인그레스 (Ingress)
Ingress
클러스터 내의 서비스에 대한 외부 접근을 관리하는 API 오브젝트이며, 일반적으로 HTTP를 관리함.
인그레스는 부하 분산, SSL 종료, 명칭 기반의 가상 호스팅을 제공할 수 있다Service에 외부 URL을 제공
트래픽을 로드밸런싱
SSL 인증서처리
URL마다 Virtual hosting을 지정
http://example.com/ --> svc Main
http://example.com/login --> svc Login
http://example.com/order --> svc Order
Ingress Controller 설치
- 쿠버네이트io 사이트에서 ingress 검색후 nginx 관련 링크를 선택하면
- 깃헙으로 이동하게 되고
- Getting Start 누르면
- install guide가 나오는데, 이때 Contents에서 Bare-Metal을 선택
- 항목 : kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml 에서 url만 딴뒤
- 다운받은 deploy.yaml 실행
kubectl create -f deploy.yaml namespace/ingress-nginx created serviceaccount/ingress-nginx created serviceaccount/ingress-nginx-admission created role.rbac.authorization.k8s.io/ingress-nginx created role.rbac.authorization.k8s.io/ingress-nginx-admission created clusterrole.rbac.authorization.k8s.io/ingress-nginx created clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created rolebinding.rbac.authorization.k8s.io/ingress-nginx created rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created configmap/ingress-nginx-controller created service/ingress-nginx-controller created service/ingress-nginx-controller-admission created deployment.apps/ingress-nginx-controller created job.batch/ingress-nginx-admission-create created job.batch/ingress-nginx-admission-patch created ingressclass.networking.k8s.io/nginx created validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
- 확인
kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-hnsxv 0/1 Completed 0 33s ingress-nginx-admission-patch-kf24f 0/1 Completed 0 33s ingress-nginx-controller-6c56945c75-ld9wt 1/1 Running 0 33s kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller NodePort 10.104.91.74 <none> 80:32548/TCP,443:31497/TCP 52s ingress-nginx-controller-admission ClusterIP 10.96.160.38 <none> 443/TCP 52s
Ingress 동작
출처 : 유튜브 따배런 따배쿠 https://www.youtube.com/@ttabae-learnkubectl get namespaces
default Active 8d
ingress-nginx Active 27m
kube-node-lease Active 8d
kube-public Active 8d
kube-system Active 8d
kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-hnsxv 0/1 Completed 0 28m
pod/ingress-nginx-admission-patch-kf24f 0/1 Completed 0 28m
pod/ingress-nginx-controller-6c56945c75-ld9wt 1/1 Running 0 28m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.104.91.74 <none> 80:30100/TCP,443:30200/TCP 28m
service/ingress-nginx-controller-admission ClusterIP 10.96.160.38 <none> 443/TCP 28m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 28m
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-6c56945c75 1 1 1 28m
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 10s 28m
job.batch/ingress-nginx-admission-patch 1/1 10s 28m
ingress 샘플만들기
#minimal-ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx-example
rules:
- http:
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: test
port:
number: 80
#wildcard-ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-wildcard-host
spec:
rules:
- host: "foo.bar.com"
http:
paths:
- pathType: Prefix
path: "/bar"
backend:
service:
name: service1
port:
number: 80
- host: "*.foo.com"
http:
paths:
- pathType: Prefix
path: "/foo"
backend:
service:
name: service2
port:
number: 80
#virtual-host-ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: name-virtual-host-ingress-no-third-host
spec:
rules:
- host: first.bar.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service1
port:
number: 80
- host: second.bar.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service2
port:
number: 80
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service3
port:
number: 80