클러스터 생성 시 아래명령어로 aws eks 세팅
ingress
- ingress-controller
- Ingress
- Ingress는 클러스터 외부에서 클러스터 내의 서비스로 HTTP와 HTTPS 트래픽을 라우팅하기 위한 규칙의 모음
- ingress-controller
- 실질적인 라우팅을 수행
- ingress와 ingress-controller는 nginx와 nginx conf의 관계
- spring cloud의 api-gateway와 같은 역할 수행
- Ingress
nginx-depl-serv.yml 파일
apiVersion: apps/v1
kind: Deployment
metadata:
name: jang-nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: jang-nginx
template:
metadata:
labels:
app: jang-nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: jang-nginx-service
spec:
# ClusterIP는 클러스터 내부에서만 접근가능한 Service를 생성
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
selector:
app: jang-nginx
nginx-depl-serv.yml 실행 및 적용확인
nginx-ingress.yml
# ingress-controller 설치 명령어
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/aws/deploy.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jang-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1 #첫번째 prefix제거 /jang 제거
spec:
rules:
- http:
paths:
- path: /jang/ #모든 url요청을 nginx-service로 라우팅
pathType: Prefix
backend:
service:
name: jang-nginx-service
port:
number: 80
ingress-controller 설치
nginx-ingress.yml 적용
ingress 생성 확인
ingress https(https 인증서 적용 절차)
helm window 설치
https://sseokseok.tistory.com/7
Windows 10에서 Helm 설치
안녕하세요 썩석입니다. 오늘은 Windows 10에서 Helm CLI를 설치해보겠습니다. 1. Binary 다운로드 https://github.com/helm/helm/releases Releases · helm/helm The Kubernetes Package Manager. Contribute to helm/helm development by crea
sseokseok.tistory.com
ingress_cert.yml 파일
# https 인증서 적용 절차
# 1.cert-manager 생성
# cert-manager 생성을 위한 cert-manager namespace 생성
# 1-1)kubectl create namespace cert-manager
# 1-2)Helm 설치
# 1-3)cert-manager를 설치하기 위한 Jetstack Helm repository 추가
# 명령어 : helm repo add jetstack https://charts.jetstack.io
# 1-4)helm repository 업데이트
# 명령어 : helm repo update
# 1-5)cert-manager 차트 설치
# 명령어 : helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.5.0 --create-namespace --set installCRDs=true
# 2.ClusterIssuer 생성
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# 인증서 서버 주소. 해당 서버의 리소스를 통해 인증서 발행
server: https://acme-v02.api.letsencrypt.org/directory
# 인증서 만료 또는 갱신 필요시 알람 email
email: 1wkdwnsgur@gmail.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
# 3.ClusterIssue를 사용하여 Certificate 리소스 생성 : Certificate리소스 생성시에 인증서 발급
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-jang-com-tls
namespace: default
spec:
secretName: nginx-jang-com-tls
duration: 2160h #90days
renewBefore: 360h #before 15day
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: server.greatjang.shop
dnsNames:
- server.greatjang.shop
ingress HOSTS 확인
server.greatjang.shop 확인 안되면 delete하고 apply
certificate ready 확인
kubectl apply -f .\ingress_cert.yml
kubectl get certificate
개인계정 route53에 server.greatjang.shop 레코드 편집
CNAME - 값은 team6 로드밸런서 DNS 주소 입력
https://server.greatjang.shop/jang/ 접속 확인
ordering kubernetes 배포
github/workflows
k8s_deploy.yml
1)docker 이미지 만들어서 dockerhub 또는
order-backend-depl-serv.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jang-order-backend
spec:
replicas: 2
selector:
matchLabels:
app: jang-order-backend
template:
metadata:
labels:
app: jang-order-backend
spec:
containers:
- name: order-backend
image: 346903264902.dkr.ecr.ap-northeast-2.amazonaws.com/team6-order # ecr 주소
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: jang-order-backend-service
spec:
# ClusterIP는 클러스터 내부에서만 접근가능한 Service를 생성
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
selector:
app: jang-order-backend
ingress.yml
# ingress-controller 설치 명령어
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/aws/deploy.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jang-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1 #첫번째 prefix제거 /jang 제거
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- "server.greatjang.shop"
secretName: nginx-jang-com-tls
rules:
- host: server.greatjang.shop
http:
paths:
- path: /jang/ #모든 url요청을 nginx-service로 라우팅
pathType: Prefix
backend:
service:
name: jang-order-backend-service
port:
number: 80
C:\Users\Playdata\Kubernetes_practice\ordering\k8s 경로 이동
kubectl apply -f .\ingress.yml 적용
EKS - ECR
team6 - URL 복사 및 붙혀넣기
DB_HOST, DB_USERNAME, DB_PASSWORD secrets 처리
order-backend-deploy.yml -> Docker.file -> application.yml 받아주어야 한다.
