Search

Istio Example; Bookinfo Application๐Ÿ“˜

Bookinfo Application ์€ istio ๋ฌธ์„œ์—์„œ ๊ณต์‹์ ์œผ๋กœ ์ œ๊ณตํ•˜๋Š” ์˜ˆ์ œ์ด๋‹ค. ๋ฌธ์„œ์˜ Tasks ์ˆ˜ํ–‰์„ ์œ„ํ•œ ํ™˜๊ฒฝ์ด๊ธฐ๋„ ํ•˜๋‹ค. ์ด ์˜ˆ์‹œ ์•ฑ์„ EKS ์œ„์— ๊ตฌ์„ฑํ•˜์—ฌ, Tasks๋ฅผ ์ง„ํ–‰ํ•  ์ค€๋น„๋ฅผ ํ•œ๋‹ค.
Bookinfo Application
Deploys a sample application composed of four separate microservices used to demonstrate various Istio features.
https://istio.io/latest/docs/examples/bookinfo/

EKS Blueprint

์ง€๋‚œ ๊ธ€์—์„œ ์„ค๋ช…ํ•œ๊ฑฐ์ฒ˜๋Ÿผ EKS Blueprints for Terraform์—” istio pattern์ด ์žˆ๋‹ค.
์ง€๋‚œ๋ฒˆ์— ๊ธฐ๋ณธ์ ์ธ ์‹ค์Šต์„ ํ•˜๊ธฐ ์œ„ํ•ด ๋ฒ„์ „์—… ํ•œ๊ฑฐ ์™ธ์— ์ถ”๊ฐ€๋กœ ์ˆ˜์ •ํ•ด์„œ Bookinfo Application์„ ๊ตฌ์„ฑํ•œ ๊ฒƒ์ด ๋‹ค์Œ PR์— ์ „๋ถ€ ์žˆ๋‹ค:
1
pull
blueprint์—์„œ๋„ ๊ตฌ์„ฑํ•˜๋Š” ํ…Œ๋ผํผ ๋ฆฌ์†Œ์Šค ์ดํ›„์˜ kubernetes ๋ฆฌ์†Œ์Šค๋Š” ์ „๋ถ€ manifests๋ฅผ applyํ•˜๋Š” local-exec provisioner๋กœ ๊ตฌํ˜„ํ–ˆ๋‹ค.
์•„์ฃผ ์ข‹์€ ๋ฐฉ๋ฒ•์ด๋ž€ ์ƒ๊ฐ์€ ๋“ค์ง€ ์•Š์ง€๋งŒ:
โ€ข
kubernetes_manifest ๋ฆฌ์†Œ์Šค๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ์—” manifest๊ฐ€ ์™ธ๋ถ€ ์ข…์†์„ฑ(url)์ด ์žˆ์–ด ์ ํ•ฉํ•˜์ง€ ์•Š์•˜๊ณ 
โ€ข
๋‹ค๋ฅธ ์‹ค์Šต์„ ํ•˜๋”๋ผ๊ณ  bookinfo๋Š” ๊ธฐ๋ณธ ํ™˜๊ฒฝ, ๊ฑฐ์˜ ์ธํ”„๋ผ์— ํ•ด๋‹นํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•ด์„œ, ํ…Œ๋ผํผ ์ฝ”๋“œ ์•ˆ์œผ๋กœ ๋„ฃ์—ˆ๋‹ค.
istio ๊ด€๋ จํ•œ ์‹ค์Šต์€ ์ฝ”๋“œํ™”(IaC)์™€ ์›Œํฌํ”Œ๋กœ ๋ณด๋‹จ ํ‰๋ฌธ ๋ฌธ์„œํ™”์™€ ํ•ธ์ฆˆ์˜จ ์œ„์ฃผ๊ฐ€ ๋  ๊ฒƒ ๊ฐ™๋‹ค.
