํ์ธ
1
kubectl describe po demo-cluster1-v1-77d97c96d9-dmczp -n apps
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
Name: demo-cluster1-v1-77d97c96d9-dmczp
Namespace: apps
Priority: 0
Service Account: default
Node: ip-10-0-26-111.ap-northeast-2.compute.internal/10.0.26.111
Start Time: Sun, 27 Apr 2025 02:10:39 +0900
Labels: app=demo-cluster1-v1
pod-template-hash=77d97c96d9
Annotations: vpc-lattices-svcs.amazonaws.com/agent-inject: true
Status: Running
IP: 10.0.17.132
IPs:
IP: 10.0.17.132
Controlled By: ReplicaSet/demo-cluster1-v1-77d97c96d9
Init Containers:
iptables-init:
Container ID: containerd://8d2a220d4a10c405a2d1c4595a9c0d18861f1c375ef0cc79af1d509433f6490b
Image: public.ecr.aws/seb-demo/iptables:v1
Image ID: public.ecr.aws/seb-demo/iptables@sha256:32f68e35a3c5925c7ee4cc664411063579418975e99754e0b9a53b1405b49e03
Port: <none>
Host Port: <none>
Command:
/bin/sh
-c
iptables -t nat -N EGRESS_PROXY; iptables -t nat -A OUTPUT -p tcp -d 169.254.171.0/24 -j EGRESS_PROXY; iptables -t nat -A EGRESS_PROXY -m owner --gid-owner 0 -j RETURN; iptables -t nat -A EGRESS_PROXY -p tcp -j REDIRECT --to-ports 8080; iptables -t nat -L -n -v;
State: Terminated
Reason: Completed
Exit Code: 0
Started: Sun, 27 Apr 2025 02:10:44 +0900
Finished: Sun, 27 Apr 2025 02:10:44 +0900
Ready: True
Restart Count: 0
Environment:
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: ap-northeast-2
AWS_REGION: ap-northeast-2
AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-f9xwp (ro)
/var/run/secrets/pods.eks.amazonaws.com/serviceaccount from eks-pod-identity-token (ro)
Containers:
envoy-sigv4:
Container ID: containerd://16b852a81664917a8f66927ab904a34aa5ac76f87f1da66a0f9bca9a128095c9
Image: public.ecr.aws/seb-demo/envoy-sigv4:v0.5
Image ID: public.ecr.aws/seb-demo/envoy-sigv4@sha256:097a68853c38c9cc2cf44d1de31e10538dd5b312cbc9092b12d2e49f7f92fdee
Port: 8080/TCP
Host Port: 0/TCP
Args:
-l
info
State: Running
Started: Sun, 27 Apr 2025 02:10:58 +0900
Ready: True
Restart Count: 0
Environment:
APP_DOMAIN: example.com
CA_ARN: arn:aws:acm-pca:ap-northeast-2:378102432899:certificate-authority/f9ec5283-69d8-4f98-ad5e-0f2f9cc02eb1
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: ap-northeast-2
AWS_REGION: ap-northeast-2
AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-f9xwp (ro)
/var/run/secrets/pods.eks.amazonaws.com/serviceaccount from eks-pod-identity-token (ro)
demo-cluster1-v1:
Container ID: containerd://fca32be9c5cb17059ad6f885e472213073bccbd15802db28ec6c0ce7bb186344
Image: public.ecr.aws/seb-demo/http-server:latest
Image ID: public.ecr.aws/seb-demo/http-server@sha256:05b913f6c411303f8967ed556b12c80ca49c63a9a37005bc8651c18df54266a6
Port: <none>
Host Port: <none>
State: Running
Started: Sun, 27 Apr 2025 02:11:11 +0900
Ready: True
Restart Count: 0
Environment:
PodName: Hello from demo-cluster1-v1
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: ap-northeast-2
AWS_REGION: ap-northeast-2
AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-f9xwp (ro)
/var/run/secrets/pods.eks.amazonaws.com/serviceaccount from eks-pod-identity-token (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
eks-pod-identity-token:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 86000
kube-api-access-f9xwp:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 58m default-scheduler Successfully assigned apps/demo-cluster1-v1-77d97c96d9-dmczp to ip-10-0-26-111.ap-northeast-2.compute.internal
Normal Pulling 58m kubelet Pulling image "public.ecr.aws/seb-demo/iptables:v1"
Normal Pulled 58m kubelet Successfully pulled image "public.ecr.aws/seb-demo/iptables:v1" in 4.882s (4.882s including waiting). Image size: 55339336 bytes.
