๐ŸŽ† ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค Services [์ธ๊ทธ๋ ˆ์Šค, HTTP TLS]

๊น€์„ฑ์ธยท2023๋…„ 10์›” 13์ผ
0

[DevOps] ๐ŸณDocker & Kubernetes

๋ชฉ๋ก ๋ณด๊ธฐ
28/62

https://kubernetes.io/ko/docs/concepts/services-networking/ingress/

์ธ๊ทธ๋ ˆ์Šค

ํ•˜๋‚˜์˜ IP๋‚˜ ๋„๋ฉ”์ธ์œผ๋กœ ๋‹ค์ˆ˜์˜ ์„œ๋น„์Šค ์ œ๊ณต

  • MSAํ™˜๊ฒฝ ์ œ๊ณต

์ธ๊ทธ๋ ˆ์Šค ๋ฃฐ

https://kubernetes.io/ko/docs/concepts/services-networking/ingress/#%EC%98%88%EC%A0%9C

์ธ๊ทธ๋ ˆ์Šค ์„ค์น˜

https://github.com/kubernetes/ingress-nginx.git

git clone https://github.com/kubernetes/ingress-nginx.git
kubectl apply -k `pwd`/ingress-nginx/deploy/static/provider/baremetal/
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io ingress-nginx-admission
  • ๋งˆ์ง€๋ง‰ ๋ช…๋ น -> webhook ๊ตฌ์„ฑ์‚ญ์ œ, ํ•ด๋‹น ๊ธฐ๋Šฅ์œผ๋กœ ingress ์ •์ƒ ๊ตฌ๋™ ์•Š๋Š” ํ˜„์ƒ์ด ์žˆ์Œ
  • ์ธ๊ทธ๋ ˆ์Šค๋ฅผ ๊ตฌ์„ฑํ•˜๋ฉด nginx์„œ๋ฒ„๊ฐ€ ์ž๋™์œผ๋กœ ๊ตฌ์„ฑ๋˜์–ด ๋ฃฐ์„ ์„ค์ •ํ•  ์ˆ˜ ์žˆ๋Š” ์ค€๋น„๊ฐ€ ์„ธํŒ…๋จ

์„ค์น˜ํ™•์ธ

kubectl get all -n ingress-nginx

์ธ๊ทธ๋ ˆ์Šค ๋ฃฐ ์„ธํŒ…

https://kubernetes.io/ko/docs/concepts/services-networking/ingress/#%EC%98%88%EC%A0%9C

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: http-go-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /welcome/test
spec:
  rules:
    - http:
        paths:
          - pathType: Exact
            path: /welcome/test
            backend:
              service:
                name: http-go
                port:
                  number: 80
EOF
  • pathType: ๋ฃฐ ์ •ํ™•ํžˆ ์ผ์น˜ (path)
  • backend: ์—ฐ๊ฒฐํ•  ์„œ๋น„์Šค ์ด๋ฆ„ ์„ค์ • + ํฌํŠธ
  • ์ธ๊ทธ๋ ˆ์Šค ํด๋ž˜์Šค: nginx๋กœ ์„ค์ •
Warning: annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead
ingress.networking.k8s.io/http-go-ingress created

์ธ๊ทธ๋ ˆ์Šค ์‹คํ–‰

kubectl create deployment http-go --image=gasbugs/http-go:ingress
kubectl expose deployment http-go --port=80 --target-port=8080

kubectl exec -it http-go-7fd8fc8d7b-f7twh -- bash


์ธ๊ทธ๋ ˆ์Šค ํ™•์ธ

curl 127.0.0.1:31233


TLS ์„ค์ •

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
 -out ingress-tls.crt \
 -keyout ingress-tls.key \
 -subj "/CN=ingress-tls" 

kubectl create secret tls ingress-tls \
--namespace default \
--key ingress-tls.key \
--cert ingress-tls.crt

kubectl get secret

TLS ์ ์šฉ ์ธ๊ทธ๋ ˆ์Šค ์ƒ์„ฑ

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: http-go-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /welcome/test
    nginx.ingress.kubernetes.io/ssl-redirect: "true" # ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ ์„ค์ •
spec:
  tls:
  - hosts:
    - gasbugs.com
    secretName: ingress-tls
  rules:
    - host: gasbugs.com
      http:
        paths:
          - pathType: Exact
            path: /welcome/test
            backend:
              service:
                name: http-go
                port:
                  number: 80
EOF

ํ™•์ธ


curl http://gasbugs.com:ํฌํŠธ/welcome/test -kv --resolve gasbugs.com:ํฌํŠธ:127.0.0.1

spec.tls.hosts: gassbugs.com -> gasbugs.com ์œผ๋กœ ๊ณ ์น˜๋‹ˆ ์ž˜ ์‹คํ–‰๋˜์—ˆ์Œ..
uri ์˜คํƒ€ ์ž˜ ํ™•์ธํ• ๊ฒƒ..


kubectl create deploy http-go --image=gasbugs/http-go
kubectl expose deploy http-go --port=80 --target-port=8080

kubectl create deploy tomcat --image=consol/tomcat07.0
kubectl expose deploy tomcat --port=80 --target-port=8080

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
 -out gasbugs-tls.crt \
 -keyout gasbugs-tls.key \
 -subj "/CN=gasbugs-tls" 

kubectl create secret tls gasbugs-tls \
--namespace default \
--key gasbugs-tls.key \
--cert gasbugs-tls.crt


cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: http-go-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - tomcat.gasbugs.com
    - http-go.gasbugs.com
    secretName: gasbugs-tls
  rules:
    - host: tomcat.gasbugs.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: tomcat
                port:
                  number: 80
    - host: http-go.gasbugs.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: http-go
                port:
                  number: 80
EOF

curl https://tomcat.gasbugs.com:31743/ -kv --resolve tomcat.gasbugs.com:31743:127.0.0.1
curl https://http-go.gasbugs.com:31743/ -kv --resolve http-go.gasbugs.com:31743:127.0.0.1

0๊ฐœ์˜ ๋Œ“๊ธ€