DevOps/Kubernetes
K8S에 Kong API Gateway 설치 하는 방법 (Helm Charts)
Jen'_'
2022. 10. 7. 20:26
반응형
helm charts (v2.8.2)
https://github.com/Kong/charts
values.yaml 커스터마이징
- 원본 values로 설치하면 에러가 많이 나서 커스터마이징을 했습니다.
- Postgres subcharts 설치
---
deployment:
kong:
enabled: true
serviceAccount:
create: true
env:
nginx_worker_processes: "2"
anonymous_reports: "off"
database: "postgres"
admin:
enabled: true
type: NodePort
annotations: {}
http:
enabled: true
tls:
enabled: true
parameters: []
proxy:
enabled: true
type: LoadBalancer
labels:
enable-metrics: "true"
http:
enabled: true
parameters: []
tls:
enabled: true
parameters: []
ingressController:
enabled: true
args:
- --anonymous-reports=false
admissionWebhook:
enabled: false
ingressClass: kong
ingressClassAnnotations: {}
rbac:
create: true
postgresql:
enabled: true
이슈
- listen http2 설정을 하면 ingress-controller에서 에러가 발생해서 전부 삭제했습니다.
- ingress-controller에서 failed to connect to reporting server 에러가 떠서 아래 옵션을 사용했습니다.
- env.anonymous_reports: "off"
- ingressController.args:--anonymous-reports=false
설치 명령어
$ helm repo add kong https://charts.konghq.com
$ helm repo update
$ helm install kong kong/kong --version 2.8.2 -n kong --create-namespace -f values.yaml
설치된 리소스
$ k describe deployment.apps/kong-kong -n kong
Name: kong-kong
Namespace: kong
CreationTimestamp: Thu, 06 Oct 2022 14:16:05 +0900
Labels: app.kubernetes.io/component=app
app.kubernetes.io/instance=kong
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kong
app.kubernetes.io/version=2.8
helm.sh/chart=kong-2.8.2
Annotations: deployment.kubernetes.io/revision: 1
meta.helm.sh/release-name: kong
meta.helm.sh/release-namespace: kong
Selector: app.kubernetes.io/component=app,app.kubernetes.io/instance=kong,app.kubernetes.io/name=kong
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=kong-kong
app.kubernetes.io/component=app
app.kubernetes.io/instance=kong
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kong
app.kubernetes.io/version=2.8
helm.sh/chart=kong-2.8.2
version=2.8
Annotations: kuma.io/gateway: enabled
traffic.sidecar.istio.io/includeInboundPorts:
Service Account: kong-kong
Init Containers:
clear-stale-pid:
Image: kong:2.8
Port: <none>
Host Port: <none>
Command:
rm
-vrf
$KONG_PREFIX/pids
Environment:
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout
KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr
KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
KONG_ANONYMOUS_REPORTS: off
KONG_CLUSTER_LISTEN: off
KONG_DATABASE: postgres
KONG_KIC: on
KONG_LUA_PACKAGE_PATH: /opt/?.lua;/opt/?/init.lua;;
KONG_NGINX_WORKER_PROCESSES: 2
KONG_PG_HOST: kong-postgresql
KONG_PG_PASSWORD: <set to the key 'password' in secret 'kong-postgresql'> Optional: false
KONG_PG_PORT: 5432
KONG_PLUGINS: bundled
KONG_PORTAL_API_ACCESS_LOG: /dev/stdout
KONG_PORTAL_API_ERROR_LOG: /dev/stderr
KONG_PORT_MAPS: 80:8000, 443:8443
KONG_PREFIX: /kong_prefix/
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
KONG_STATUS_LISTEN: 0.0.0.0:8100
KONG_STREAM_LISTEN: off
Mounts:
/kong_prefix/ from kong-kong-prefix-dir (rw)
/tmp from kong-kong-tmp (rw)
wait-for-db:
Image: kong:2.8
Port: <none>
Host Port: <none>
Args:
/bin/sh
-c
export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
Environment:
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout
KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr
KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
KONG_ANONYMOUS_REPORTS: off
KONG_CLUSTER_LISTEN: off
KONG_DATABASE: postgres
KONG_KIC: on