Normal Created 58m kubelet Created container iptables-init
Normal Started 58m kubelet Started container iptables-init
Normal Pulling 58m kubelet Pulling image "public.ecr.aws/seb-demo/envoy-sigv4:v0.5"
Normal Pulled 58m kubelet Successfully pulled image "public.ecr.aws/seb-demo/envoy-sigv4:v0.5" in 10.436s (10.436s including waiting). Image size: 318174943 bytes.
Normal Created 58m kubelet Created container envoy-sigv4
Normal Started 58m kubelet Started container envoy-sigv4
Normal Pulling 58m kubelet Pulling image "public.ecr.aws/seb-demo/http-server:latest"
Normal Pulled 58m kubelet Successfully pulled image "public.ecr.aws/seb-demo/http-server:latest" in 13.377s (13.377s including waiting). Image size: 229544141 bytes.
Normal Created 58m kubelet Created container demo-cluster1-v1
Normal Started 58m kubelet Started container demo-cluster1-v1
- Init Containers:
iptables-init- envoy-sigv4 ์ปจํ ์ด๋๋ฅผ ์ํ IPTables ๊ท์น ์ธํ
- ์์ค ํ๋ก์ธ์ค gid๊ฐ 0์ด ์๋ ๊ฒฝ์ฐ ํธ๋ํฝ์ envoy๋ก ๋ฆฌ๋๋ ์
- Containers
envoy-sigv4(์ฌ์ด๋์นด ํ๋ก์ ์ญํ , Private CA ์ธ์ฆ์๋ฅผ ํตํด VPC Lattice ํต์ )demo-cluster1-v1(์ ํ๋ฆฌ์ผ์ด์ ์๋ฒ)
(4) eks-cluster2 ํด๋ฌ์คํฐ๋ก ์ ํ ํ, ํ๋ ๋ชฉ๋ก ์กฐํ
1
2
3
4
kubectl config use-context eks-cluster2
# ๊ฒฐ๊ณผ
Switched to context "eks-cluster2".
1
kubectl get po -A
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
NAMESPACE NAME READY STATUS RESTARTS AGE
apps demo-cluster2-v1-75cb9cd4bb-jjmcx 2/2 Running 0 34m
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-6flh5zb 1/1 Running 0 49m
aws-application-networking-system aws-gateway-api-controller-aws-gateway-controller-chart-6flrrpn 1/1 Running 0 49m
external-dns external-dns-594fd4bffb-zmsgt 1/1 Running 0 49m
kube-system aws-node-gb5r8 2/2 Running 0 48m
kube-system aws-node-rl79m 2/2 Running 0 48m
kube-system aws-node-s6pkj 2/2 Running 0 48m
kube-system coredns-5fc547d667-k5zks 1/1 Running 0 49m
kube-system coredns-5fc547d667-sjpxd 1/1 Running 0 49m
kube-system eks-pod-identity-agent-5n5cc 1/1 Running 0 48m
kube-system eks-pod-identity-agent-87lz2 1/1 Running 0 48m
kube-system eks-pod-identity-agent-w2wsz 1/1 Running 0 48m
kube-system kube-proxy-7mfkd 1/1 Running 0 48m
kube-system kube-proxy-bsqs9 1/1 Running 0 48m
kube-system kube-proxy-zrpq8 1/1 Running 0 48m
kyverno kyverno-admission-controller-54b8bdb86f-27x2r 1/1 Running 0 50m
kyverno kyverno-background-controller-64fcf87c7b-wlz5h 1/1 Running 0 50m
kyverno kyverno-cleanup-admission-reports-29094850-wd76l 0/1 Completed 0 112s
kyverno kyverno-cleanup-cluster-admission-reports-29094850-ptwd8 0/1 Completed 0 112s
kyverno kyverno-cleanup-controller-5b4b8f645b-7z62j 1/1 Running 0 50m
kyverno kyverno-reports-controller-55b9787f78-h2v9k 1/1 Running 0 50m
๐ก ํต์ ํ ์คํธ ๋ฐ ๋์๋ฐฉ์ ํ์ธ
1. ํด๋ฌ์คํฐ ๊ฐ ํต์ ํ ์คํธ
(1) eks-cluster1์์ eks-cluster2์ ๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์
์ผ๋ก ์์ฒญ ์ ์ก
1
2
3
kubectl --context eks-cluster1 \
exec -ti -n apps deployments/demo-cluster1-v1 -c demo-cluster1-v1 \
-- curl demo-cluster2.example.com
โ ย ์ถ๋ ฅ
1
Requsting to Pod(demo-cluster2-v1-75cb9cd4bb-jjmcx): Hello from demo-cluster2-v1
