\n\u306a\u304b\u306a\u304b\u82e6\u6226\u3057\u305f\u306e\u3067\u30e1\u30e2\u3002<\/p>\n
private subnet \u306e\u4e2d\u306b\u3042\u308b EC2 \u3067\u3001\u5916\u90e8\u3068\u306e\u901a\u4fe1\u306f public subnet \u306b\u3042\u308b\u30d7\u30ed\u30ad\u30b7\u3092\u7d4c\u7531\u3057\u3066\u308b\u74b0\u5883\u3002
\n\u3067\u3001VPC CIDR \u306e 10.0.0.0\/16 \u3068\u306f\u81ea\u7531\u306b\u901a\u4fe1\u51fa\u6765\u308b\u3051\u3069 0.0.0.0\/0 \u3078\u306e outbound \u7d4c\u8def\u306f\u306a\u3044\u3002
\n\u305d\u3093\u306a\u74b0\u5883\u3067 EKS \u3082\u4f7f\u3044\u305f\u304f\u3066\u65b9\u6cd5\u3092\u63a2\u3057\u305f\u6b21\u7b2c\u3002<\/p>\n
\u3068\u3044\u3046\u308f\u3051\u3067 VPC endpoint \u3092\u4f5c\u6210\u3059\u308b\u306e\u3068 eksctl \u3067 EKS cluster + node group \u3092\u4f5c\u308b\u6642\u306b\u30d7\u30ed\u30ad\u30b7\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u305f\u3002<\/p>\n
\u307e\u305a\u306f\u4e0b\u8a18 9 \u500b\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u4f5c\u6210<\/p>\n
com.amazonaws.ap-northeast-1.s3 (gateway)
\ncom.amazonaws.ap-northeast-1.ec2
\ncom.amazonaws.ap-northeast-1.sts
\ncom.amazonaws.ap-northeast-1.ecr.api
\ncom.amazonaws.ap-northeast-1.ecr.dkr
\ncom.amazonaws.ap-northeast-1.eks
\ncom.amazonaws.ap-northeast-1.eks-auth
\ncom.amazonaws.ap-northeast-1.cloudformation
\ncom.amazonaws.ap-northeast-1.autoscaling<\/p>\n
s3 \u3060\u3051\u306f gateway type \u306b\u3059\u308b\u3002<\/p>\n
AWS \u30b3\u30f3\u30bd\u30fc\u30eb\u3067\u4f5c\u696d\u3059\u308b\u3068\u30e1\u30f3\u30c9\u30af\u30b5\u30a4\u306e\u3067 awscli \u3092 shell script \u3067\u66f8\u3044\u3066 EC2 \u306e\u4e2d\u3067\u30b5\u30af\u3063\u3068\u5b9f\u884c\u3002<\/p>\n
\r\n#!\/bin\/bash\r\n\r\n# Variables\r\nVPC_ID="vpc-xxxxxxxx"\r\nSUBNET_IDS="subnet-xxxxxxxx,subnet-yyyyyyyy"\r\nROUTE_TABLE_ID="rtb-xxxxxxxx"\r\nSECURITY_GROUP_ID="sg-xxxxxxxx"\r\n\r\n# Create Gateway Endpoint for S3\r\naws ec2 create-vpc-endpoint \\\r\n --vpc-id $VPC_ID \\\r\n --service-name com.amazonaws.ap-northeast-1.s3 \\\r\n --route-table-ids $ROUTE_TABLE_ID \\\r\n --vpc-endpoint-type Gateway\r\n\r\n# Create Interface Endpoints\r\nENDPOINT_SERVICES=(\r\n "com.amazonaws.ap-northeast-1.ec2"\r\n "com.amazonaws.ap-northeast-1.sts"\r\n "com.amazonaws.ap-northeast-1.ecr.api"\r\n "com.amazonaws.ap-northeast-1.ecr.dkr"\r\n "com.amazonaws.ap-northeast-1.eks"\r\n "com.amazonaws.ap-northeast-1.eks-auth"\r\n "com.amazonaws.ap-northeast-1.cloudformation"\r\n "com.amazonaws.ap-northeast-1.autoscaling"\r\n)\r\n\r\nfor SERVICE in "${ENDPOINT_SERVICES[@]}"; do\r\n aws ec2 create-vpc-endpoint \\\r\n --vpc-id $VPC_ID \\\r\n --service-name $SERVICE \\\r\n --vpc-endpoint-type Interface \\\r\n --subnet-ids $SUBNET_IDS \\\r\n --security-group-ids $SECURITY_GROUP_ID\r\ndone\r\n\r\necho "VPC Endpoints creation completed."\r\n<\/pre>\n <\/p>\n
EKS<\/h2>\n
\u3053\u308c\u3082\u30b5\u30af\u3063\u3068 config.yaml \u66f8\u3044\u3066 eksctl \u3067\u4e00\u767a\u3067\u5b9f\u884c\u3002<\/p>\n
\u30d7\u30ed\u30ad\u30b7 (10.0.0.8) \u306f public subnet \u306b\u3042\u3063\u3066\u3001\u305d\u3053\u306e squid proxy \u3092\u7d4c\u7531\u3057\u3066\u5916\u90e8\u3068\u901a\u4fe1\u3059\u308b\u3002