order-backend-deploy.yml
name: deploy order order-backend
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: checkout github
uses: actions/checkout@v2
- name: install kubectl
uses: azure/setup-kubectl@v3
with:
version: "v1.25.9"
id: install
- name: configure aws #aws configure 팀 키값
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secret.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secret.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: update cluster information
run: aws eks update-kubeconfig --name 6team-cluster --region ap-northeast-2
- name: build and push docker image rto ecr
env:
REGISTRY: 346903264902.dkr.ecr.ap-northeast-2.amazonaws.com/team6-order
REPOSITORY: team6-order
IMAGE_TAG: latest
⭐DB_HOST: ${{ secrets.DB_HOST }}
⭐DB_USERNAME: ${{ secrets.DB_USERNAME }}
⭐DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
docker build \
--build-arg DB_HOST \
--build-arg DB_USERNAME \
--build-arg DB_PASSWORD \
-t $REGISTRY/$REPOSITORY:$IMAGE_TAG \
-f ./ordering/Dockerfile ./ordering
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
- name: eks kubectl apply
run: |
kubectl apply -f ./ordering/k8s/order-backend-depl-serv.yml
kubectl rollout restart deployment greatjang-order-backend-depl
Docker.file
FROM openjdk:11 as stage1
WORKDIR /app
# gradle 빌드시에 필요한 파일들을 workdir로 copy
COPY gradlew .
COPY gradle gradle
COPY build.gradle .
COPY settings.gradle .
COPY src src
# grdlew 파일 실행권한 부여
RUN chmod +x ./gradlew
# /app/build/livs/*.jar 파일 아래 명령어를 통해 실행
RUN ./gradlew bootJar
ARG DB_HOST
ARG DB_USERNAME
ARG DB_PASSWORD
⭐ENV DB_HOST=${DB_HOST}
⭐ENV DB_USERNAME=${DB_USERNAME}
⭐ENV DB_PASSWORD=${DB_PASSWORD}
FROM openjdk:11
WORKDIR /app
COPY --from=stage1 /app/build/libs/*.jar app.jar
# docker run -d -p 8080:8080 -v C:/Users/Playdata/Desktop/tmp:/tmp order_backend:v1
VOLUME /tmp
#CMD 또는 ENTRYPOINT 를 통해 실행
ENTRYPOINT [ "java","-jar","app.jar"]
# docker실행시 db정보를 환경변수로 주입
# docker run -d -p 8080:8080 -e SPRING_DATASOURCE_URL=jdbc:mariadb://host.docker.internal:3306/spring_order -v C:/Users/Playdata/Desktop/tmp:/tmp order-backend:v1
application.yml
spring:
security:
user:
name: user
password: password # PasswordEncoder.encode(password)
datasource:
driver-class-name: org.mariadb.jdbc.Driver
⭐url: jdbc:mariadb://${DB_HOST}:3306/spring_order_jang
⭐username: ${DB_USERNAME}
⭐password: ${DB_PASSWORD}
jpa:
database: mysql
database-platform: org.hibernate.dialect.MariaDBDialect
generate-ddl: true
hibernate:
ddl-auto: update
show-sql: true
jwt:
expiration: 30 #30분
secretKey: mysecret
'Cloud > AWS' 카테고리의 다른 글
| AWS EC2 키페어 로그인 & EC2 웹서버 구축 (0) | 2024.07.09 |
|---|---|
| Kubernetes5_2024_03_08 (0) | 2024.03.11 |
| Kubernetes3_2024_03_06 (2) | 2024.03.06 |
| Kubernetes2_2024_03_06 (0) | 2024.03.06 |
| Kubernetes1_2024_03_05 (0) | 2024.03.05 |