๐ ์ฟ ๋ฒ๋คํฐ์ค Services [์ธ๊ทธ๋ ์ค, HTTP TLS]
[DevOps] ๐ณDocker & Kubernetes
https://kubernetes.io/ko/docs/concepts/services-networking/ingress/
์ธ๊ทธ๋ ์ค
ํ๋์ IP๋ ๋๋ฉ์ธ์ผ๋ก ๋ค์์ ์๋น์ค ์ ๊ณต
- MSAํ๊ฒฝ ์ ๊ณต
์ธ๊ทธ๋ ์ค ๋ฃฐ
https://kubernetes.io/ko/docs/concepts/services-networking/ingress/#%EC%98%88%EC%A0%9C
์ธ๊ทธ๋ ์ค ์ค์น
https://github.com/kubernetes/ingress-nginx.git
git clone https://github.com/kubernetes/ingress-nginx.git kubectl apply -k `pwd`/ingress-nginx/deploy/static/provider/baremetal/ kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io ingress-nginx-admission
- ๋ง์ง๋ง ๋ช ๋ น -> webhook ๊ตฌ์ฑ์ญ์ , ํด๋น ๊ธฐ๋ฅ์ผ๋ก ingress ์ ์ ๊ตฌ๋ ์๋ ํ์์ด ์์
- ์ธ๊ทธ๋ ์ค๋ฅผ ๊ตฌ์ฑํ๋ฉด nginx์๋ฒ๊ฐ ์๋์ผ๋ก ๊ตฌ์ฑ๋์ด ๋ฃฐ์ ์ค์ ํ ์ ์๋ ์ค๋น๊ฐ ์ธํ ๋จ
์ค์นํ์ธ
kubectl get all -n ingress-nginx
์ธ๊ทธ๋ ์ค ๋ฃฐ ์ธํ
https://kubernetes.io/ko/docs/concepts/services-networking/ingress/#%EC%98%88%EC%A0%9C
cat <<EOF | kubectl apply -f - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: http-go-ingress annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/rewrite-target: /welcome/test spec: rules: - http: paths: - pathType: Exact path: /welcome/test backend: service: name: http-go port: number: 80 EOF
- pathType: ๋ฃฐ ์ ํํ ์ผ์น (path)
- backend: ์ฐ๊ฒฐํ ์๋น์ค ์ด๋ฆ ์ค์ + ํฌํธ
- ์ธ๊ทธ๋ ์ค ํด๋์ค: nginx๋ก ์ค์
Warning: annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead ingress.networking.k8s.io/http-go-ingress created
์ธ๊ทธ๋ ์ค ์คํ
kubectl create deployment http-go --image=gasbugs/http-go:ingress
kubectl expose deployment http-go --port=80 --target-port=8080
kubectl exec -it http-go-7fd8fc8d7b-f7twh -- bash
์ธ๊ทธ๋ ์ค ํ์ธ
curl 127.0.0.1:31233
TLS ์ค์
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-out ingress-tls.crt \
-keyout ingress-tls.key \
-subj "/CN=ingress-tls"
kubectl create secret tls ingress-tls \
--namespace default \
--key ingress-tls.key \
--cert ingress-tls.crtkubectl get secret
TLS ์ ์ฉ ์ธ๊ทธ๋ ์ค ์์ฑ
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-go-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /welcome/test
nginx.ingress.kubernetes.io/ssl-redirect: "true" # ๋ฆฌ๋ค์ด๋ ํธ ์ค์
spec:
tls:
- hosts:
- gasbugs.com
secretName: ingress-tls
rules:
- host: gasbugs.com
http:
paths:
- pathType: Exact
path: /welcome/test
backend:
service:
name: http-go
port:
number: 80
EOFํ์ธ
curl http://gasbugs.com:ํฌํธ/welcome/test -kv --resolve gasbugs.com:ํฌํธ:127.0.0.1
spec.tls.hosts: gassbugs.com -> gasbugs.com ์ผ๋ก ๊ณ ์น๋ ์ ์คํ๋์์..
uri ์คํ ์ ํ์ธํ ๊ฒ..
kubectl create deploy http-go --image=gasbugs/http-go
kubectl expose deploy http-go --port=80 --target-port=8080
kubectl create deploy tomcat --image=consol/tomcat07.0
kubectl expose deploy tomcat --port=80 --target-port=8080
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-out gasbugs-tls.crt \
-keyout gasbugs-tls.key \
-subj "/CN=gasbugs-tls"
kubectl create secret tls gasbugs-tls \
--namespace default \
--key gasbugs-tls.key \
--cert gasbugs-tls.crt
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-go-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- tomcat.gasbugs.com
- http-go.gasbugs.com
secretName: gasbugs-tls
rules:
- host: tomcat.gasbugs.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: tomcat
port:
number: 80
- host: http-go.gasbugs.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: http-go
port:
number: 80
EOFcurl https://tomcat.gasbugs.com:31743/ -kv --resolve tomcat.gasbugs.com:31743:127.0.0.1
curl https://http-go.gasbugs.com:31743/ -kv --resolve http-go.gasbugs.com:31743:127.0.0.1
