안녕하세요 BationHost에서 aws 명령어가 실행이 안됩니다... aws 명령어 실행이 안되어서 BastionHost의 /etc/profile을 확인해봤는데,export AWS_DEFAULT_REGION=ap-northeast-2export AWS_ACCESS_KEY_ID=[실제값]export AWS_SECRET_ACCESS_KEY=A[실제값]export CLUSTER_NAME=[실제값]이렇게 4개는 값이 잘 들어가있는데,  export ACCOUNT_ID=export VPCID=export PublicSubnet1=export PublicSubnet2=그 외 이런 값들이 안들어가 있어서 aws sts get-caller-identity 실행해보니 An error occurred (SignatureDoesNotMatch) when calling the GetCallerIdentity operation: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.위와같은 에러가 발생합니다 ㅠㅠ 어떤 문제인지 알 수 있을까요?

[ 문제 식별 ]테라폼 배포 후 pod 상태를 확인하니 external-dns pod 가 ImagePullBackOff 상태였습니다(myeks:N/A) root@myeks-bastion-EC2:~# kubectl describe pod external-dns-7dc878c-jpd77 -n kube-system ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 10m default-scheduler Successfully assigned kube-system/external-dns-7dc878c-jpd77 to ip-192-168-3-186.ap-northeast-2.compute.internal Normal Pulling 7m57s (x5 over 10m) kubelet Pulling image "docker.io/bitnami/external-dns:0.12.0-debian-11-r3" Warning Failed 7m56s (x5 over 10m) kubelet Failed to pull image "docker.io/bitnami/external-dns:0.12.0-debian-11-r3": rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/bitnami/external-dns:0.12.0-debian-11-r3": failed to resolve reference "docker.io/bitnami/external-dns:0.12.0-debian-11-r3": docker.io/bitnami/external-dns:0.12.0-debian-11-r3: not found Warning Failed 7m56s (x5 over 10m) kubelet Error: ErrImagePull Normal BackOff 38s (x43 over 10m) kubelet Back-off pulling image "docker.io/bitnami/external-dns:0.12.0-debian-11-r3" Warning Failed 38s (x43 over 10m) kubelet Error: ImagePullBackOff ch1 테라폼 코드에서 eks-external-dns 모듈 내 버전이 1.2.0 으로 지정되어있는데 해당 버전은 bitnami 레포에서 이미지를 사용합니다. bitnami 레포에 들어가보니 더이상 해당 이미지를 무료로 제공하지 않는다고 나오네요 ㅜ 그래서 lablabs/eks-external-dns/aws 의 1.2.1 버전에 merge 된 pr 내용을 보니bitnami -> kubernetes-sig 로 변경되었다고 나오고 있어서 1.2.1 버전으로 변경했고 해결되었습니다. [ 해결 방안 ]eks.tf 내 eks-external-dns 모듈 내용을 아래처럼 수정하고 적용했습니다.module "eks-external-dns" { source = "lablabs/eks-external-dns/aws" version = "1.2.1" cluster_identity_oidc_issuer = module.eks.cluster_oidc_issuer_url cluster_identity_oidc_issuer_arn = local.cluster_oidc_issuer_arn irsa_assume_role_arns = [] depends_on = [helm_release.aws_load_balancer_controller] }irsa_assume_role_arns 는 1.2.1 부터 필요로해서 비워두고 생성했습니다. 그리고 pod 생성, running 상태 확인했습니다.(myeks:N/A) root@myeks-bastion-EC2:~# kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system aws-load-balancer-controller-9774b5bf9-fd6wb 1/1 Running 0 61m kube-system aws-load-balancer-controller-9774b5bf9-mltpg 1/1 Running 0 61m kube-system aws-node-6c6d5 2/2 Running 0 73m kube-system aws-node-mqxqd 2/2 Running 0 73m kube-system aws-node-p2hcg 2/2 Running 0 73m kube-system coredns-7bb47d475b-k9dfl 1/1 Running 0 73m kube-system coredns-7bb47d475b-q5m9n 1/1 Running 0 73m kube-system external-dns-745b66b8d6-vrhjk 1/1 Running 0 11m kube-system kube-proxy-gbwf9 1/1 Running 0 73m kube-system kube-proxy-rmdcd 1/1 Running 0 73m kube-system kube-proxy-txm2x 1/1 Running 0 73m 혹시나 pod 상태보다 궁금하신 분 있을까해서 Q&A 에 올립니다![ 추가 오류 ]위 구성 후 실습 진행 중 2가지 오류가 발생했습니다.kubernetes-sig pod 내 bash shell 없음 (myeks:default) root@myeks-bastion-EC2:~# kubectl exec -it deploy/external-dns -n kube-system -- bash error: Internal error occurred: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "8270eecee52a2fc8d4f16a986c88cf9ecc8d852258d6f1a88ac680a6f95510d6": OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown external-pod 로그를 보니 권한 관련 