์ด๋ฒˆ์—๋„ ๋ฌธ์„œ ๋ช…๋ น์–ด๋Œ€๋กœ ๋”ฐ๋ผํ•ด๋„ ํ•œ๋ฒˆ์— ์•ˆ๋˜๋Š” ์ง€์ ์ด ์žˆ์—ˆ๋‹ค. ๊ทธ ๋ถ€๋ถ„ ๋””๋ฒ„๊น…๊ณผ ํ•ด๊ฒฐ ๊ทธ๋ฆฌ๊ณ  bookinfo application๊ณผ istio ์ปดํฌ๋„ŒํŠธ์˜ ๊ตฌ์„ฑ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด์ž.

Bookinfo Application

manifests
์›Œํฌ๋กœ๋“œ์˜ ์•„ํ‚คํ…์ฒ˜๋Š” ์œ„์™€ ๊ฐ™๋‹ค. ์ด๋”ฐ ์˜ฌ๋ ค์„œ ํ™•์ธํ•ด๋ณด๋ฉด ์ฑ…์— ๋Œ€ํ•œ ์ •๋ณด์™€ ๋ฆฌ๋ทฐ๋ฅผ ๋ฒ„์ „๋ณ„๋กœ ๋ณด์—ฌ์ฃผ๋Š” ์•ฑ์ด๋‹ค. MSA ๊ตฌ์„ฑ์ธ๋ฐ:
โ€ข
productpage : details ์™€ reviews ๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ํ™”๋ฉด ๊ตฌ์„ฑ.
โ€ข
details : ์ฑ… ์ •๋ณด์— ๋Œ€ํ•œ ์„œ๋น„์Šค.
โ€ข
reviews : ์ฑ… ๋ฆฌ๋ทฐ์— ๋Œ€ํ•œ ์„œ๋น„์Šค, ์„ธ๊ฐ€์ง€ ๋ฒ„์ „์ด ์žˆ๊ณ  ์ผ๋ถ€ ๋ฒ„์ „์€ ratings ๋ฅผ ํ˜ธ์ถœ.
โ—ฆ
v1: ratings ๋ฅผ ํ˜ธ์ถœํ•˜์ง€ ์•Š์Œ.
โ—ฆ
v2: ratings ๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ๊ฒ€์€์ƒ‰ ๋ณ„์„ ๊ทธ๋ฆผ .
โ—ฆ
v3: ratings ๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ๋นจ๊ฐ„์ƒ‰ ๋ณ„์„ ๊ทธ๋ฆผ .
โ€ข
ratings : ์ฑ… ์ˆœ์œ„์— ๋Œ€ํ•œ ์„œ๋น„์Šค.
๋ฌธ์„œ์—์„  MSA๊ฐ€ ๊ฐ๊ฐ์˜ ์–ธ์–ด๋กœ(polyglot) ๊ตฌ์„ฑ๋˜์–ด ์žˆ๋‹ค๊ณ  ์ž๋ž‘(?)ํ•˜์ง€๋งŒ, ์• ์ดˆ์— istio๋ฅผ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ์œ„์— ์˜ฌ๋ ค์„œ ๊ตฌ์„ฑํ•˜๋‹ค๋ณด๋‹ˆ ๋‹น์—ฐํ•œ๊ฑฐ ๊ฐ™๊ธฐ๋„ ํ•˜๋‹ค. istio๊ฐ€ ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ์™ธ์˜ ํ”Œ๋žซํผ์— ์˜ฌ๋ ค๋„ language/framework agnostic, injection ๊ฐ€๋Šฅํ•œ ๋ฉ”์‹œ๋ผ๋Š” ์ ์„ ๊ฐ•์กฐํ•˜๊ณ  ์‹ถ์€๊ฑฐ ๊ฐ™๋‹ค.
