728x90
반응형
Ingress
정의
- HTTP나 HTTPS를 통해 클러스터 내부의 서비스를 외부로 노출
- 기능
- Service에 외부 URL을 제공
- 트래픽을 로드밸런싱
- SSL 인증서 처리
- Virtual hostring을 지정
구축순서
1. ingress-nginx.yaml 다운로드
링크 : https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters
root@master:~# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
--2021-12-01 15:19:15-- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
raw.githubusercontent.com (raw.githubusercontent.com)을(를) 해석하는 중... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
접속 raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... 접속됨.
HTTP 요청을 전송했습니다. 응답을 기다리는 중입니다... 200 OK
길이: 19190 (19K) [text/plain]
다음 위치에 저장: `deploy.yaml'
deploy.yaml 100%[=================================================================================================================================>] 18.74K --.-KB/s / 0.002s
2021-12-01 15:19:15 (9.46 MB/s) - `deploy.yaml' 저장됨 [19190/19190]2. nodePort 30100, 30200 으로 추가
root@master:~# vi deploy.yaml
...
spec:
type: NodePort
ipFamilyPolicy: SingleStack
ipFamilies:
- IPv4
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
appProtocol: http
nodePort: 30100
- name: https
port: 443
protocol: TCP
targetPort: https
appProtocol: https
nodePort: 30200
...3. ingress-nginx (namespace, controller, service 등) 생성
root@master:~# kubectl create -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch createdroot@master:~# POD_NAMESPACE=ingress-nginx
root@master:~# POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o name)
root@master:~# kubectl exec $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.1.0
Build: cacbee86b6ccc45bde8ffc184521bed3022e7dee
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.9
-------------------------------------------------------------------------------4. 생성된 namespace 확인
root@master:~# kubectl get namespaces
NAME STATUS AGE
default Active 19d
ingress-nginx Active 16s
kube-node-lease Active 19d
kube-public Active 19d
kube-system Active 19d5. context 추가하고 namespace switch
root@master:~# kubectl config set-context ingress-admin@kubernetes --cluster=kubernetes --user=kubernetes-admin --namespace=ingress-nginx
Context "ingress-admin@kubernetes" created.
root@master:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.100.0.104:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: ingress-nginx
user: kubernetes-admin
name: ingress-admin@kubernetes
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
root@master:~# kubectl config current-context
kubernetes-admin@kubernetes
root@master:~# kubectl config use-context ingress-admin@kubernetes
Switched to context "ingress-admin@kubernetes".
root@master:~# kubectl config current-context
ingress-admin@kubernetes6. 생성된 nginx pod 확인
root@master:~# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-admission-create--1-vmcjq 0/1 Completed 0 3h58m 10.36.0.4 node1.example.com <none> <none>
ingress-nginx-admission-patch--1-lkjgf 0/1 Completed 0 3h58m 10.44.0.6 node2.example.com <none> <none>
ingress-nginx-controller-5fd866c9b6-7d69q 1/1 Running 1 (16m ago) 3h58m 10.44.0.5 node2.example.com <none> <none>7. Application yaml 파일 작성
root@master:~# cat > marvel-home.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: marvel-home
spec:
replicas: 1
selector:
matchLabels:
name: marvel
template:
metadata:
labels:
name: marvel
spec:
containers:
- image: smlinux/marvel-collection
name: marvel-container
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: marvel-service
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
name: marvel
root@master:~# cat > pay.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: pay-rc
spec:
replicas: 3
selector:
app: pay
template:
metadata:
labels:
app: pay
spec:
containers:
- image: smlinux/pay
name: pay
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: pay-service
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: pay8. Application pod 생성
root@master:~# kubectl create -f marvel-home.yaml
deployment.apps/marvel-home created
service/marvel-service created
root@master:~# kubectl create -f pay.yaml
replicationcontroller/pay-rc created
service/pay-service created9. 전체 확인
root@master:~# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create--1-vmcjq 0/1 Completed 0 4h2m
pod/ingress-nginx-admission-patch--1-lkjgf 0/1 Completed 0 4h2m
pod/ingress-nginx-controller-5fd866c9b6-7d69q 1/1 Running 0 4h2m
pod/marvel-home-97fdd98db-98cd6 1/1 Running 0 3m28s
pod/pay-rc-f95zz 1/1 Running 0 3m26s
pod/pay-rc-lthtp 1/1 Running 0 3m26s
pod/pay-rc-xtdpb 1/1 Running 0 3m26s
NAME DESIRED CURRENT READY AGE
replicationcontroller/pay-rc 3 3 3 3m26s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.100.44.73 <none> 80:30100/TCP,443:30200/TCP 4h2m
service/ingress-nginx-controller-admission ClusterIP 10.98.162.156 <none> 443/TCP 4h2m
service/marvel-service ClusterIP 10.97.129.75 <none> 80/TCP 3m28s
service/pay-service ClusterIP 10.99.57.89 <none> 80/TCP 3m26s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 4h2m
deployment.apps/marvel-home 1/1 1 1 6h19m
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-5fd866c9b6 1 1 1 4h2m
replicaset.apps/marvel-home-97fdd98db 1 1 1 6h19m
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 4s 4h2m
job.batch/ingress-nginx-admission-patch 1/1 5s 4h2m10. ingress 작성 및 생성
root@master:~# cat > ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: marvel-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: marvel-service
port:
number: 80
- path: /pay
pathType: Prefix
backend:
service:
name: pay-service
port:
number: 80
root@master:~# kubectl create -f ingress.yaml
ingress.networking.k8s.io/marvel-ingress created11. ingress 조회 확인
root@master:~# kubectl get ingress -o wide
NAME CLASS HOSTS ADDRESS PORTS AGE
marvel-ingress <none> * 80 22s
root@master:~# kubectl describe ingress marvel-ingress
Name: marvel-ingress
Namespace: ingress-nginx
Address: 10.100.0.102
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/ marvel-service:80 (10.44.0.4:80)
/pay pay-service:80 (10.36.0.5:8080,10.36.0.6:8080,10.44.0.6:8080)
Annotations: kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 16m (x2 over 16m) nginx-ingress-controller Scheduled for sync12. curl 확인
root@master:~# curl node1.example.com:30100
<html>
<head>
<title>marvel heroes</title>
</head>
<body>
<center>
<img src="images/marvel_logo.png"><br>
<p style="color:red;">Marvel Entertainment/Marvel Studios</p><br>
<img src="images/category.png"><br>
<a href="http://211.253.8.13/pay">[payment]</a></center>
</center>
</body>
</html>
root@master:~# curl node1.example.com:30100/pay
PAYMENT Page728x90
반응형
'DevOps > Kubernetes' 카테고리의 다른 글
| Kubernetes 대시보드 설치 (0) | 2021.12.08 |
|---|---|
| Kubernetes - canary deployment (카나리 배포) (0) | 2021.12.03 |
| Kubernetes - kube-proxy (0) | 2021.11.30 |
| Kubernetes - Headless Service (0) | 2021.11.30 |
| Kubernetes - Service (서비스) (0) | 2021.11.30 |