오류 발생 중time="2025-10-10T11:55:27Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: operation error Route 53: ListHostedZones, https response error StatusCode: 403, RequestID: 881c4bac-1a87-4454-b2c3-2657680fb2d0, api error AccessDenied: User: arn:aws:sts::{제거}:assumed-role/external-dns-irsa-external-dns/1760097326486557347 is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action" time="2025-10-10T11:56:27Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: operation error Route 53: ListHostedZones, https response error StatusCode: 403, RequestID: 7d915626-3e26-4491-a53a-7ac3c5d4b024, api error AccessDenied: User: arn:aws:sts::{제거}:assumed-role/external-dns-irsa-external-dns/1760097326486557347 is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action"kubernetes-sig 이미지를 사용해서 인지 2가지 문제가 있습니다. eks-external-dns 모듈 내 irsa_assume_role_arns 에 값을 넣어봐도 로그는 동일하게 출력되네요. ch1 실습의 파드 쉘은 다른 파드를 사용하면 될 것 같은데 이후 ch5 까지 과정에 external-dns 가 사용되는지 모르겠네요,, 다른 해결 방법이 있을까요?? [ 추가 오류 2 해결 방안 ]IAM external-dns-irsa-external-dns role 을 확인하니 권한 부여가 안되어 있었습니다. inline policy 로 route53 으로 권한 연결을 해줬고 이후 레코드 생성 가능한 것 확인했습니다. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:ChangeResourceRecordSets" ], "Resource": [ "arn:aws:route53:::hostedzone/*" ] }, { "Effect": "Allow", "Action": [ "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53:ListTagsForResource" ], "Resource": [ "*" ] } ] }테라폼에서 json 파일로 권한 생성이 안되는 것 같은데 이유를 모르겠어서 일단 요렇게하고 수동으로 하고 넘어갔습니다.

terraform plan시 ch1/eks.tf 파일에서 오류가 발생합니다.ch1 git:(main) ✗ terraform plan╷│ Error: Unsupported block type││ on eks.tf line 23, in provider "helm":│ 23: kubernetes {││ Blocks of type "kubernetes" are not expected here. Did you mean to define argument "kubernetes"? If so, use the equals sign to assign it a value.╵소스를 아래와 같이 변경하였습니다.kubernetes = { .... exe = {...set = [ {name = "clusterName"value = var.ClusterBaseName }, {name = "serviceAccount.create"value = "true" }, {name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"value = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/AmazonEKSTFLBControllerRole-${module.eks.cluster_name}" }, {name = "region"value = "ap-northeast-2" } ]커서에서 바이브코딩으로 바꿔서 문법에러는 안나는데 여전히 버전문제인지 해결이 안되네요. ch1 git:(main) ✗ terraform plan╷│ Error: Unsupported block type││ on eks.tf line 23, in provider "helm":│ 23: kubernetes {││ Blocks of type "kubernetes" are not expected here. Did you mean to define argument "kubernetes"? If so, use the equals sign to assign it a value.╵➜ ch1 git:(main) ✗ terraform initInitializing the backend...Initializing modules...Downloading registry.terraform.io/terraform-aws-modules/eks/aws 20.37.1 for eks...- eks in .terraform/modules/eks- eks.eks_managed_node_group in .terraform/modules/eks/modules/eks-managed-node-group- eks.eks_managed_node_group.user_data in .terraform/modules/eks/modules/_user_data- eks.fargate_profile in .terraform/modules/eks/modules/fargate-profileDownloading registry.terraform.io/terraform-aws-modules/kms/aws 2.1.0 for eks.kms...- eks.kms in .terraform/modules/eks.kms- eks.self_managed_node_group in .terraform/modules/eks/modules/self-managed-node-group- eks.self_managed_node_group.user_data in .terraform/modules/eks/modules/_user_dataDownloading registry.terraform.io/lablabs/eks-external-dns/aws 1.2.0 for eks-external-dns...- eks-external-dns in .terraform/modules/eks-external-dnsDownloading registry.terraform.io/terraform-aws-modules/iam/aws 5.39.0 for irsa-external-dns...