์œ„ ์„œ๋น„์Šค๋ฅผ ๊ฐ ๋งˆ์ดํฌ๋กœ์„œ๋น„์Šค์— envoy proxy sidecar๊ฐ€ injection ๊ฐ€๋Šฅํ•œ ๊ณณ์—(istio-injection=enabled) ์„ค์น˜ํ•˜์—ฌ istio๋กœ ํŠธ๋ž˜ํ”ฝ ํ๋ฆ„์„ ํ™•์ธํ•ด๋ณธ๋‹ค.

Gateway, VirtualService

bookinfo ์„œ๋น„์Šค๋งŒ ๋ฐฐํฌํ•œ ํ›„์— kiali์—์„œ ๊ทธ๋ž˜ํ”„๋ฅผ ์‚ดํŽด๋ณด๋ฉด ์•„๋ฌด๊ฒƒ๋„ ๋‚˜์˜ค์ง€ ์•Š๋Š”๋‹ค. ์ถœ๋ ฅ ๋ฉ”์„ธ์ง€์˜ ํฌํŠธ ํฌ์›Œ๋“œ ๋ช…๋ น(k port-forward -n istio-system kiali 20001:20001)์œผ๋กœ๋„ kiali ์›น ์ฝ˜์†”์— ์ ‘์†ํ•  ์ˆ˜ ์žˆ์ง€๋งŒ, istioctl ์„ ์‚ฌ์šฉํ•˜์—ฌ ์กฐ๊ธˆ ๋” ํŽธ๋ฆฌํ•˜๊ฒŒ ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋‹ค.
Getting Started
Try Istioโ€™s features quickly and easily.
https://istio.io/latest/docs/setup/getting-started/#download
๋‹ค์šด ๋ฐ›๊ณ  PATH์— ๋ฐ”์ด๋„ˆ๋ฆฌ๋ฅผ ์ถ”๊ฐ€ํ•˜์—ฌ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค(์–˜๋‚˜ apcahe kafka๋‚˜ ์™œ brew ๊ฐ™์€ ํŒจํ‚ค์ง€์— ๋‹ด์•„ ์ฃผ์ง€ ์•Š์„๊นŒ?). istioctl dashboard kiali ๋กœ ํฌํŠธ ํฌ์›Œ๋“œ์™€ ๋ธŒ๋ผ์šฐ์ € ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ(์•„์ฃผ ์กฐ๊ธˆ ํŽธํ•œ ๋ถ€๋ถ„ใ…Ž)๋ฅผ ๋™์‹œ์— ํ•ด์ค€๋‹ค. Graph์— ๋“ค์–ด๊ฐ€๋ฉด ๋ทฐ๋ฅผ ์ด๋ฆฌ์ €๋ฆฌ ๋ฐ”๊ฟ”๋„ ํ˜„์žฌ๋Š” ์•„๋ฌด๊ฒƒ๋„ ๋ณด์ด์ง€ ์•Š๋Š”๋‹ค.
istio๋ฅผ ํ†ตํ•œ ํŠธ๋ž˜ํ”ฝ ๊ด€๋ฆฌ, ๊ฐ€์‹œ์„ฑ ํ™•๋ณด๋ฅผ ์œ„ํ•ด ๋‹ค์Œ gateway, virtualservice๋ฅผ ์„œ๋น„์Šค์™€ ๊ฐ™์€ ๋„ค์ž„์ŠคํŽ˜์ด์Šค, default ์— ์„ค์น˜ํ•œ๋‹ค.
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: # The selector matches the ingress gateway pod labels. # If you installed Istio using Helm following the standard documentation, this would be "istio=ingress" selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 # NOTE: 8080์—์„œ ๋ฐ”๊ฟˆ name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "*" gateways: - bookinfo-gateway http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080
YAML
๋ณต์‚ฌ
๋ฌธ์„œ ๋งํฌ์˜ manifest๋ฅผ ๊ทธ๋Œ€๋กœ ์‚ฌ์šฉํ•  ๊ฒฝ์šฐ gateway์˜ .spec.servers[0].port.number ๊ฐ€ 8080์ด๋‹ค. ์ด ๋ถ€๋ถ„์ด ๋ฌธ์ œ์˜€๋Š”๋ฐ, ๊ฒฐ๊ตญ ํ•ด๊ฒฐํ•œ ๊ฒƒ์€ istioctl anaylze ๋•๋ถ„์ด์—ˆ๋‹ค.
