안녕하세요, 쯀리입니다.
오늘은 두 강의를 나누어 진행할텐데요
쿠버네티스에서 가장 많이 사용하는 Ingress에 관해 첫번째 과정을 배워볼게요
https://kubernetes.io/docs/concepts/services-networking/ingress/
Ingress
Kubernetes에서 Ingress는 클러스터 외부의 트래픽을 클러스터 내부의 서비스로 라우팅하는 방법을 제공하는 리소스입니다. Ingress를 사용하면 도메인 이름 기반의 HTTP 및 HTTPS 라우팅을 설정하여, 외부에서 들어오는 요청을 특정 서비스로 유도할 수 있습니다.
Quiz
1. We have deployed Ingress Controller, resources and applications. Explore the setup.
Note: They are in different namespaces.
controlplane ~ ➜ k get ing
No resources found in default namespace.
controlplane ~ ➜ k get ing -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.97.162.192 80 62s
controlplane ~ ✖ k describe ing ingress-wear-watch -n app-space
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.97.162.192
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:8080 (10.244.0.4:8080)
/watch video-service:8080 (10.244.0.5:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 65s (x2 over 65s) nginx-ingress-controller Scheduled for sync
controlplane ~ ➜ k get job -A
NAMESPACE NAME STATUS COMPLETIONS DURATION AGE
ingress-nginx ingress-nginx-admission-create Complete 1/1 8s 3m4s
ingress-nginx ingress-nginx-admission-patch Complete 1/1 8s 3m4s
Kubernetes에서 Job은 일회성 작업을 수행하고, 그 작업이 완료될 때까지 실행되는 Kubernetes 리소스입니다. Job은 성공적으로 작업이 완료되면 파드를 종료시키며, 작업이 실패하면 재시도할 수 있는 메커니즘을 제공합니다. 이는 반복적이지 않고 특정한 작업을 한 번만 수행해야 하는 상황에 유용합니다.
2. What is the namespace of ingress-controller?
ingress-nginx
3. What is the name of the Ingress Controller Deployment?
controlplane ~ ➜ k get deploy -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 5m30s
4. Which namespace are the applications deployed in?
controlplane ~ ➜ k get ing -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.97.162.192 80 7m17s
controlplane ~ ➜ k get po -n app-space
NAME READY STATUS RESTARTS AGE
default-backend-78f6fb8b4-79844 1/1 Running 0 7m41s
webapp-video-74bdc86cb8-92rq7 1/1 Running 0 7m41s
webapp-wear-6f8947f6cc-ccq4f 1/1 Running 0 7m42s
5. How many applications are deployed in the app-space namespace? 3
6. Which namespace is the Ingress Resource deployed in?
동일하게 app-space
controlplane ~ ➜ k get ing -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.97.162.192 80 9m5s
7. What is the name of the Ingress Resource? ingress-wear-watch
8. What is the Host configured on the Ingress Resource?
The host entry defines the domain name that users use to reach the application like www.google.com
All Hosts(*)
9. What backend is the /wear path on the Ingress configured with?
controlplane ~ ➜ k describe ing ingress-wear-watch -n app-space
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.97.162.192
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:8080 (10.244.0.4:8080)
/watch video-service:8080 (10.244.0.5:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
wear-service
10. At what path is the video streaming application made available on the Ingress?
/watch
11. If the requirement does not match any of the configured paths in the Ingress, to which service are the requests forwarded?
controlplane ~ ➜ kubectl get deploy ingress-nginx-controller -n ingress-nginx -o yaml | grep backend
- --default-backend-service=app-space/default-backend-service
12. Now view the Ingress Service using the tab at the top of the terminal. Which page do you see?
Click on the tab named Ingress.
404 Error page
13. View the applications by appending /wear and /watch to the URL you opened in the previous step.
{url}/wear
{url}/watch
14. You are requested to change the URLs at which the applications are made available.
Make the video application available at /stream.
Ingress: ingress-wear-watch
Path: /stream
Backend Service: video-service
Backend Service Port: 8080
controlplane ~ ➜ k edit ing ingress-wear-watch -n app-space
'''
watch 부분을 수정해준다
'''
....
spec:
rules:
- http:
paths:
- path: /stream
pathType: Prefix
backend:
service:
name: video-service
port:
number: 8080
- path: /wear
pathType: Prefix
backend:
service:
name: wear-service
port:
number: 8080
현재 같은이름의 ingress로 돌아가는 /wear가 있기때문에 yaml로 빼내어 /stream을 추가해줍니다.
