Kubernetes ingress

인그레스

서비스가 가진 정보를 통한 라우터로 서비스를 거치지 않고 엔드포인트 API 매핑
사용자가 접근하는 경로에 따라 매핑해줌 ▶ 경로 기반

• 서비스 사용하는 이유

POD가 재기동될 때마다 IP가 변경되어 동일한 IP로 접근이 어려움
ClusterIP라는 서비스를 통해 동일한 `서비스IP`로 POD의 IP가 변경되어도 동일한 Endpoints(PODs)에 접근 가능

※ 인그레스 사용 이유 : 하나의 포트로 경로 기반 별 엔드포인트 달리할 수 있음 (포트는 한정적)

• 서비스가 너무 많아 많은 포트가 필요한 경우
• 경로 기반으로 구분할 경우

인그레스 컨트롤러 다운로드

[root@master ~/kube/09/ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/baremetal/deploy.yaml
--2025-03-15 11:06:35--  https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/baremetal/deploy.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16098 (16K) [text/plain]
Saving to: `deploy.yaml'

deploy.yaml                                                100%[=======================================================================================================================================>]  15.72K  --.-KB/s    in 0s

2025-03-15 11:06:35 (69.1 MB/s) - `deploy.yaml' saved [16098/16098]

[root@master ~/kube/09/ingress]# vi deploy.yaml
334 ---
335 apiVersion: v1
336 kind: Service
337 metadata:
338   labels:
339     app.kubernetes.io/component: controller
340     app.kubernetes.io/instance: ingress-nginx
341     app.kubernetes.io/name: ingress-nginx
342     app.kubernetes.io/part-of: ingress-nginx
343     app.kubernetes.io/version: 1.12.0
344   name: ingress-nginx-controller
345   namespace: ingress-nginx
346 spec:
347   ipFamilies:
348   - IPv4
349   ipFamilyPolicy: SingleStack
350   ports:
351   - appProtocol: http
352     name: http
353     port: 80
354     protocol: TCP
355     targetPort: http
356     nodePort: 30080 # 추가
357   - appProtocol: https
358     name: https
359     port: 443
360     protocol: TCP
361     targetPort: https
362     nodePort: 30443 # 추가
363   selector:
364     app.kubernetes.io/component: controller
365     app.kubernetes.io/instance: ingress-nginx
366     app.kubernetes.io/name: ingress-nginx
367   type: NodePort
368   clusterIP: 10.233.10.100 # 추가
369 ---
[root@master ~/kube/09/ingress]# kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created

※ 추가 사항은 옵션 → 기본적으로 자동 할당 되지만 예제 환경과 맞추기 위해 설정

설치 확인

[root@master ~/kube/09/ingress]# kubectl get ns
NAME              STATUS   AGE
default           Active   7d
ingress-nginx     Active   96s
kube-node-lease   Active   7d
kube-public       Active   7d
kube-system       Active   7d
[root@master ~/kube/09/ingress]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-psg4d        0/1     Completed   0          103s
ingress-nginx-admission-patch-qgsg4         0/1     Completed   0          103s
ingress-nginx-controller-5c647858d8-qjfcv   1/1     Running     0          103s

ingress 예제

[root@master ~/kube/09/ingress]# vi svc1-pod.yaml
[root@master ~/kube/09/ingress]# cat svc1-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy1-websrv
spec:
  replicas: 1
  selector:
    matchLabels:
      app: websrv
  template:
    metadata:
      labels:
        app: websrv
    spec:
      containers:
      - name: pod-web
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc1-web
spec:
  type: ClusterIP
  clusterIP: 10.233.10.11
  selector:
    app: websrv
  ports:
  - name: web-port
    port: 9001
    targetPort: 80
[root@master ~/kube/09/ingress]# vi svc2-pod.yaml
[root@master ~/kube/09/ingress]# cat svc2-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy2-guestsrv
spec:
  replicas: 2
  selector:
    matchLabels:
      app: guestsrv
  template:
    metadata:
      labels:
        app: guestsrv
    spec:
      containers:
      - name: pod-guest
        image: gcr.io/google-samples/kubernetes-bootcamp:v1
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: svc2-guest
spec:
  type: ClusterIP
  clusterIP: 10.233.10.12
  selector:
    app: guestsrv
  ports:
  - name: guest-port
    port: 9002
    targetPort: 8080
[root@master ~/kube/09/ingress]# vi svc3-pod.yaml    
[root@master ~/kube/09/ingress]# cat svc3-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy3-adminsrv
spec:
  replicas: 3
  selector:
    matchLabels:
      app: adminsrv
  template:
    metadata:
      labels:
        app: adminsrv
    spec:
      containers:
      - name: pod-admin
        image: k8s.gcr.io/echoserver:1.5
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: svc3-admin
spec:
  type: ClusterIP
  clusterIP: 10.233.10.13
  selector:
    app: adminsrv
  ports:
  - name: admin-port
    port: 9003
    targetPort: 8080
[root@master ~/kube/09/ingress]# kubectl apply -f svc1-pod.yaml -f svc2-pod.yaml -f svc3-pod.yaml
deployment.apps/deploy1-websrv created
service/svc1-web created
deployment.apps/deploy2-guestsrv created
service/svc2-guest created
deployment.apps/deploy3-adminsrv created
service/svc3-admin created
[root@master ~/kube/09/ingress]# kubectl get deployments.apps
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
deploy1-websrv     1/1     1            1           2m
deploy2-guestsrv   2/2     2            2           2m
deploy3-adminsrv   3/3     3            3           2m
[root@master ~/kube/09/ingress]# kubectl get svc,po,ep -o wide
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE     SELECTOR
service/kubernetes   ClusterIP   10.233.0.1     <none>        443/TCP    5d23h   <none>
service/svc1-web     ClusterIP   10.233.10.11   <none>        9001/TCP   2m52s   app=websrv
service/svc2-guest   ClusterIP   10.233.10.12   <none>        9002/TCP   2m52s   app=guestsrv
service/svc3-admin   ClusterIP   10.233.10.13   <none>        9003/TCP   2m51s   app=adminsrv