Warning [IST0162] (Gateway default/bookinfo-gateway) The gateway is listening on a target port (port 8080) that is not defined in the Service associated with its workload instances (Pod selector istio=ingressgateway). If you need to access the gateway port through the gateway Service, it will not be available.
gateway๊ฐ€ 8080 ํฌํŠธ์— ๋Œ€ํ•ด ์—ด์–ด ๋‘์—ˆ์ง€๋งŒ, selector์˜ ํŒŒ๋“œ์—์„  ํ•ด๋‹น ํฌํŠธ๋ฅผ ๋…ธ์ถœํ•˜์ง€ ์•Š๊ณ  ์žˆ๋‹ค. istio=ingressgateway ๋ฅผ ํžŒํŠธ๋กœ ์ด๊ฒƒ์€ istio-ingress/istio-ingress deploy ์ด์ž svc์ธ ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค.
istio-ingress๋Š” blueprint์—์„œ helm release๋กœ ์„ค์น˜ํ–ˆ๋‹ค:
โ€ข
values(๋ณ€๊ฒฝํ•˜์ง€ ์•Š์Œ)
์ฃผ์„์˜ ๊ฒฝ๊ณ (If you installed Istio using Helm following the standard documentation, this would be "istio=ingress")์™€ ๋‹ฌ๋ฆฌ ๋ ˆ์ด๋ธ”์€ istio=ingressgateway ๋กœ ๋‹ฌ๋ ค ์žˆ์—ˆ๋‹ค.
svc ํ…œํ”Œ๋ฆฟ์€ values์—์„œ ๋ณด์ด๋Š” ๊ฒƒ์ฒ˜๋Ÿผ service.ports ๋ฅผ ๊ทธ๋Œ€๋กœ ํ‰๊ฐ€ํ•œ๋‹ค. deploy ํ…œํ”Œ๋ฆฟ์—” 15090 ์ œ์™ธํ•˜๊ณ  ๋”ฑํžˆ containerPort ๋ฅผ ๋…ธ์ถœํ•˜๊ฑฐ๋‚˜ values๋กœ ์ œ์–ดํ•  ์ˆ˜ ์—†์—ˆ๋‹ค. ๊ทธ๋Ÿผ ์ด๊ฑด ์•ฑ์—์„œ ์ด๋ ‡๊ฒŒ(80, 443์œผ๋กœ) ๋…ธ์ถœํ•˜๊ณ  ์žˆ๋‹ค๋Š” ๊ฒƒ์ด๋ผ gateway์˜ ํฌํŠธ๋ฅผ ๋ฐ”๊ฟจ๋‹ค.
์—ฌ๊ธฐ์„œ ํ—ค๋งธ๋˜ ์ด์œ ๋Š”:
โ€ข
blueprint values ์ฃผ์„์—๋„ ์žˆ๊ณ , ๋ฐ”๋กœ ์˜† ๋””๋ ‰ํ† ๋ฆฌ์— ์žˆ๋Š” gateways/istio-ingress๋Š”
โ—ฆ
๊ธฐ๋ณธ ๊ฐ’์€ 8080, 8443์œผ๋กœ ๋˜์–ด ์žˆ๋‹ค.
โ—ฆ
ํ•˜์ง€๋งŒ ์ด ์ฐจํŠธ์— ์›๊ฒฉ์œผ๋กœ ์ ‘๊ทผ ๊ฐ€๋Šฅํ•œ ๋ฐฉ๋ฒ•์€ ๋ชป์ฐพ์•˜๋‹ค. ๊ฒฐ๊ตญ ์‹ค์Šต์— ์‚ฌ์šฉ๋œ ๊ฒƒ์€ istio/gateway ๊ฐ€ ๋งž๋‹ค.
