- 구성 환경
- AWS - EKS 1.12.9 / 2 Worker Node
- AWS Classic LB
- Docker-CE 환경
- AWS - EKS 1.12.9 / 2 Worker Node
- NGINX OpenSource Ingress Download
- 설치 Flow
- NGINX Ingress Controller Image Download
- Ingress 구성 전 사전 설정
- Ingress Controller 배포
- Sample App 배포
- Sample Service 연결용 Ingress 배포 및 결과 확인
NGINX Ingress Controller Image Download
# Download
yum -y install git
git clone <https://github.com/nginxinc/kubernetes-ingress.git>
cd kubernetes-ingress/deployments/
# Git Check-Out - 버전 확인 // 220526 기준, 2.2.0
git checkout v2.2.0
Ingress Controller 구성 전 Kubernetes 설정
- NameSpace / Service Account / TLS 인증서 생성
kubectl apply -f common/ns-and-sa.yaml
#namespace/nginx-ingress created
#serviceaccount/nginx-ingress created
kubectl apply -f common/default-server-secret.yaml
#secret/default-server-secret created
- NGINX Config Map 생성
kubectl apply -f common/nginx-config.yaml
#configmap/nginx-config created
- Cluster Role 생성 (RBAC 기반 )
kubectl apply -f rbac/rbac.yaml
#clusterrole.rbac.authorization.k8s.io/nginx-ingress created
#clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress created
- Ingress Class 생성
kubectl apply -f common/ingress-class.yaml
#ingressclass.networking.k8s.io/nginx created
Ingress Controller 배포
- Deployment : 1 Pod 배포 ( k8s Cluster 내 1개의 Ingress Controller POD 배포 )
- DaemonSet : Worker Node 마다 Ingress Controller POD 배포
kubectl apply -f deployment/nginx-ingress.yaml
kubectl get pods --namespace=nginx-ingress
- AWS L/B 구성
- 구성 이후, 인스턴스 ( Worker Node ) 상태 확인 필요
kubectl apply -f service/loadbalancer-aws-elb.yaml
#k get svc
nginx-ingress nginx-ingress LoadBalancer 172.20.64.170 a94e448d2ead5499abebff52fd1eb8c6-948346971.ap-northeast-2.elb.amazonaws.com 80:30816/TCP,443:32207/TCP 4h24m
- NGINX ConfigMap 재구성
### Config Modify ###vi common/nginx-config.yaml kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: nginx-ingress data: proxy-protocol: "True" real-ip-header: "proxy_protocol" set-real-ip-from: "0.0.0.0/0"### Config Update ### kubectl apply -f common/nginx-config.yaml
Sample App 배포
- Sample Deployment 배포
apiVersion: apps/v1
kind: Deployment
metadata:
name: f5-hello-world-web
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: f5-hello-world-web
template:
metadata:
labels:
app: f5-hello-world-web
spec:
containers:
- env:
- name: service_name
value: f5-hello-world-web
image: f5devcentral/f5-hello-world:latest
imagePullPolicy: IfNotPresent
name: f5-hello-world-web
ports:
- containerPort: 8080
protocol: TCP
- Sample Service 배포
apiVersion: v1
kind: Service
metadata:
name: f5-hello-world-web
namespace: default
labels:
app: f5-hello-world-web
spec:
ports:
- name: f5-hello-world-web
port: 8080
protocol: TCP
targetPort: 8080
type: ClusterIP
selector:
app: f5-hello-world-web
Sample Service 연결용 Ingress 배포 및 결과 확인
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: f5-hello-world-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: a94e448d2ead5499abebff52fd1eb8c6-948346971.ap-northeast-2.elb.amazonaws.com
http:
paths:
- path: / ## URI : Service 접속시에도, 해당 URI 연결되어 접속됨
pathType: Prefix
backend:
service:
name: f5-hello-world-web
port:
number: 8080
- Kubectl describe ing
[root@ip-10-10-10-217 aws-app]# k describe ing
Name: f5-hello-world-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
a94e448d2ead5499abebff52fd1eb8c6-948346971.ap-northeast-2.elb.amazonaws.com
/ f5-hello-world-web:8080 (10.10.10.199:8080,10.10.10.251:8080)
Annotations: kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal AddedOrUpdated 12m (x6 over 159m) nginx-ingress-controller Configuration for default/f5-hello-world-ingress was added or updated
[root@ip-10-10-10-217 aws-app]#