DevOps/Kubernetes

K8S에 Kong API Gateway 설치 하는 방법 (Helm Charts)

Jen'_' 2022. 10. 7. 20:26
반응형

helm charts (v2.8.2)

https://github.com/Kong/charts

 

values.yaml 커스터마이징

- 원본 values로 설치하면 에러가 많이 나서 커스터마이징을 했습니다.
- Postgres subcharts 설치

---
deployment:
  kong:
    enabled: true
  serviceAccount:
    create: true

env:
  nginx_worker_processes: "2"
  anonymous_reports: "off"
  database: "postgres" 

admin:
  enabled: true
  type: NodePort
  annotations: {}

  http:
    enabled: true

  tls:
    enabled: true
    parameters: []

proxy:
  enabled: true
  type: LoadBalancer

  labels:
    enable-metrics: "true"

  http:
    enabled: true
    parameters: []

  tls:
    enabled: true
    parameters: []
    
ingressController:
  enabled: true

  args: 
  - --anonymous-reports=false

  admissionWebhook:
    enabled: false

  ingressClass: kong
  ingressClassAnnotations: {}

  rbac:
    create: true

postgresql:
  enabled: true

이슈

  1. listen http2 설정을 하면 ingress-controller에서 에러가 발생해서 전부 삭제했습니다.
  2. ingress-controller에서 failed to connect to reporting server 에러가 떠서 아래 옵션을 사용했습니다.
    • env.anonymous_reports: "off" 
    • ingressController.args:--anonymous-reports=false

 

설치 명령어

$ helm repo add kong https://charts.konghq.com
$ helm repo update

$ helm install kong kong/kong --version 2.8.2 -n kong --create-namespace -f values.yaml

 