โ€ข
โ—ฆ
๊ต‰์žฅํžˆ ์ญ?์Šค๋Ÿฌ์› ์œผ๋‚˜ ์ฃผ์„์˜ ํžŒํŠธ๋กœ, mutating webhook์„ ์‚ฌ์šฉํ•ด์„œ(), ์ตœ์ ํ™”๋œ(?) ์ด๋ฏธ์ง€๋ฅผ ๋Ÿฐํƒ€์ž„์— ๋™์ ์œผ๋กœ ์ฃผ์ž…ํ•œ๋‹ค๊ณ  ์ดํ•ดํ–ˆ๋‹ค.
โ—ฆ
์ฐธ์กฐ ๋งํฌ์— ๋”ฐ๋ฅด๋ฉด ํ”„๋ก์‹œ ์‚ฌ์ด๋“œ์นด ์—ญ์‹œ ์ด๋Ÿฐ ๋ฐฉ๋ฒ•์„ ์“ฐ๋Š” ๊ฒƒ ๊ฐ™๋‹ค. ๋‚˜์ค‘์— ๋” ์‚ดํŽด ๋ณผ ๊ฒƒ.
โ€ข
๊ตฌ์„ฑ๋˜๋Š” AWS LB - target group์ด unhealthy์ด๋‹ค(TODO).
โ—ฆ
์œ„์˜ ๋‚˜๋จธ์ง€๋Š” ๋‹ค ์ดํ•ดํ–ˆ์ง€๋งŒ ์ด ๋ถ€๋ถ„์€ ์•„์ง ์˜๋ฌธ์ด๋‹ค. ์–ด๋–ป๊ฒŒ ์š”์ฒญ์ด ๊ฐ€์ง€?(๊ทธ๋Ÿฐ๋ฐ ์„ฑ๊ณตํ•œ๋‹คโ€ฆ)
๊ฒฐ๊ณผ์ ์œผ๋ก  .spec.servers[0].port.number ๋งŒ 80์œผ๋กœ ๋ฐ”๊พธ์–ด์ฃผ๋ฉด istioctl analyze ๋Š” ๊ฒฝ๊ณ ๋ฅผ ๋„์šฐ์ง€ ์•Š๋Š”๋‹ค:
โฏ istioctl analyze -n default โœ” No validation issues found when analyzing namespace: default.
Bash
๋ณต์‚ฌ
GATEWAY_URL์„ ๊ตฌ์„ฑํ•˜์—ฌ ์š”์ฒญํ•˜๋ฉด bookinfo ์„œ๋น„์Šค๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. ์ด๊ฒƒ๋„ ๋ฌธ์„œ์˜ ์„ค๋ช…๊ณผ ํ™˜๊ฒฝ์ด ์กฐ๊ธˆ ๋‹ฌ๋ผ(์•„๋งˆ EKS๊ฐ€ ์•„๋‹ˆ๋ผ์„œ), ๋‹ค์Œ์ฒ˜๋Ÿผ ๋งŒ๋“ค ์ˆ˜ ์žˆ๋‹ค:
โฏ export INGRESS_HOST=$(k -n istio-ingress get svc istio-ingress -oyaml | yq .status.loadBalancer.ingress[0].hostname) โฏ export INGRESS_PORT=$(k -n istio-ingress get svc istio-ingress -oyaml | yq '.spec.ports[] | select(.name=="http2").port') โฏ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT โฏ echo $GATEWAY_URL k8s-istioing-istioing-e9152dbca9-1ae09444cbc035b3.elb.ap-northeast-2.amazonaws.com:80
Bash
๋ณต์‚ฌ
๋ธŒ๋ผ์šฐ์ €์—์„œ /productpage ๋กœ ์š”์ฒญํ•ด๋ณธ๋‹ค(http ์ฃผ์˜):
๋ฆฌ๋ทฐ์— ๊ฒ€์€๋ณ„()์ด ์žˆ๋Š”๊ฑธ๋กœ ๋ณด์•„ reviews:v2๋กœ ์š”์ฒญ์ด ๊ฐ”๋‹ค๊ณ  ์œ ์ถ”ํ•  ์ˆ˜ ์žˆ๋‹ค. bookinfo๋Š” reviews์˜ ๊ฐ ๋ฒ„์ „์— ๋Œ€ํ•ด ๋ผ์šด๋“œ๋กœ๋นˆ ์š”์ฒญ์„ ํ•œ๋‹ค. ์•„์ง destination rules๋ฅผ ์„ค์น˜ํ•˜์ง€ ์•Š์•„ istio๋กœ ์ด๋ฅผ ๊ด€๋ฆฌํ•  ์ˆ˜ ์—†๊ณ  kiali์—์„œ ๋ชจ๋‹ˆํ„ฐํ•  ์ˆ˜ ์—†๋‹ค.

