ingress-nginx 네임스페이스를 만드세요
controlplane ~ ➜ kubectl create namespace ingress-nginx
namespace/ingress-nginx created
controlplane ~ ➜ kubectl get namespace
NAME STATUS AGE
app-space Active 81s
default Active 3m33s
ingress-nginx Active 5s
kube-flannel Active 3m30s
kube-node-lease Active 3m33s
kube-public Active 3m33s
kube-system Active 3m33s
ingress-nginx 네임스페이스에 컨피그맵을 만드세요
Name: ingress-nginx-controller
controlplane ~ ➜ kubectl create configmap ingress-nginx-controller -n ingress-nginx
configmap/ingress-nginx-controller created
controlplane ~ ➜ kubectl get configmap -A
NAMESPACE NAME DATA AGE
app-space kube-root-ca.crt 1 2m45s
default kube-root-ca.crt 1 4m48s
ingress-nginx ingress-nginx-controller 0 7s
ingress-nginx kube-root-ca.crt 1 89s
kube-flannel kube-flannel-cfg 2 4m54s
kube-flannel kube-root-ca.crt 1 4m48s
kube-node-lease kube-root-ca.crt 1 4m48s
kube-public cluster-info 2 4m56s
kube-public kube-root-ca.crt 1 4m48s
kube-system coredns 1 4m55s
kube-system extension-apiserver-authentication 6 4m57s
kube-system kube-apiserver-legacy-service-account-token-tracking 1 4m57s
kube-system kube-proxy 2 4m55s
kube-system kube-root-ca.crt 1 4m48s
kube-system kubeadm-config 1 4m56s
kube-system kubelet-config 1 4m56s
ingress-nginx 네임스페이스에 두 개의 서비스 어카운트를 만드세요
Name: ingress-nginx
Name: ingress-nginx-admission
controlplane ~ ➜ kubectl create sa ingress-nginx -n ingress-nginx
serviceaccount/ingress-nginx created
controlplane ~ ➜ kubectl create sa ingress-nginx-admission -n ingress-nginx
serviceaccount/ingress-nginx-admission created
controlplane ~ ➜ kubectl get sa -n ingress-nginx
NAME SECRETS AGE
default 0 3m3s
ingress-nginx 0 34s
ingress-nginx-admission 0 22s
Ingress Controller를 배포하세요
Deployed in the correct namespace.
Replicas: 1
Use the right image
Namespace: ingress-nginx
Service name: ingress-nginx-controller
NodePort: 30080
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.1.2
helm.sh/chart: ingress-nginx-4.0.18
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 1
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --watch-ingress-without-class=true
- --default-backend-service=app-space/default-http-backend
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- name: http
containerPort: 80
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.1.2
helm.sh/chart: ingress-nginx-4.0.18
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: 30080
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort
ingress controller에 /wear, /watch 패스와 rewrite-target 어노테이션을 추가해서 생성하세요
nginx.ingress.kubernetes.io/rewrite-target: /
Ingress Created
Path: /wear
Path: /watch
Configure correct backend service for /wear
Configure correct backend service for /watch
Configure correct backend port for /wear service
Configure correct backend port for /watch service
일단 배포된 app과 service가 있는 namespace에 만들어야함
controlplane ~ ➜ kubectl get svc -n app-space
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 172.20.21.255 <none> 80/TCP 20m
video-service ClusterIP 172.20.185.55 <none> 8080/TCP 20m
wear-service ClusterIP 172.20.112.57 <none> 8080/TCP 20m
get svc로 svc 이름과 포트 확인
vim ingress-app.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx
namespace: app-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: ingress-nginx
rules:
- http:
paths:
- path: /wear
pathType: Prefix
backend:
service:
name: wear-service
port:
number: 8080
- http:
paths:
- path: /watch
pathType: Prefix
backend:
service:
name: video-service
port:
number: 8080
controlplane ~ ➜ kubectl apply -f ingress-app.yaml
ingress.networking.k8s.io/ingress-nginx configured
controlplane ~ ➜ kubectl describe ingress ingress-nginx -n app-space
Name: ingress-nginx
Labels: <none>
Namespace: app-space
Address:
Ingress Class: ingress-nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:8080 (172.17.0.4:8080)
*
/watch video-service:8080 (172.17.0.5:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events: <none>
'DevOps' 카테고리의 다른 글
| CKA 예제 리마인더 - 34. Application Failure (0) | 2025.01.10 |
|---|---|
| CKA 예제 리마인더 - 33. Cluster Installation using Kubeadm (0) | 2025.01.09 |
| CKA 예제 리마인더 - 31. Ingress Networking - 1 (0) | 2025.01.07 |
| CKA 예제 리마인더 - 30. Service Networking (0) | 2025.01.03 |
| CKA 예제 리마인더 - 29. Networking Weave (0) | 2025.01.03 |