설치된 리소스


$ k describe deployment.apps/kong-kong -n kong

Name:                   kong-kong
Namespace:              kong
CreationTimestamp:      Thu, 06 Oct 2022 14:16:05 +0900
Labels:                 app.kubernetes.io/component=app
                        app.kubernetes.io/instance=kong
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=kong
                        app.kubernetes.io/version=2.8
                        helm.sh/chart=kong-2.8.2
Annotations:            deployment.kubernetes.io/revision: 1
                        meta.helm.sh/release-name: kong
                        meta.helm.sh/release-namespace: kong
Selector:               app.kubernetes.io/component=app,app.kubernetes.io/instance=kong,app.kubernetes.io/name=kong
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app=kong-kong
                    app.kubernetes.io/component=app
                    app.kubernetes.io/instance=kong
                    app.kubernetes.io/managed-by=Helm
                    app.kubernetes.io/name=kong
                    app.kubernetes.io/version=2.8
                    helm.sh/chart=kong-2.8.2
                    version=2.8
  Annotations:      kuma.io/gateway: enabled
                    traffic.sidecar.istio.io/includeInboundPorts: 
  Service Account:  kong-kong
  Init Containers:
   clear-stale-pid:
    Image:      kong:2.8
    Port:       <none>
    Host Port:  <none>
    Command:
      rm
      -vrf
      $KONG_PREFIX/pids
    Environment:
      KONG_ADMIN_ACCESS_LOG:        /dev/stdout
      KONG_ADMIN_ERROR_LOG:         /dev/stderr
      KONG_ADMIN_GUI_ACCESS_LOG:    /dev/stdout
      KONG_ADMIN_GUI_ERROR_LOG:     /dev/stderr
      KONG_ADMIN_LISTEN:            0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ANONYMOUS_REPORTS:       off
      KONG_CLUSTER_LISTEN:          off
      KONG_DATABASE:                postgres
      KONG_KIC:                     on
      KONG_LUA_PACKAGE_PATH:        /opt/?.lua;/opt/?/init.lua;;
      KONG_NGINX_WORKER_PROCESSES:  2
      KONG_PG_HOST:                 kong-postgresql
      KONG_PG_PASSWORD:             <set to the key 'password' in secret 'kong-postgresql'>  Optional: false
      KONG_PG_PORT:                 5432
      KONG_PLUGINS:                 bundled
      KONG_PORTAL_API_ACCESS_LOG:   /dev/stdout
      KONG_PORTAL_API_ERROR_LOG:    /dev/stderr
      KONG_PORT_MAPS:               80:8000, 443:8443
      KONG_PREFIX:                  /kong_prefix/
      KONG_PROXY_ACCESS_LOG:        /dev/stdout
      KONG_PROXY_ERROR_LOG:         /dev/stderr
      KONG_PROXY_LISTEN:            0.0.0.0:8000, 0.0.0.0:8443 ssl
      KONG_STATUS_LISTEN:           0.0.0.0:8100
      KONG_STREAM_LISTEN:           off
    Mounts:
      /kong_prefix/ from kong-kong-prefix-dir (rw)
      /tmp from kong-kong-tmp (rw)
   wait-for-db:
    Image:      kong:2.8
    Port:       <none>
    Host Port:  <none>
    Args:
      /bin/sh
      -c
      export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
    Environment:
      KONG_ADMIN_ACCESS_LOG:        /dev/stdout
      KONG_ADMIN_ERROR_LOG:         /dev/stderr
      KONG_ADMIN_GUI_ACCESS_LOG:    /dev/stdout
      KONG_ADMIN_GUI_ERROR_LOG:     /dev/stderr
      KONG_ADMIN_LISTEN:            0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ANONYMOUS_REPORTS:       off
      KONG_CLUSTER_LISTEN:          off
      KONG_DATABASE:                postgres
      KONG_KIC:                     on
      KONG_LUA_PACKAGE_PATH:        /opt/?.lua;/opt/?/init.lua;;
      KONG_NGINX_WORKER_PROCESSES:  2
      KONG_PG_HOST:                 kong-postgresql
      KONG_PG_PASSWORD:             <set to the key 'password' in secret 'kong-postgresql'>  Optional: false
      KONG_PG_PORT:                 5432
      KONG_PLUGINS:                 bundled
      KONG_PORTAL_API_ACCESS_LOG:   /dev/stdout
      KONG_PORTAL_API_ERROR_LOG:    /dev/stderr
      KONG_PORT_MAPS:               80:8000, 443:8443
      KONG_PREFIX:                  /kong_prefix/
      KONG_PROXY_ACCESS_LOG:        /dev/stdout
      KONG_PROXY_ERROR_LOG:         /dev/stderr
      KONG_PROXY_LISTEN:            0.0.0.0:8000, 0.0.0.0:8443 ssl
      KONG_STATUS_LISTEN:           0.0.0.0:8100
      KONG_STREAM_LISTEN:           off
    Mounts:
      /kong_prefix/ from kong-kong-prefix-dir (rw)
      /tmp from kong-kong-tmp (rw)
  Containers:
   ingress-controller:
    Image:      kong/kubernetes-ingress-controller:2.3
    Port:       10255/TCP
    Host Port:  0/TCP
    Args:
      --anonymous-reports=false
    Liveness:   http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
    Readiness:  http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
    Environment:
      POD_NAME:                                (v1:metadata.name)
      POD_NAMESPACE:                           (v1:metadata.namespace)
      CONTROLLER_ELECTION_ID:                 kong-ingress-controller-leader-kong
      CONTROLLER_INGRESS_CLASS:               kong
      CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY:  true
      CONTROLLER_KONG_ADMIN_URL:              https://localhost:8444
      CONTROLLER_PUBLISH_SERVICE:             kong/kong-kong-proxy
    Mounts:                                   <none>
   proxy:
    Image:       kong:2.8
    Ports:       8001/TCP, 8444/TCP, 8000/TCP, 8443/TCP, 8100/TCP
    Host Ports:  0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Liveness:    http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3
    Readiness:   http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3
    Environment:
      KONG_ADMIN_ACCESS_LOG:        /dev/stdout
      KONG_ADMIN_ERROR_LOG:         /dev/stderr
      KONG_ADMIN_GUI_ACCESS_LOG:    /dev/stdout
      KONG_ADMIN_GUI_ERROR_LOG:     /dev/stderr
      KONG_ADMIN_LISTEN:            0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ANONYMOUS_REPORTS:       off
      KONG_CLUSTER_LISTEN:          off
      KONG_DATABASE:                postgres
      KONG_KIC:                     on
      KONG_LUA_PACKAGE_PATH:        /opt/?.lua;/opt/?/init.lua;;
      KONG_NGINX_WORKER_PROCESSES:  2
      KONG_PG_HOST:                 kong-postgresql
      KONG_PG_PASSWORD:             <set to the key 'password' in secret 'kong-postgresql'>  Optional: false
      KONG_PG_PORT:                 5432
      KONG_PLUGINS:                 bundled
      KONG_PORTAL_API_ACCESS_LOG:   /dev/stdout
      KONG_PORTAL_API_ERROR_LOG:    /dev/stderr
      KONG_PORT_MAPS:               80:8000, 443:8443
      KONG_PREFIX:                  /kong_prefix/
      KONG_PROXY_ACCESS_LOG:        /dev/stdout
      KONG_PROXY_ERROR_LOG:         /dev/stderr
      KONG_PROXY_LISTEN:            0.0.0.0:8000, 0.0.0.0:8443 ssl
      KONG_STATUS_LISTEN:           0.0.0.0:8100
      KONG_STREAM_LISTEN:           off
      KONG_NGINX_DAEMON:            off
    Mounts:
      /kong_prefix/ from kong-kong-prefix-dir (rw)
      /tmp from kong-kong-tmp (rw)
  Volumes:
   kong-kong-prefix-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
   kong-kong-tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
   kong-kong-bash-wait-for-postgres:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      kong-kong-bash-wait-for-postgres
    Optional:  false
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   kong-kong-68c8d5cfb7 (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  34m   deployment-controller  Scaled up replica set kong-kong-68c8d5cfb7 to 1

디플로이먼트 상세 내용을 보면 알 수 있듯이 container는 proxy, ingress-controller 2개가 설치됩니다.
1. proxy: 모든 트래픽을 처리하는 핵심 프록시
2. ingress-controller: Kubernetes에서 Kong으로 구성을 동기화하는 일련의 프로세스

 

Kong 구성 방법

1. Ingress and CRDs
Kong 구성을 ingress와 CRD로 할 수 있습니다. ingress 리소스에 정의된 rules에 따라 트래픽을 프록시 하도록 Kong을 구성합니다. --> Kong ingress controller가 k8s 오브젝트를 kong 오브젝트로 매핑시킴
2. Admin API
본래 Kong을 실행하고 구성하는 방법입니다.

 

총 정리

  1. Helm chart, Manifest yaml 두 가지로 배포할 수 있는데 원하는 방법으로 설치하면 됩니다.
    1. [Helm] https://github.com/Kong/charts
    2. [Manifest] https://github.com/Kong/kubernetes-ingress-controller/blob/main/deploy/single/all-in-one-postgres.yaml
  2. DB mode와 DBless mode가 있는데 DBless mode에서는 지원 안 하는 Plugin이 있어 DB mode를 사용하는 게 좋습니다.
  3. 다양한 Plugin이 있는데 상황에 Global, Service, Route 단위로 설정할 수 있습니다.
  4. Admin API에 curl을 날려서 Service, Route, Plugin을 설정하거나 K8S Resource Service, Ingress, KongPlugin를 통해 설정할 수 있습니다.

 

 

반응형