Destination Rules

apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: productpage spec: host: productpage subsets: - name: v1 labels: version: v1 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: ratings spec: host: ratings subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v2-mysql labels: version: v2-mysql - name: v2-mysql-vm labels: version: v2-mysql-vm --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: details spec: host: details subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 ---
YAML
๋ณต์‚ฌ
๋ณ„๋‹ค๋ฅธ ํŠธ๋ž˜ํ”ฝ ์ œ์–ด ์—†์ด ๊ฐ ์›Œํฌ๋กœ๋“œ(ํŒŒ๋“œ) version ๋ ˆ์ด๋ธ”์— ๊ฐ™์€ ์ด๋ฆ„์œผ๋กœ ๋งคํ•‘ํ•œ๋‹ค. bookinfo์˜ ํŒŒ๋“œ๋Š” ๋ชจ๋‘ version ์ด๋ž€ ๋ ˆ์ด๋ธ”์ด ๋‹ฌ๋ ค ์žˆ๋‹ค:
โฏ k -n default get po -oyaml | yq -r '.items | map({.metadata.name: .metadata.labels.version})' - details-v1-5f4d584748-dlwnd: v1 - productpage-v1-564d4686f-nwqb9: v1 - ratings-v1-686ccfb5d8-75rkn: v1 - reviews-v1-86896b7648-lqlfq: v1 - reviews-v2-b7dcd98fb-b9f4l: v2 - reviews-v3-5c5cc7b6d-88vdp: v3
Bash
๋ณต์‚ฌ
ratings์— ์žˆ๋Š” v2-mysql , v2-mysql-vm ์€ ๊ธฐ๋ณธ ํ™˜๊ฒฝ ๊ตฌ์„ฑ์ด ์•„๋‹Œ๊ฑฐ ๊ฐ™๋‹ค. destination rules๊นŒ์ง€ ์„ค์น˜ํ•˜๋ฉด kiali์—์„œ ๊ทธ๋ž˜ํ”„๋กœ ์š”์ฒญ ํ๋ฆ„์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค:
Versioned app graph๋กœ ๋ณด๋ฉด ๊ฐ destination rules์˜ ์„œ๋ธŒ์…‹(๋ฒ„์ „)๋ณ„๋กœ ํ๋ฆ„์„ ๋ณด์—ฌ์ค€๋‹ค. ์„ธ๋ชจ๋Š” ์„œ๋น„์Šค์ด๋‹ค. ๊ทธ๋ž˜ํ”„ ํƒ€์ž…์˜ ๋ฉ”๋‰ด๋ฅผ ์œ„์—์„œ ์•„๋ž˜ ์ˆœ์„œ๋กœ(App > Service > Versioned service > Workload) drill down ํ•˜๋Š” ๋Š๋‚Œ์ด ์žˆ๋‹ค. ์šฐ์ธก ์ƒ๋‹จ์— Replay์— timespan(Last)๊ฐ€ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์š”์ฒญ์„ ํ•œ ํ›„ ์‹œ๊ฐ„์ด ์ง€๋‚˜๋ฉด ๊ทธ๋ž˜ํ”„๊ฐ€ ์‚ฌ๋ผ์ง„๋‹ค.
