Ingress
Service Loadbalancing, Canary Upgrade
1. Nginx Controller
1-1) Nginx 설치
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/baremetal/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/mandatory.yaml
1-2) NodePort Service 생성
위 Nginx 설치에 포함되어 있음, v1.27에서는 NodePort Service 별도로 생성 안함
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/provider/baremetal/service-nodeport.yaml
2. Service Loadbalancing
2-1) Shopping Page
apiVersion: v1
kind: Pod
metadata:
name: pod-shopping
labels:
category: shopping
spec:
containers:
- name: container
image: kubetm/shopping
---
apiVersion: v1
kind: Service
metadata:
name: svc-shopping
spec:
selector:
category: shopping
ports:
- port: 8080
2-2) Customer Center
apiVersion: v1
kind: Pod
metadata:
name: pod-customer
labels:
category: customer
spec:
containers:
- name: container
image: kubetm/customer
---
apiVersion: v1
kind: Service
metadata:
name: svc-customer
spec:
selector:
category: customer
ports:
- port: 8080
2-3) Order Service
apiVersion: v1
kind: Pod
metadata:
name: pod-order
labels:
category: order
spec:
containers:
- name: container
image: kubetm/order
---
apiVersion: v1
kind: Service
metadata:
name: svc-order
spec:
selector:
category: order
ports:
- port: 8080
2-4) Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: service-loadbalancing
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-shopping
port:
number: 8080
- path: /customer
pathType: Prefix
backend:
service:
name: svc-customer
port:
number: 8080
- path: /order
pathType: Prefix
backend:
service:
name: svc-order
port:
number: 8080
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: service-loadbalancing
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
backend:
serviceName: svc-shopping
servicePort: 8080
- path: /customer
backend:
serviceName: svc-customer
servicePort: 8080
- path: /order
backend:
serviceName: svc-order
servicePort: 8080
curl 192.168.56.30:30431/
curl 192.168.56.30:30431/order
curl 192.168.56.30:30431/customer
curl 192.168.0.30:30431/
curl 192.168.0.30:30431/order
curl 192.168.0.30:30431/customer
3. Canary Upgrade
3-1) App V1
apiVersion: v1
kind: Pod
metadata:
name: pod-v1
labels:
app: v1
spec:
containers:
- name: container
image: kubetm/app:v1
---
apiVersion: v1
kind: Service
metadata:
name: svc-v1
spec:
selector:
app: v1
ports:
- port: 8080
3-2) App V2
apiVersion: v1
kind: Pod
metadata:
name: pod-v2
labels:
app: v2
spec:
containers:
- name: container
image: kubetm/app:v2
---
apiVersion: v1
kind: Service
metadata:
name: svc-v2
spec:
selector:
app: v2
ports:
- port: 8080
3-3) Ingress - default
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
spec:
ingressClassName: nginx
rules:
- host: www.app.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-v1
port:
number: 8080
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: app
spec:
rules:
- host: www.app.com
http:
paths:
- backend:
serviceName: svc-v1
servicePort: 8080
# Centos HostName 등록
cat << EOF >> /etc/hosts
192.168.56.30 www.app.com
EOF
curl www.app.com:30431/version
# Centos HostName 등록
cat << EOF >> /etc/hosts
192.168.0.30 www.app.com
EOF
curl www.app.com:30431/version
3-4) Ingress - weight
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: canary-v2
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "10"
spec:
ingressClassName: nginx
rules:
- host: www.app.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-v2
port:
number: 8080
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: canary-v2
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "10"
spec:
rules:
- host: www.app.com
http:
paths:
- backend:
serviceName: svc-v2
servicePort: 8080
while true; do curl www.app.com:30431/version; sleep 1; done
3-5) Ingress - header
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: canary-kr
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "Accept-Language"
nginx.ingress.kubernetes.io/canary-by-header-value: "kr"
spec:
ingressClassName: nginx
rules:
- host: www.app.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-v2
port:
number: 8080
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: canary-kr
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: "Accept-Language"
nginx.ingress.kubernetes.io/canary-by-header-value: "kr"
spec:
rules:
- host: www.app.com
http:
paths:
- backend:
serviceName: svc-v2
servicePort: 8080
curl -H "Accept-Language: kr" www.app.com:30431/version
4. SSL
4-1) App V1
apiVersion: v1
kind: Pod
metadata:
name: pod-https
labels:
app: https
spec:
containers:
- name: container
image: kubetm/app
---
apiVersion: v1
kind: Service
metadata:
name: svc-https
spec:
selector:
app: https
ports:
- port: 8080
4-2) Ingress - ssl
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: https
spec:
ingressClassName: nginx
tls:
- hosts:
- www.https.com
secretName: secret-https
rules:
- host: www.https.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-https
port:
number: 8080
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: https
spec:
tls:
- hosts:
- www.https.com
secretName: secret-https
rules:
- host: www.https.com
http:
paths:
- backend:
serviceName: svc-https
servicePort: 8080
4-3) Secret
# 인증서 생성
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.https.com/O=www.https.com"
# Secret 생성
kubectl create secret tls secret-https --key tls.key --cert tls.crt
# Windows HostName 등록
파일 위치 : C:\Windows\System32\drivers\etc\hosts
192.168.56.30 www.https.com
# 브라우저에서 접속
https://www.https.com:30798/hostname
# 인증서 생성
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.https.com/O=www.https.com"
# Secret 생성
kubectl create secret tls secret-https --key tls.key --cert tls.crt
# Windows HostName 등록
파일 위치 : C:\Windows\System32\drivers\etc\hosts
192.168.0.30 www.https.com
# 브라우저에서 접속
https://www.https.com:30798/hostname
Referenece
Kubernetes
- Ingress : https://kubernetes.io/docs/concepts/services-networking/ingress/
- Ingress Controllers : https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
Others
- Nginx Installation Guide : https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command