\n\u3057\u304b\u3057\u5404 AWS \u30b5\u30fc\u30d3\u30b9\u306f\u3055\u304d\u307b\u3069 VPC endpoint \u3092\u4f5c\u3063\u305f\u306e\u3067\u30d7\u30ed\u30ad\u30b7\u7d4c\u7531\u3055\u305b\u308b\u5fc5\u8981\u306f\u306a\u304f NO_PROXY \u306b\u3059\u308b\u3002<\/p>\n
\u3042\u3068\u6ce8\u610f\u70b9\u306f privateCluster \u3092\u6709\u52b9\u306b\u3059\u308b\u4e8b\u3067 EKS \u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8 IP \u304c\u632f\u3089\u308c\u308b\u3002
\n\u305d\u3046\u3057\u306a\u3044\u3068\u30d1\u30d6\u30ea\u30c3\u30af IP \u306b\u306a\u3063\u3066\u3057\u307e\u3063\u3066 EC2 \u3068\u901a\u4fe1\u51fa\u6765\u306a\u3044\u3002<\/p>\n
config.yaml \u306f\u3053\u308c<\/p>\n
\r\naccessConfig:\r\n authenticationMode: API_AND_CONFIG_MAP\r\napiVersion: eksctl.io\/v1alpha5\r\niam:\r\n vpcResourceControllerPolicy: true\r\n withOIDC: false\r\nkind: ClusterConfig\r\nkubernetesNetworkConfig:\r\n ipFamily: IPv4\r\nmanagedNodeGroups:\r\n- amiFamily: AmazonLinux2\r\n desiredCapacity: 1\r\n disableIMDSv1: true\r\n disablePodIMDS: false\r\n iam:\r\n withAddonPolicies:\r\n albIngress: false\r\n appMesh: false\r\n appMeshPreview: false\r\n autoScaler: false\r\n awsLoadBalancerController: false\r\n certManager: false\r\n cloudWatch: false\r\n ebs: false\r\n efs: false\r\n externalDNS: false\r\n fsx: false\r\n imageBuilder: true\r\n xRay: false\r\n instanceType: t3.large\r\n labels:\r\n alpha.eksctl.io\/cluster-name: oreno-eks\r\n alpha.eksctl.io\/nodegroup-name: oreno-eks-ng\r\n maxSize: 1\r\n minSize: 1\r\n name: oreno-eks-ng\r\n preBootstrapCommands:\r\n - echo "export http_proxy=http:\/\/10.0.0.8:3128" | sudo tee -a \/etc\/environment\r\n - echo "export https_proxy=http:\/\/10.0.0.8:3128" | sudo tee -a \/etc\/environment\r\n - echo "export HTTP_PROXY=http:\/\/10.0.0.8:3128" | sudo tee -a \/etc\/environment\r\n - echo "export HTTPS_PROXY=10.0.0.8:3128" | sudo tee -a \/etc\/environment\r\n - echo "export no_proxy=10.0.0.0\/8,172.16.0.0\/12,192.168.0.0\/16,localhost,127.0.0.1,169.254.169.254,.internal,sts.ap-northeast-1.amazonaws.com,ec2.ap-northeast-1.amazonaws.com,s3.ap-northeast-1.amazonaws.com,dkr.ecr.ap-northeast-1.amazonaws.com,api.ecr.ap-northeast-1.amazonaws.com,.ap-northeast-1.eks.amazonaws.com,eks.ap-northeast-1.amazonaws.com,*.s3.ap-northeast-1.amazonaws.com,cloudformation.ap-northeast-1.amazonaws.com,autoscaling.ap-northeast-1.amazonaws.com" | sudo tee -a \/etc\/environment\r\n - echo "export NO_PROXY=10.0.0.0\/8,172.16.0.0\/12,192.168.0.0\/16,localhost,127.0.0.1,169.254.169.254,.internal,sts.ap-northeast-1.amazonaws.com,ec2.ap-northeast-1.amazonaws.com,s3.ap-northeast-1.amazonaws.com,dkr.ecr.ap-northeast-1.amazonaws.com,api.ecr.ap-northeast-1.amazonaws.com,.ap-northeast-1.eks.amazonaws.com,eks.ap-northeast-1.amazonaws.com,*.s3.ap-northeast-1.amazonaws.com,cloudformation.ap-northeast-1.amazonaws.com,autoscaling.ap-northeast-1.amazonaws.com" | sudo tee -a \/etc\/environment\r\n - echo "export AWS_DEFAULT_REGION=ap-northeast-1" | sudo tee -a \/etc\/environment\r\n - echo "export