์š”์ฒญ์„ ๋ช‡ ๋ฒˆ ๋” ํ•˜์—ฌ ๋ชจ๋“  ๋ฒ„์ „์— ๋Œ€ํ•œ ์š”์ฒญ์ด ์ด๋ฃจ์–ด์ง€๋ฉด ์ „์ฒด MSA ๊ตฌ์„ฑ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค.

์ •๋ฆฌ

์‹ค์Šต์„ ๋งˆ์น˜๋ฉด ์ƒ์„ฑํ•œ ๋ฆฌ์†Œ์Šค๋ฅผ ์ •๋ฆฌํ•œ๋‹ค. blueprint ์ดํ›„์— provisioner๋กœ ๊ตฌ์„ฑํ•œ ๊ฒƒ์€ ์–ด์ฐจํ”ผ EKS ํด๋Ÿฌ์Šคํ„ฐ๋ฅผ ์ข…๋ฃŒํ•˜์—ฌ ์‚ญ์ œ๊ฐ€ ๋œ๋‹ค. ๋”ฐ๋ผ์„œ blueprint์˜ ์ง€์‹œ๋Œ€๋กœ ์‚ญ์ œํ•œ๋‹ค:
tf destroy -target="module.eks_blueprints_addons" -auto-approve tf destroy -target="module.eks" -auto-approve tf destroy -auto-approve
Bash
๋ณต์‚ฌ
๊ทธ๋Ÿฐ๋ฐ ๋‚˜์˜ ๊ฒฝ์šฐ istio-ingressgateway์— ํ•ด๋‹นํ•˜๋Š” ๋กœ๋“œ๋ฐธ๋Ÿฐ์„œ ์‚ญ์ œ๊ฐ€ ์ž˜ ์•ˆ๋œ๋‹ค. EKS๋ฅผ ์ง€์šธ ๋•Œ ์‚ญ์ œ๋˜์–ด์•ผ ํ•  ๊ฑฐ ๊ฐ™์€๋ฐ alb controller๊ฐ€ ๋จผ์ € ์ฃฝ๋Š”๊ฑฐ ๊ฐ™๋‹ค(โ€ฆ). ๊ทธ๋Ÿฌ๋ฉด ๋งˆ์ง€๋ง‰ ๋‹จ๊ณ„(tf destroy -auto-approve)์—์„œ VPC ์‚ญ์ œ๊ฐ€ ์•ˆ๋œ๋‹ค. ๋กœ๋“œ๋ฐธ๋Ÿฐ์„œ๋ฅผ ์ˆ˜๋™์œผ๋กœ ์‚ญ์ œํ•˜๊ณ  destroy๋ฅผ ์‹คํ–‰ํ•œ๋‹ค(๊ฐ€๋” VPC ์‚ญ์ œ๋„ ์•ˆ๋˜์–ด ์ˆ˜๋™์œผ๋กœ ํ–ˆ๋‹ค).
tf state list | xargs -I{} terraform state rm {}
Bash
๋ณต์‚ฌ
๊ทธ๋Ÿฌ๊ณค ์œ„์ฒ˜๋Ÿผ state์—์„œ๋งŒ ์ง€์šฐ๊ฑฐ๋‚˜ tf destroy ๋ฅผ ๋‹ค์‹œ ์‹คํ–‰ํ•ด๋„ ๋œ๋‹ค.
