IT 잡지식/DevOps

[CKA] KodeKloud - Ingress Networking - 1

쯀리♥️ 2024. 8. 15. 16:13

안녕하세요, 쯀리입니다.

오늘은 두 강의를 나누어 진행할텐데요 

쿠버네티스에서 가장 많이 사용하는  Ingress에 관해 첫번째 과정을 배워볼게요

https://kubernetes.io/docs/concepts/services-networking/ingress/

 

Ingress

Make your HTTP (or HTTPS) network service available using a protocol-aware configuration mechanism, that understands web concepts like URIs, hostnames, paths, and more. The Ingress concept lets you map traffic to different backends based on rules you defin

kubernetes.io

 


 

Ingress

Kubernetes에서 Ingress는 클러스터 외부의 트래픽을 클러스터 내부의 서비스로 라우팅하는 방법을 제공하는 리소스입니다. Ingress를 사용하면 도메인 이름 기반의 HTTP 및 HTTPS 라우팅을 설정하여, 외부에서 들어오는 요청을 특정 서비스로 유도할 수 있습니다.


Quiz

1. We have deployed Ingress Controller, resources and applications. Explore the setup.
Note: They are in different namespaces.

controlplane ~ ➜  k get ing
No resources found in default namespace.

controlplane ~ ➜  k get ing -A
NAMESPACE   NAME                 CLASS    HOSTS   ADDRESS         PORTS   AGE
app-space   ingress-wear-watch   <none>   *       10.97.162.192   80      62s

controlplane ~ ✖ k describe ing ingress-wear-watch -n app-space
Name:             ingress-wear-watch
Labels:           <none>
Namespace:        app-space
Address:          10.97.162.192
Ingress Class:    <none>
Default backend:  <default>
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /wear    wear-service:8080 (10.244.0.4:8080)
              /watch   video-service:8080 (10.244.0.5:8080)
Annotations:  nginx.ingress.kubernetes.io/rewrite-target: /
              nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
  Type    Reason  Age                From                      Message
  ----    ------  ----               ----                      -------
  Normal  Sync    65s (x2 over 65s)  nginx-ingress-controller  Scheduled for sync

controlplane ~ ➜  k get job -A
NAMESPACE       NAME                             STATUS     COMPLETIONS   DURATION   AGE
ingress-nginx   ingress-nginx-admission-create   Complete   1/1           8s         3m4s
ingress-nginx   ingress-nginx-admission-patch    Complete   1/1           8s         3m4s

 

Kubernetes에서 Job은 일회성 작업을 수행하고, 그 작업이 완료될 때까지 실행되는 Kubernetes 리소스입니다. Job은 성공적으로 작업이 완료되면 파드를 종료시키며, 작업이 실패하면 재시도할 수 있는 메커니즘을 제공합니다. 이는 반복적이지 않고 특정한 작업을 한 번만 수행해야 하는 상황에 유용합니다.

2. What is the namespace of ingress-controller?

ingress-nginx

3. What is the name of the Ingress Controller Deployment?

controlplane ~ ➜  k get deploy -n ingress-nginx
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
ingress-nginx-controller   1/1     1            1           5m30s

 

4. Which namespace are the applications deployed in?

controlplane ~ ➜  k get ing -A
NAMESPACE   NAME                 CLASS    HOSTS   ADDRESS         PORTS   AGE
app-space   ingress-wear-watch   <none>   *       10.97.162.192   80      7m17s

controlplane ~ ➜  k get po -n app-space
NAME                              READY   STATUS    RESTARTS   AGE
default-backend-78f6fb8b4-79844   1/1     Running   0          7m41s
webapp-video-74bdc86cb8-92rq7     1/1     Running   0          7m41s
webapp-wear-6f8947f6cc-ccq4f      1/1     Running   0          7m42s

 

5. How many applications are deployed in the app-space namespace? 3


6. Which namespace is the Ingress Resource deployed in?
동일하게 app-space

controlplane ~ ➜  k get ing -A
NAMESPACE   NAME                 CLASS    HOSTS   ADDRESS         PORTS   AGE
app-space   ingress-wear-watch   <none>   *       10.97.162.192   80      9m5s

7. What is the name of the Ingress Resource? ingress-wear-watch

8. What is the Host configured on the Ingress Resource?
The host entry defines the domain name that users use to reach the application like www.google.com 

All Hosts(*)

9. What backend is the /wear path on the Ingress configured with?

controlplane ~ ➜  k describe ing ingress-wear-watch -n app-space
Name:             ingress-wear-watch
Labels:           <none>
Namespace:        app-space
Address:          10.97.162.192
Ingress Class:    <none>
Default backend:  <default>
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /wear    wear-service:8080 (10.244.0.4:8080)
              /watch   video-service:8080 (10.244.0.5:8080)
Annotations:  nginx.ingress.kubernetes.io/rewrite-target: /
              nginx.ingress.kubernetes.io/ssl-redirect: false

wear-service

10. At what path is the video streaming application made available on the Ingress?
/watch 

11. If the requirement does not match any of the configured paths in the Ingress, to which service are the requests forwarded?

controlplane ~ ➜  kubectl get deploy ingress-nginx-controller -n ingress-nginx -o yaml | grep backend
        - --default-backend-service=app-space/default-backend-service

12. Now view the Ingress Service using the tab at the top of the terminal. Which page do you see?
Click on the tab named Ingress.