(2) eks-cluster1์์ ์์ฒด ๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์
์ผ๋ก ์์ฒญ ์ ์ก
1
2
3
kubectl --context eks-cluster1 \
exec -ti -n apps deployments/demo-cluster1-v1 -c demo-cluster1-v1 \
-- curl demo-cluster1.example.com
โ ย ์ถ๋ ฅ
1
AccessDeniedException: User: arn:aws:sts::xxxxxxxxxxxxx:assumed-role/vpc-lattice-sigv4-client/eks-eks-cluste-demo-clust-f05537fc-1af2-4d43-8128-6caf61ce29e0 is not authorized to perform: vpc-lattice-svcs:Invoke on resource: arn:aws:vpc-lattice:ap-northeast-2:378102432899:service/svc-0c3108058ee5dce9b/ because no service-based policy allows the vpc-lattice-svcs:Invoke action
eks-cluster1์ IAMAuthPolicy๊ฐeks-cluster2๋ก์ ํธ์ถ๋ง ํ์ฉํ๋๋ก ์ค์ ๋์ด ๋ฐ์
2. IAMAuthPolicy ์ค์ ํ์ธ
IAMAuthPolicy ์ธ๋ถ ์ ์ฑ ์กฐํ
1
2
3
kubectl --context eks-cluster1 \
get IAMAuthPolicy -n apps demo-cluster1-iam-auth-policy \
-o json | jq ".spec.policy | fromjson"
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::378102432899:root"
},
"Action": "vpc-lattice-svcs:Invoke",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalTag/eks-cluster-name": "eks-cluster2",
"aws:PrincipalTag/kubernetes-namespace": "apps"
}
}
}
]
}
eks-cluster-name์ดeks-cluster2์ด๊ณkubernetes-namespace๊ฐapps์ผ ๋๋งvpc-lattice-svcs:Invoke์ก์ ํ์ฉ
3. ๋ฆฌ์์ค ๋งคํ ๊ตฌ์กฐ ํ์ธ
(1) IAMAuthPolicy ์์ธ ์กฐํ
1
kubectl describe IAMAuthPolicy demo-cluster1-iam-auth-policy -n apps
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Name: demo-cluster1-iam-auth-policy
Namespace: apps
Labels: app.kubernetes.io/managed-by=Helm
Annotations: application-networking.k8s.aws/iam-auth-policy-resource-id: svc-0c3108058ee5dce9b
application-networking.k8s.aws/iam-auth-policy-resource-type: Service
meta.helm.sh/release-name: demo-cluster1
meta.helm.sh/release-namespace: apps
API Version: application-networking.k8s.aws/v1alpha1
Kind: IAMAuthPolicy
Metadata:
Creation Timestamp: 2025-04-26T17:10:39Z
Finalizers:
application-networking.k8s.aws/iam-auth-policy
Generation: 1
Resource Version: 2795
UID: 74a20504-1385-473e-b50d-b305fadff85a
Spec:
Policy: {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::378102432899:root"
},
"Action": "vpc-lattice-svcs:Invoke",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalTag/eks-cluster-name": "eks-cluster2",
"aws:PrincipalTag/kubernetes-namespace": "apps"
}
}
}
]
}
Target Ref:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Name: demo-cluster1
Namespace: apps
Status:
Conditions:
Last Transition Time: 2025-04-26T17:10:39Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Events: <none>
- ์ ์ฉ ๋์(Target Ref)์ด
apps๋ค์์คํ์ด์ค์demo-cluster1HTTPRoute ๋ฆฌ์์ค์์ ํ์ธ
(2) HTTPRoute ๋ฆฌ์์ค ์์ธ ์กฐํ
1
kubectl describe HTTPRoute demo-cluster1 -n apps
โ ย ์ถ๋ ฅ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Name: demo-cluster1
Namespace: apps
Labels: app.kubernetes.io/managed-by=Helm
Annotations: application-networking.k8s.aws/lattice-assigned-domain-name:
demo-cluster1-apps-0c3108058ee5dce9b.7d67968.vpc-lattice-svcs.ap-northeast-2.on.aws
meta.helm.sh/release-name: demo-cluster1
meta.helm.sh/release-namespace: apps