LB์˜ target groups์€ ์‚ญ์ œ๋˜์ง€ ์•Š๋Š”๋‹ค. ์›น ์ฝ˜์†”์—์„œ ์‚ญ์ œํ•ด์ค€๋‹ค.
์ถ”๊ฐ€๋กœ istio ์ปจํ…์ŠคํŠธ์™€ ํด๋Ÿฌ์Šคํ„ฐ, ์‚ฌ์šฉ์ž๋„ ์‚ญ์ œํ•˜์ž(์–ด์ฐจํ”ผ ๋‹ค์‹œ applyํ•˜๋ฉด ์ƒ์„ฑ๋œ๋‹ค):
k ctx -d istio k config delete-cluster istio k config delete-user istio
Bash
๋ณต์‚ฌ

์Šต๋“ ๊ตํ›ˆ

โ€ข
๋ผ์šฐํŒ…, ์žฅ์•  ์ฃผ์ž… ๋“ฑ ํŠธ๋ž˜ํ”ฝ์„ ์ง์ ‘ ์ œ์–ดํ•˜์ง„ ์•Š์•˜์ง€๋งŒ, istio๊ฐ€ envoy proxy๋ฅผ ํ†ตํ•ด ์–ด๋–ป๊ฒŒ ํŠธ๋ž˜ํ”ฝ์„ ๊ด€๋ฆฌํ• ์ง€ kiali๋กœ ํ™•์ธํ–ˆ๋‹ค.
โ€ข
์ œ๊ณตํ•˜๋Š” ๋ฌธ์„œ/๊ฐ€์ด๋“œ์—์„œ ์•ˆ๋˜๋Š” ์ ์„ ์ตœ์‹  ๋ฒ„์ „์—์„œ ์ˆ˜์ •ํ•˜์—ฌ ํ•ด๊ฒฐํ–ˆ๋‹ค.
โ—ฆ
์•„์ง ๊ธฐ์—ฌํ•  ์ •๋„๋Š” ์•„๋‹ˆ๋‹ค. ๋‹ค์‹œ ํ—ฌ๋ฆ„์ด ์–ด๋ ต๋„คโ€ฆ
โ€ข
mutating webhook์„ ํ†ตํ•œ ์ปจํ…Œ์ด๋„ˆ ์ด๋ฏธ์ง€ ๋™์  ์ ์šฉ์ด๋ž€ ๊ฐœ๋…์ด ์‹ ๊ธฐํ•˜๋‹ค. ์ถ”ํ›„์— deep dive ํ•ด๋ณผ ๊ฒƒ.
โ€ข
๋น„๋ก provisioner๋ฅผ ์ผ์ง€๋งŒ, ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ์ž์ฒด๊ฐ€ manifest๋ฅผ ํ†ตํ•œ ์„ ์–ธ์  ๊ตฌ์„ฑ์ด ๊ฐ€๋Šฅํ•˜์—ฌ, ์˜ˆ์ œ ์•ฑ ํ™˜๊ฒฝ์„ ๊ตฌ์„ฑํ•  ๋•Œ ํฐ ๋ฌธ์ œ๋Š” ์—†์—ˆ๋‹ค.
โ€ข
ํ…Œ๋ผํผ destroy๊ฐ€ ํ•œ๋ฒˆ์—(ํ•˜์‹œ์ฝ”ํ”„ ์ฒ ํ•™), ์—ฐ๊ฒฐ ์•ˆ๋œ ๋ฆฌ์†Œ์Šค๋„(e.g. ์ƒ์„ฑ๋˜๋Š” target groups, ๋ณด์•ˆ๊ทธ๋ฃน, โ€ฆ) ์‚ญ์ œํ•˜๋„๋ก ๊ตฌ์„ฑํ•ด ๋ณผ ๊ฒƒ.
โ€ข
์ด์ œ Task๋ฅผ ์ง„ํ–‰ํ•˜์ž!