404 Error page

13. View the applications by appending /wear and /watch to the URL you opened in the previous step.

{url}/wear

{url}/watch

 

14. You are requested to change the URLs at which the applications are made available.
Make the video application available at /stream.

Ingress: ingress-wear-watch
Path: /stream
Backend Service: video-service
Backend Service Port: 8080
controlplane ~ ➜  k edit ing  ingress-wear-watch -n app-space 
'''
watch 부분을 수정해준다
'''
....
spec:
  rules:
    - http:
        paths:
          - path: /stream
            pathType: Prefix
            backend:
              service: 
                name: video-service
                port: 
                  number: 8080
          - path: /wear
            pathType: Prefix
            backend:
              service:
                name: wear-service
                port:
                  number: 8080

현재 같은이름의 ingress로 돌아가는 /wear가 있기때문에 yaml로 빼내어  /stream을 추가해줍니다. 

15. View the Video application using the /stream URL in your browser.

16. A user is trying to view the /eat URL on the Ingress Service. Which page would he see?
404 Error 

 

17. Due to increased demand, your business decides to take on a new venture. You acquired a food delivery company. Their applications have been migrated over to your cluster.
Inspect the new deployments in the app-space namespace.

controlplane ~ ➜  k get deploy -n app-space 
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
default-backend   1/1     1            1           5m28s
webapp-food       1/1     1            1           33s
webapp-video      1/1     1            1           5m28s
webapp-wear       1/1     1            1           5m28s

 

18. You are requested to add a new path to your ingress to make the food delivery application available to your customers.
Make the new application available at /eat.

Ingress: ingress-wear-watch
Path: /eat
Backend Service: food-service
Backend Service Port: 8080
controlplane ~ ➜ k edit ingress ingress-wear-watch -n app-space 
ingress.networking.k8s.io/ingress-wear-watch edited
...
  rules:
  - http:
      paths:
      - backend:
          service:
            name: wear-service
            port:
              number: 8080
        path: /wear
        pathType: Prefix
      - backend:
          service:
            name: video-service
            port:
              number: 8080
        path: /stream
        pathType: Prefix
      ## eat url추가
      - backend:
          service:
            name: food-service
            port:
              number: 8080
        path: /eat
        pathType: Prefix
        
  controlplane ~ ➜  k describe ingress ingress-wear-watch -n app-space 
Name:             ingress-wear-watch
Labels:           <none>
Namespace:        app-space
Address:          10.111.191.52
Ingress Class:    <none>
Default backend:  <default>
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /wear     wear-service:8080 (10.244.0.4:8080)
              /stream   video-service:8080 (10.244.0.5:8080)
              /eat      food-service:8080 (10.244.0.10:8080)

 

19. View the Food delivery application using the /eat URL in your browser.
Click on the Ingress tab above your terminal, if its not open already, and append /eat to the URL in the browser.

 

20. A new payment service has been introduced. Since it is critical, the new application is deployed in its own namespace. Identify the namespace in which the new application is deployed.

controlplane ~ ➜  k get deploy -A | grep pay
critical-space   webapp-pay                 1/1     1            1           56s

 

21.  What is the name of the deployment of the new application?

webapp-pay

22. You are requested to make the new application available at /pay.
Identify and implement the best approach to making this application available on the ingress controller and test to make sure its working. Look into annotations: rewrite-target as well.

Ingress Created
Path: /pay
Configure correct backend service
Configure correct backend port
controlplane ~ ➜  k get svc -n critical-space 
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
pay-service   ClusterIP   10.105.250.177   <none>        8282/TCP   3m34s

포트는 8282로 설정해야될 것 같습니다.

rewrite-target 애노테이션은 NGINX Ingress Controller에서 경로 재작성(rewrite)을 수행할 때 사용됩니다. 이 기능은 클라이언트가 요청한 URL의 경로를 백엔드 서비스로 전달할 때, 경로를 수정하거나 간소화하는 데 사용됩니다.

controlplane ~ ➜  cat payment-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pay-ingress
  namespace: critical-space
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /pay
        pathType: Prefix
        backend:
          service:
            name: pay-service
            port:
              number: 8282
              
 controlplane ~ ➜  k get ing -n critical-space 
NAME          CLASS    HOSTS   ADDRESS         PORTS   AGE
pay-ingress   <none>   *       10.111.191.52   80      3m10s

 

23. 

 

 

 

 


        Ingress를 통해 Kubernetes에서 외부 트래픽을 효과적으로 관리하는 데 있어 Ingress가 얼마나 중요한 역할을 하는지 알수 있습니다.

    특히 도메인 기반 라우팅과 SSL/TLS 지원 기능은 실제 애플리케이션 운영에서 필수적이라는 점을 알게 되었고,
    이를 통해 클러스터의 보안을 더욱 강화할 수 있습니다.다음시간에 이어 ingress를 배워볼게요


    참조

     Udemy Labs - Certified Kubernetes Administrator with Practice Tests