15. View the Video application using the /stream URL in your browser.
16. A user is trying to view the /eat URL on the Ingress Service. Which page would he see?
404 Error
17. Due to increased demand, your business decides to take on a new venture. You acquired a food delivery company. Their applications have been migrated over to your cluster.
Inspect the new deployments in the app-space namespace.
controlplane ~ ➜ k get deploy -n app-space
NAME READY UP-TO-DATE AVAILABLE AGE
default-backend 1/1 1 1 5m28s
webapp-food 1/1 1 1 33s
webapp-video 1/1 1 1 5m28s
webapp-wear 1/1 1 1 5m28s
18. You are requested to add a new path to your ingress to make the food delivery application available to your customers.
Make the new application available at /eat.
Ingress: ingress-wear-watch
Path: /eat
Backend Service: food-service
Backend Service Port: 8080
controlplane ~ ➜ k edit ingress ingress-wear-watch -n app-space
ingress.networking.k8s.io/ingress-wear-watch edited
...
rules:
- http:
paths:
- backend:
service:
name: wear-service
port:
number: 8080
path: /wear
pathType: Prefix
- backend:
service:
name: video-service
port:
number: 8080
path: /stream
pathType: Prefix
## eat url추가
- backend:
service:
name: food-service
port:
number: 8080
path: /eat
pathType: Prefix
controlplane ~ ➜ k describe ingress ingress-wear-watch -n app-space
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.111.191.52
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:8080 (10.244.0.4:8080)
/stream video-service:8080 (10.244.0.5:8080)
/eat food-service:8080 (10.244.0.10:8080)
19. View the Food delivery application using the /eat URL in your browser.
Click on the Ingress tab above your terminal, if its not open already, and append /eat to the URL in the browser.
20. A new payment service has been introduced. Since it is critical, the new application is deployed in its own namespace. Identify the namespace in which the new application is deployed.
controlplane ~ ➜ k get deploy -A | grep pay
critical-space webapp-pay 1/1 1 1 56s
21. What is the name of the deployment of the new application?
webapp-pay
22. You are requested to make the new application available at /pay.
Identify and implement the best approach to making this application available on the ingress controller and test to make sure its working. Look into annotations: rewrite-target as well.
Ingress Created
Path: /pay
Configure correct backend service
Configure correct backend port
controlplane ~ ➜ k get svc -n critical-space
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pay-service ClusterIP 10.105.250.177 <none> 8282/TCP 3m34s
포트는 8282로 설정해야될 것 같습니다.
rewrite-target 애노테이션은 NGINX Ingress Controller에서 경로 재작성(rewrite)을 수행할 때 사용됩니다. 이 기능은 클라이언트가 요청한 URL의 경로를 백엔드 서비스로 전달할 때, 경로를 수정하거나 간소화하는 데 사용됩니다.
controlplane ~ ➜ cat payment-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pay-ingress
namespace: critical-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /pay
pathType: Prefix
backend:
service:
name: pay-service
port:
number: 8282
controlplane ~ ➜ k get ing -n critical-space
NAME CLASS HOSTS ADDRESS PORTS AGE
pay-ingress <none> * 10.111.191.52 80 3m10s
23.
- Ingress를 통해 Kubernetes에서 외부 트래픽을 효과적으로 관리하는 데 있어 Ingress가 얼마나 중요한 역할을 하는지 알수 있습니다.
특히 도메인 기반 라우팅과 SSL/TLS 지원 기능은 실제 애플리케이션 운영에서 필수적이라는 점을 알게 되었고,
이를 통해 클러스터의 보안을 더욱 강화할 수 있습니다.다음시간에 이어 ingress를 배워볼게요
참조
※ Udemy Labs - Certified Kubernetes Administrator with Practice Tests
'IT 잡지식 > DevOps' 카테고리의 다른 글
[CKA] KodeKloud - Cluster Installation using Kubeadm (0) | 2024.08.15 |
---|---|
[CKA] KodeKloud - Ingress Networking - 2 (0) | 2024.08.15 |
[CKA] KodeKloud - CoreDNS in Kubernetes (0) | 2024.08.15 |
[CKA] KodeKloud - Service Networking (0) | 2024.08.10 |
[CKA] KodeKloud - Networking Weave (0) | 2024.08.10 |