테스트 워크로드

PSS의 다양한 기능을 테스트하기 위해 먼저 EKS 클러스터에 워크로드를 배포하여 실험에 사용하겠습니다. catalog 컴포넌트의 별도 배포를 자체 네임스페이스에 생성하겠습니다:

~/environment/eks-workshop/modules/security/pss-psa/workload/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pss
  labels:
    app.kubernetes.io/created-by: eks-workshop
spec:
  selector:
    matchLabels:
      app: pss
  replicas: 1
  template:
    metadata:
      labels:
        app: pss
        app.kubernetes.io/created-by: eks-workshop
    spec:
      containers:
        - name: pss
          image: public.ecr.aws/aws-containers/retail-store-sample-catalog:1.2.1
          ports:
            - containerPort: 80
          securityContext:
            readOnlyRootFilesystem: false
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 30
            periodSeconds: 3
          readinessProbe:
            httpGet:
              path: /health
              port: 8080
            successThreshold: 3
            periodSeconds: 5
          resources:
            limits:
              memory: 512Mi
            requests:
              cpu: 250m
              memory: 512Mi

이를 클러스터에 적용합니다:

~$kubectl apply -k ~/environment/eks-workshop/modules/security/pss-psa/workload

namespace/pss created

deployment.apps/pss created

~$kubectl rollout status -n pss deployment/pss --timeout=60s