AWS_STS_REGIONAL_ENDPOINTS=regional" | sudo tee -a \/etc\/environment\r\n - sudo mkdir -p \/etc\/systemd\/system\/containerd.service.d\r\n - echo "[Service]" | sudo tee -a \/etc\/systemd\/system\/containerd.service.d\/proxy.conf\r\n - echo 'Environment="HTTP_PROXY=http:\/\/10.0.0.8:3128"' | sudo tee -a \/etc\/systemd\/system\/containerd.service.d\/proxy.conf\r\n - echo 'Environment="HTTPS_PROXY=http:\/\/10.0.0.8:3128"' | sudo tee -a \/etc\/systemd\/system\/containerd.service.d\/proxy.conf\r\n - echo 'Environment="NO_PROXY=10.0.0.0\/8,172.16.0.0\/12,192.168.0.0\/16,localhost,127.0.0.1,169.254.169.254,.internal,sts.ap-northeast-1.amazonaws.com,ec2.ap-northeast-1.amazonaws.com,s3.ap-northeast-1.amazonaws.com,dkr.ecr.ap-northeast-1.amazonaws.com,api.ecr.ap-northeast-1.amazonaws.com,.ap-northeast-1.eks.amazonaws.com,eks.ap-northeast-1.amazonaws.com,*.s3.ap-northeast-1.amazonaws.com,cloudformation.ap-northeast-1.amazonaws.com,autoscaling.ap-northeast-1.amazonaws.com"' | sudo tee -a \/etc\/systemd\/system\/containerd.service.d\/proxy.conf\r\n - sudo mkdir -p \/etc\/systemd\/system\/sandbox-image.service.d\r\n - cat \/etc\/systemd\/system\/containerd.service.d\/proxy.conf | sudo tee -a \/etc\/systemd\/system\/sandbox-image.service.d\/proxy.conf\r\n - sudo mkdir -p \/etc\/systemd\/system\/kubelet.service.d\r\n - cat \/etc\/systemd\/system\/containerd.service.d\/proxy.conf | sudo tee -a \/etc\/systemd\/system\/kubelet.service.d\/proxy.conf\r\n - source \/etc\/environment\r\n - sudo systemctl daemon-reload\r\n - sudo systemctl restart containerd\r\n - sudo systemctl restart sandbox-image\r\n - sudo systemctl restart kubelet\r\n privateNetworking: true\r\n securityGroups:\r\n attachIDs:\r\n - sg-xxxxxxx\r\n withLocal: null\r\n withShared: null\r\n ssh:\r\n allow: false\r\n tags:\r\n alpha.eksctl.io\/nodegroup-name: oreno-eks-ng\r\n alpha.eksctl.io\/nodegroup-type: managed\r\n volumeIOPS: 3000\r\n volumeSize: 50\r\n volumeThroughput: 125\r\n volumeType: gp3\r\nmetadata:\r\n name: oreno-eks\r\n region: ap-northeast-1\r\n version: '1.30'\r\nprivateCluster:\r\n enabled: true\r\n skipEndpointCreation: true\r\nvpc:\r\n autoAllocateIPv6: false\r\n cidr: 10.0.0.0\/16\r\n clusterEndpoints: null\r\n id: vpc-xxxxxxx\r\n manageSharedNodeSecurityGroupRules: true\r\n nat:\r\n gateway: Disable\r\n securityGroup: sg-xxxxxxx\r\n subnets:\r\n private:\r\n ap-northeast-1a:\r\n az: ap-northeast-1a\r\n cidr: 10.0.128.0\/20\r\n id: subnet-xxxxxxx\r\n ap-northeast-1c:\r\n az: ap-northeast-1c\r\n cidr: 10.0.144.0\/20\r\n id: subnet-yyyyyyy\r\n<\/pre>\n\u3053\u308c\u3092 EC2 \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u4e2d\u3067 eksctl \u306b\u98df\u308f\u305b\u308b\u3002<\/p>\n
\r\neksctl create cluster -f config.yaml\r\n<\/pre>\nCloudFormation \u306e\u30b3\u30f3\u30bd\u30fc\u30eb\u306b EKS cluster \u3068 EKS node group \u306e\u30b9\u30bf\u30c3\u30af\u304c\u51fa\u6765\u4e0a\u304c\u3063\u305f\u3089\u5b8c\u4e86\u3002<\/p>\n
\u3053\u308c\u3067 EKS \u304b\u3089\u3082\u30d7\u30ed\u30ad\u30b7\u7d4c\u7531\u306e\u901a\u4fe1\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002 <\/p>\n