API Version: gateway.networking.k8s.io/v1beta1
Kind: HTTPRoute
Metadata:
Creation Timestamp: 2025-04-26T17:10:39Z
Finalizers:
httproute.k8s.aws/resources
Generation: 1
Resource Version: 3222
UID: 5fc6c887-e2e7-48fd-bb5b-2a9f350b1076
Spec:
Hostnames:
demo-cluster1.example.com
Parent Refs:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: lattice-gateway
Namespace: lattice-gateway
Section Name: http-listener
Group: gateway.networking.k8s.io
Kind: Gateway
Name: lattice-gateway
Namespace: lattice-gateway
Section Name: https-listener-with-custom-domain
Rules:
Backend Refs:
Group:
Kind: Service
Name: demo-cluster1-v1
Port: 80
Weight: 1
Matches:
Path:
Type: PathPrefix
Value: /
Status:
Parents:
Conditions:
Last Transition Time: 2025-04-26T17:12:03Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-04-26T17:12:03Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: application-networking.k8s.aws/gateway-api-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: lattice-gateway
Namespace: lattice-gateway
Section Name: http-listener
Conditions:
Last Transition Time: 2025-04-26T17:12:03Z
Message:
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2025-04-26T17:12:03Z
Message:
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Controller Name: application-networking.k8s.aws/gateway-api-controller
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: lattice-gateway
Namespace: lattice-gateway
Section Name: https-listener-with-custom-domain
Events: <none>
- HTTPRoute๊ฐ
demo-cluster1-v1Service๋ก ๋ผ์ฐํ ๋จ
(3) Service ๋ฆฌ์์ค ์์ธ ์กฐํ
1
kubectl describe svc demo-cluster1-v1 -n apps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Name: demo-cluster1-v1
Namespace: apps
Labels: app.kubernetes.io/managed-by=Helm
Annotations: meta.helm.sh/release-name: demo-cluster1
meta.helm.sh/release-namespace: apps
Selector: app=demo-cluster1-v1
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.20.97.205
IPs: 172.20.97.205
Port: <unset> 80/TCP
TargetPort: 8090/TCP
Endpoints: 10.0.17.132:8090
Session Affinity: None
Internal Traffic Policy: Cluster
Events: <none>
- Service๊ฐ
10.0.17.132:8090Pod๋ก ๋ผ์ฐํ ๋จ
(4) Lattice service > demo-cluster1-apps Routing ํญ์์ ๋์ ๊ทธ๋ฃน ๋งคํ ์ ๋ณด ํ์ธ 
(5) ๋ผ์ฐํ
๋์ 10.0.17.132:8090 (demo-cluster1-v1 Pod) 
- ํด๋น ๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ Pod๊ฐ IAMAuthPolicy ๊ท์น์ ๋ฐ๋ผ ์ก์ธ์ค ์ ์ด ์ ์ฉ ์ค
- IAMAuthPolicy๋ฅผ ํตํด ๋ฉํฐ ํด๋ฌ์คํฐ ๊ฐ ์ ํ๋ฆฌ์ผ์ด์ ๋ณ ์ธ๋ฐํ ์ ๊ทผ ์ ์ด ๊ตฌ์ฑ ๊ฐ๋ฅ!
๐๏ธ ์ค์ต ๋ฆฌ์์ค ์ ๋ฆฌ
ํด๋ฌ์คํฐ ์ ๋ฆฌ
1
2
3
4
cd /terraform-aws-eks-blueprints/patterns/vpc-lattice/cross-cluster-pod-communication/cluster/
./destroy.sh cluster2
./destroy.sh cluster1
environment ํ๊ฒฝ ์ ๋ฆฌ
1
2
3
4
5
6
7
8
SN=$(aws vpc-lattice list-service-networks --query 'items[?name==`lattice-gateway`].id' --output text)
if [ -n "$SN" ]; then
aws vpc-lattice delete-service-network --service-network-id "$SN"
fi
cd /terraform-aws-eks-blueprints/patterns/vpc-lattice/cross-cluster-pod-communication/environment/
terraform destroy -auto-approve
This post is licensed under CC BY 4.0 by the author.