- irsa-external-dns in .terraform/modules/irsa-external-dns/modules/iam-assumable-role-with-oidcDownloading registry.terraform.io/terraform-aws-modules/iam/aws 5.39.0 for irsa-lb-controller...- irsa-lb-controller in .terraform/modules/irsa-lb-controller/modules/iam-assumable-role-with-oidcDownloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.21.0 for vpc...- vpc in .terraform/modules/vpcInitializing provider plugins...- Finding hashicorp/cloudinit versions matching ">= 2.0.0"...- Finding hashicorp/null versions matching ">= 3.0.0"...- Finding cloudposse/utils versions matching ">= 0.17.0"...- Finding hashicorp/aws versions matching ">= 4.0.0, >= 4.19.0, >= 4.33.0, >= 5.79.0, >= 5.95.0, < 6.0.0"...- Finding hashicorp/helm versions matching ">= 2.6.0"...- Finding hashicorp/kubernetes versions matching ">= 2.16.0"...- Finding hashicorp/time versions matching ">= 0.9.0"...- Finding hashicorp/tls versions matching ">= 3.0.0"...- Installing hashicorp/helm v3.0.2...- Installed hashicorp/helm v3.0.2 (signed by HashiCorp)- Installing hashicorp/kubernetes v2.37.1...- Installed hashicorp/kubernetes v2.37.1 (signed by HashiCorp)- Installing hashicorp/time v0.13.1...- Installed hashicorp/time v0.13.1 (signed by HashiCorp)- Installing hashicorp/tls v4.1.0...- Installed hashicorp/tls v4.1.0 (signed by HashiCorp)- Installing hashicorp/cloudinit v2.3.7...- Installed hashicorp/cloudinit v2.3.7 (signed by HashiCorp)- Installing hashicorp/null v3.2.4...- Installed hashicorp/null v3.2.4 (signed by HashiCorp)- Installing cloudposse/utils v1.30.0...- Installed cloudposse/utils v1.30.0 (self-signed, key ID ********)- Installing hashicorp/aws v5.100.0...- Installed hashicorp/aws v5.100.0 (signed by HashiCorp)Partner and community providers are signed by their developers.If you'd like to know more about provider signing, you can read about it here:https://www.terraform.io/docs/cli/plugins/signing.htmlTerraform has created a lock file .terraform.lock.hcl to record the providerselections it made above. Include this file in your version control repositoryso that Terraform can guarantee to make the same selections by default whenyou run "terraform init" in the future.Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.➜ ch1 git:(main) ✗ terraform plan╷│ Error: Unsupported block type││ on .terraform/modules/eks-external-dns/helm.tf line 41, in resource "helm_release" "this":│ 41: dynamic "set" {││ Blocks of type "set" are not expected here.╵╷│ Error: Unsupported block type││ on .terraform/modules/eks-external-dns/helm.tf line 49, in resource "helm_release" "this":│ 49: dynamic "set_sensitive" {││ Blocks of type "set_sensitive" are not expected here.╵╷│ Error: Unsupported block type││ on .terraform/modules/eks-external-dns/helm.tf line 57, in resource "helm_release" "this":│ 57: dynamic "postrender" {││ Blocks of type "postrender" are not expected here.╵➜ ch1 git:(main) ✗

현재 signoz를 https://signoz.io/docs/install/docker/해당 환경으로 구성하여 사용중입니다. 그런데 계속해서 사용하다보면 메모리 및 스왑 메모리 사용량이 증가하여 서버가 죽는 현상이 발생하고 있습니다. 이를 해결하기 위해서 불필요한 데이터 수집 및 로그 저장이 되지 않도록 설정하고 싶은데 어디 부분을 만져야 할까요?

안녕하세요. 다른 강의 들으시는 분들께 공유드리는 내용입니다.  저는 강의 내용에서 알려주신 config로 적용하면 기동이 되질 않더라고요helm 차트로 하지 않고 제가 docker 로 올려서 약간의 config 형식 차이가 발생했을 것 같습니다.수업중인 signoz와 제가 설치한 signoz의 버전 차이가 있으리라 생각합니다.   제가 참고한 open-telemetry config 예시 파일 공유드립니다.  https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/spanprocessor/testdata/config.yaml spanprocessor 부분 링크이고, 다른 카테고리에서 다른 proceccor 형식도 참고할 수 있습니다. 감사합니다.