NAME                                    READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
pod/deploy1-websrv-7485d5959c-5572h     1/1     Running   0          2m52s   10.233.71.42     node3   <none>           <none>
pod/deploy2-guestsrv-b88bff4cf-ppjtm    1/1     Running   0          2m52s   10.233.75.1      node2   <none>           <none>
pod/deploy2-guestsrv-b88bff4cf-tsfrt    1/1     Running   0          2m52s   10.233.102.177   node1   <none>           <none>
pod/deploy3-adminsrv-779c9dc79b-8m6wv   1/1     Running   0          2m51s   10.233.75.3      node2   <none>           <none>
pod/deploy3-adminsrv-779c9dc79b-c85jr   1/1     Running   0          2m51s   10.233.71.43     node3   <none>           <none>
pod/deploy3-adminsrv-779c9dc79b-dm9tt   1/1     Running   0          2m51s   10.233.102.176   node1   <none>           <none>

NAME                   ENDPOINTS                                                AGE
endpoints/kubernetes   192.168.2.60:6443                                        5d23h
endpoints/svc1-web     10.233.71.42:80                                          2m52s
endpoints/svc2-guest   10.233.102.177:8080,10.233.75.1:8080                     2m52s
endpoints/svc3-admin   10.233.102.176:8080,10.233.71.43:8080,10.233.75.3:8080   2m51s

서비스 통한 접근 확인

[root@master ~/kube/09/ingress]# curl http://10.233.10.11:9001
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~/kube/09/ingress]# curl http://10.233.10.12:9002
Hello Kubernetes bootcamp! | Running on: deploy2-guestsrv-b88bff4cf-tsfrt | v=1
[root@master ~/kube/09/ingress]# curl http://10.233.10.12:9002
Hello Kubernetes bootcamp! | Running on: deploy2-guestsrv-b88bff4cf-ppjtm | v=1
[root@master ~/kube/09/ingress]# curl http://10.233.10.13:9003

Hostname: deploy3-adminsrv-779c9dc79b-8m6wv

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.97.128
        method=GET
        real path=/
        query=
        request_version=1.1
        request_uri=http://10.233.10.13:8080/

Request Headers:
        accept=*/*
        host=10.233.10.13:9003
        user-agent=curl/7.76.1

Request Body:
        -no body in request-

[root@master ~/kube/09/ingress]# curl http://10.233.10.13:9003

Hostname: deploy3-adminsrv-779c9dc79b-dm9tt

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.97.128
        method=GET
        real path=/
        query=
        request_version=1.1
        request_uri=http://10.233.10.13:8080/

Request Headers:
        accept=*/*
        host=10.233.10.13:9003
        user-agent=curl/7.76.1

Request Body:
        -no body in request-

[root@master ~/kube/09/ingress]# curl http://10.233.10.13:9003

Hostname: deploy3-adminsrv-779c9dc79b-c85jr

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.97.128
        method=GET
        real path=/
        query=
        request_version=1.1
        request_uri=http://10.233.10.13:8080/

Request Headers:
        accept=*/*
        host=10.233.10.13:9003
        user-agent=curl/7.76.1

Request Body:
        -no body in request-

▶ 분산 처리 잘되어 보여짐

인그레스 생성

[root@master ~/kube/09/ingress]# vi ingress-test.yaml
[root@master ~/kube/09/ingress]# cat ingress-test.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-test
spec:
  ingressClassName: nginx
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: svc1-web
            port:
              number: 80
      - path: /guest
        pathType: Prefix
        backend:
          service:
            name: svc2-guest
            port:
              number: 8080
      - path: /admin
        pathType: Prefix
        backend:
          service:
            name: svc3-admin
            port:
              number: 8080 