KONG_LUA_PACKAGE_PATH: /opt/?.lua;/opt/?/init.lua;;
KONG_NGINX_WORKER_PROCESSES: 2
KONG_PG_HOST: kong-postgresql
KONG_PG_PASSWORD: <set to the key 'password' in secret 'kong-postgresql'> Optional: false
KONG_PG_PORT: 5432
KONG_PLUGINS: bundled
KONG_PORTAL_API_ACCESS_LOG: /dev/stdout
KONG_PORTAL_API_ERROR_LOG: /dev/stderr
KONG_PORT_MAPS: 80:8000, 443:8443
KONG_PREFIX: /kong_prefix/
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
KONG_STATUS_LISTEN: 0.0.0.0:8100
KONG_STREAM_LISTEN: off
Mounts:
/kong_prefix/ from kong-kong-prefix-dir (rw)
/tmp from kong-kong-tmp (rw)
Containers:
ingress-controller:
Image: kong/kubernetes-ingress-controller:2.3
Port: 10255/TCP
Host Port: 0/TCP
Args:
--anonymous-reports=false
Liveness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
Readiness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
Environment:
POD_NAME: (v1:metadata.name)
POD_NAMESPACE: (v1:metadata.namespace)
CONTROLLER_ELECTION_ID: kong-ingress-controller-leader-kong
CONTROLLER_INGRESS_CLASS: kong
CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY: true
CONTROLLER_KONG_ADMIN_URL: https://localhost:8444
CONTROLLER_PUBLISH_SERVICE: kong/kong-kong-proxy
Mounts: <none>
proxy:
Image: kong:2.8
Ports: 8001/TCP, 8444/TCP, 8000/TCP, 8443/TCP, 8100/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
Liveness: http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3
Readiness: http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3
Environment:
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout
KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr
KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
KONG_ANONYMOUS_REPORTS: off
KONG_CLUSTER_LISTEN: off
KONG_DATABASE: postgres
KONG_KIC: on
KONG_LUA_PACKAGE_PATH: /opt/?.lua;/opt/?/init.lua;;
KONG_NGINX_WORKER_PROCESSES: 2
KONG_PG_HOST: kong-postgresql
KONG_PG_PASSWORD: <set to the key 'password' in secret 'kong-postgresql'> Optional: false
KONG_PG_PORT: 5432
KONG_PLUGINS: bundled
KONG_PORTAL_API_ACCESS_LOG: /dev/stdout
KONG_PORTAL_API_ERROR_LOG: /dev/stderr
KONG_PORT_MAPS: 80:8000, 443:8443
KONG_PREFIX: /kong_prefix/
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
KONG_STATUS_LISTEN: 0.0.0.0:8100
KONG_STREAM_LISTEN: off
KONG_NGINX_DAEMON: off
Mounts:
/kong_prefix/ from kong-kong-prefix-dir (rw)
/tmp from kong-kong-tmp (rw)
Volumes:
kong-kong-prefix-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kong-kong-tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kong-kong-bash-wait-for-postgres:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: kong-kong-bash-wait-for-postgres
Optional: false
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: kong-kong-68c8d5cfb7 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 34m deployment-controller Scaled up replica set kong-kong-68c8d5cfb7 to 1
디플로이먼트 상세 내용을 보면 알 수 있듯이 container는 proxy, ingress-controller 2개가 설치됩니다.
1. proxy: 모든 트래픽을 처리하는 핵심 프록시
2. ingress-controller: Kubernetes에서 Kong으로 구성을 동기화하는 일련의 프로세스
Kong 구성 방법
1. Ingress and CRDs
Kong 구성을 ingress와 CRD로 할 수 있습니다. ingress 리소스에 정의된 rules에 따라 트래픽을 프록시 하도록 Kong을 구성합니다. --> Kong ingress controller가 k8s 오브젝트를 kong 오브젝트로 매핑시킴
2. Admin API
본래 Kong을 실행하고 구성하는 방법입니다.
총 정리
- Helm chart, Manifest yaml 두 가지로 배포할 수 있는데 원하는 방법으로 설치하면 됩니다.
- DB mode와 DBless mode가 있는데 DBless mode에서는 지원 안 하는 Plugin이 있어 DB mode를 사용하는 게 좋습니다.
- 다양한 Plugin이 있는데 상황에 Global, Service, Route 단위로 설정할 수 있습니다.
- Admin API에 curl을 날려서 Service, Route, Plugin을 설정하거나 K8S Resource Service, Ingress, KongPlugin를 통해 설정할 수 있습니다.
반응형