• 경로 / → svc1-web 으로 매핑된 endpoints 정보 사용하여 연결
• 경로 / guest → svc2-guest 으로 매핑된 endpoints 정보 사용하여 연결
• 경로 /admin → svc3-admin 으로 매핑된 endpoints 정보 사용하여 연결

인그레스 통한 접근 확인

[root@master ~/kube/09/ingress]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.233.10.100   <none>        80:30080/TCP,443:30443/TCP   43m
ingress-nginx-controller-admission   ClusterIP   10.233.19.140   <none>        443/TCP                      43m
[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/guest
Hello Kubernetes bootcamp! | Running on: deploy2-guestsrv-b88bff4cf-ppjtm | v=1
[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/guest
Hello Kubernetes bootcamp! | Running on: deploy2-guestsrv-b88bff4cf-tsfrt | v=1
[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/admin

Hostname: deploy3-adminsrv-779c9dc79b-c85jr

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.75.63
        method=GET
        real path=/admin
        query=
        request_version=1.1
        request_uri=http://192.168.2.60:8080/admin

Request Headers:
        accept=*/*
        host=192.168.2.60:30080
        user-agent=curl/7.76.1
        x-forwarded-for=10.233.97.128
        x-forwarded-host=192.168.2.60:30080
        x-forwarded-port=80
        x-forwarded-proto=http
        x-forwarded-scheme=http
        x-real-ip=10.233.97.128
        x-request-id=7852cf9803641887fc854775b4bb1c9f
        x-scheme=http

Request Body:
        -no body in request-

[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/admin

Hostname: deploy3-adminsrv-779c9dc79b-8m6wv

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.75.63
        method=GET
        real path=/admin
        query=
        request_version=1.1
        request_uri=http://192.168.2.60:8080/admin

Request Headers:
        accept=*/*
        host=192.168.2.60:30080
        user-agent=curl/7.76.1
        x-forwarded-for=10.233.97.128
        x-forwarded-host=192.168.2.60:30080
        x-forwarded-port=80
        x-forwarded-proto=http
        x-forwarded-scheme=http
        x-real-ip=10.233.97.128
        x-request-id=a7f39da715fb7129a7547c6eb4b49119
        x-scheme=http

Request Body:
        -no body in request-

[root@master ~/kube/09/ingress]# curl http://192.168.2.60:30080/admin

Hostname: deploy3-adminsrv-779c9dc79b-c85jr

Pod Information:
        -no pod information available-

Server values:
        server_version=nginx: 1.13.0 - lua: 10008

Request Information:
        client_address=10.233.75.63
        method=GET
        real path=/admin
        query=
        request_version=1.1
        request_uri=http://192.168.2.60:8080/admin

Request Headers:
        accept=*/*
        host=192.168.2.60:30080
        user-agent=curl/7.76.1
        x-forwarded-for=10.233.97.128
        x-forwarded-host=192.168.2.60:30080
        x-forwarded-port=80
        x-forwarded-proto=http
        x-forwarded-scheme=http
        x-real-ip=10.233.97.128
        x-request-id=c1cb6b7e95293d2fc9e5790f9bca2ab4
        x-scheme=http

Request Body:
        -no body in request-

nginx-controller pod 확인

[root@master ~/kube/09/ingress]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-psg4d        0/1     Completed   0          59m
ingress-nginx-admission-patch-qgsg4         0/1     Completed   0          59m
ingress-nginx-controller-5c647858d8-qjfcv   1/1     Running     0          59m
[root@master ~/kube/09/ingress]# kubectl exec -n ingress-nginx -it ingress-nginx-controller-5c647858d8-qjfcv -- bash
ingress-nginx-controller-5c647858d8-qjfcv:/etc/nginx$ ls
fastcgi.conf            fastcgi_params          koi-utf                 lua                     mime.types.default      modules                 nginx.conf.default      owasp-modsecurity-crs   scgi_params.default     uwsgi_params            win-utf
fastcgi.conf.default    fastcgi_params.default  koi-win                 mime.types              modsecurity             nginx.conf              opentracing.json        scgi_params             template                uwsgi_params.default
ingress-nginx-controller-5c647858d8-qjfcv:/etc/nginx$ vi nginx.conf
---
                location = /guest {

                        set $namespace      "default";
                        set $ingress_name   "ingress-test";
                        set $service_name   "svc2-guest";
                        set $service_port   "8080";
                        set $location_path  "/guest";

                        set $force_ssl_redirect "false";
                        set $ssl_redirect "true";
                        set $force_no_ssl_redirect "false";
                        set $preserve_trailing_slash "false";
                        set $use_port_in_redirects "false";

▶ 경로에 대한 svc 매핑 정보 가지고 있는 것을 확인할 수 있음