Kong의 Kubernetes Architecture는 다음과 같다.
우리는 K4K8S를 위해 EKS에 EKS Cluster를 통해 Kong 을 설치한다.
임시 테스트 환경이기 때문에 worker node는 1대로만 구성하고 EKS 버전은 현 시점 최신 버전인 1.19를 설치한다.
$ eksctl create cluster --name K4K8S --version 1.19 --nodegroup-name standard-workers --node-type t3.medium --nodes 1
EKS Cluster에 설치된 K4K8S 상태를 체크한다.
$ eksctl get cluster
NAME REGION EKSCTL CREATED
K4K8S ap-northeast-2 True
$ aws eks list-clusters
{
"clusters": [
"K4K8S"
]
}
$ aws eks describe-cluster --name K4K8S
{
"cluster": {
"name": "K4K8S",
"arn": "arn:aws:eks:ap-northeast-2:221745184950:cluster/K4K8S",
"createdAt": "2021-03-07T14:31:48.143000+00:00",
"version": "1.19",
"endpoint": "https://1A0FF0503298C71CBD62AF3D51DFA569.sk1.ap-northeast-2.eks.amazonaws.com",
"roleArn": "arn:aws:iam::221745184950:role/eksctl-K4K8S-cluster-ServiceRole-Y7MBJJO3F2FI",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-0133882129af7a52f",
"subnet-0e0a7af3ea7b0d132",
"subnet-078ae114d6d40f738",
"subnet-0d9e292036118ebf2",
"subnet-09cc965f9d81883a6",
"subnet-0b233c914de35357d"
],
"securityGroupIds": [
"sg-08c91e467efce22d7"
],
"clusterSecurityGroupId": "sg-0e6bffec9e2238799",
"vpcId": "vpc-05b5e8e2480a85dc4",
"endpointPublicAccess": true,
"endpointPrivateAccess": false,
"publicAccessCidrs": [
"0.0.0.0/0"
]
},
"kubernetesNetworkConfig": {
"serviceIpv4Cidr": "10.100.0.0/16"
},
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": false
}
]
},
"identity": {
"oidc": {
"issuer": "https://oidc.eks.ap-northeast-2.amazonaws.com/id/1A0FF0503298C71CBD62AF3D51DFA569"
}
},
"status": "ACTIVE",
"certificateAuthority": {
"data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1ETXdOekUwTXpjek5sb1hEVE14TURNd05URTBNemN6Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT3V1CkpHQko3OGN3ZzJwa2Rpdm5GRG5pR090aVBrU1E0Y0FyNFM2WlpZa1p4aXZjVXYrRFI0aVE2OVRWZFFybkZJQWQKMVdjVXNLVk9kU05Nc1lJYlNMbUkrdUVhNXdrbWNTdkZSMURSSVljZDdKaHp1c0VSMWc1SHBvNTNXTHZuL2Q3cApkdWliNW5ZQmNwcXJ3S1NON3laMkZ4ZnZ3djRDTlJPUHJOaXNpcDFIZ0pQMHlTV2duTzBxQ1V4c1lWUGxnOXFkCndnSnp1aTc1emhZaDFldnJXRVNGUzViNDlCN21nRFovaUpkaURpMXdndm1vRXNhR2k5cENmUWwxQmMzYnNaODQKUHJ3SUlaR0gvUWNmS0EvY2V2VmdZY2puSjIybFlDOEFhTjNTQ0w4UnBiTnJ2S0dCZUpCZnVRbVNPaCtVbDlBdgpNQ1MyZnFuYjAyVWR0QjZLMFhjQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZIQ0Z1anNqRDhZSTJaQUROYnN4VFA4RWxNRnZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDWUJYSDVZQUpDeHhoa25oYXU5cmExb1VhMm1GeU1rUkRqeGVibzdPMUJqMnhTaC9zVwo4SzdicTVCRDJMRzhMTVJQaEtEYjBXdlpRS2FqMmdQNHZsdTZVSGtTN0RXZUtQaFNCYnplNDMzYlVqYUN4UHluCk5yM3ViVFlSRDUya295cklrK1FUZkJySUhNZVRWM0hCa056SFhXZmRDbUk2djR1NmxISitCMjhNczVTdEM2MFcKOWt6UWNCYVBmbWIyQmFHSEFTWTh1bWZ5NWh0dXd0ZnVKSGY3b0YwcittRDlnZm9xMmVBTWZYV00zYjBqcXp0UQo5TUF2RmUxT2NXWVdwaURLSEtkTG9kbWVkWXVMUjhmMFQyR3NTSDJVWHJxSHMyRTl3ZzdzN09Lb0p5VGJLL0k4CjU1YjFIb3JiaFhtaUlRSHMyY0FjdjlDSEtxUW1EZ0h2MVNobgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
},
"platformVersion": "eks.1",
"tags": {}
}
}$ kubectl get node
NAME STATUS ROLES AGE VERSION
ip-192-168-26-119.ap-northeast-2.compute.internal Ready <none> 8m47s v1.19.6-eks-49a6c0$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system aws-node-jlgm6 1/1 Running 0 9m27s
kube-system coredns-78fb67b999-wh7nh 1/1 Running 0 16m
kube-system coredns-78fb67b999-zpczs 1/1 Running 0 16m
kube-system kube-proxy-qh9p8 1/1 Running 0 9m27s$ kubectl get service --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 17m
kube-system kube-dns ClusterIP 10.100.0.10 <none> 53/UDP,53/TCP 17m
Checking the console
이제부터 설치 스크립트로 수행한다.
$ ./createkonk8s.sh스크립트의 내용은 다음과 같다.
설치가 완료되면 정상적으로 설치되었는지 점검한다.
ㅇ deployment 확인
$ kubectl get deployment --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kong ingress-kong 1/1 1 1 37s
kongee kong-enterprise 1/1 1 1 88s
kube-system coredns 2/2 2 2 24mㅇ 기동되어 있는 전체 pod 정보 확인
$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kong ingress-kong-5857d8b876-h2bpf 2/2 Running 0 2m18s
kongee kong-enterprise-f9ffbc769-27tzl 1/1 Running 0 2m34s
kongee kong-migration-6xmtb 0/1 Completed 2 3m9s
kongee postgres-0 1/1 Running 0 3m9s
kube-system aws-node-jlgm6 1/1 Running 0 19m
kube-system coredns-78fb67b999-wh7nh 1/1 Running 0 26m
kube-system coredns-78fb67b999-zpczs 1/1 Running 0 26m
kube-system kube-proxy-qh9p8 1/1 Running 0 19mㅇ Service 점검
$ kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 29m
kong kong-proxy LoadBalancer 10.100.89.194 a68c0ccb9ccd949509343c1f20877ed4-0e1ee6477f16aeab.elb.ap-northeast-2.amazonaws.com 80:31292/TCP,443:32273/TCP 5m40s
kong kong-validation-webhook ClusterIP 10.100.242.50 <none> 443/TCP 5m40s
kongee expose-kong LoadBalancer 10.100.48.171 a95374fb8ed9b4602b32bc3185cbf6e6-1754178475.ap-northeast-2.elb.amazonaws.com 8000:32317/TCP,8001:30097/TCP,8002:30972/TCP,8444:31007/TCP,8443:31677/TCP,8003:30163/TCP,8446:30891/TCP,8447:31943/TCP,8445:30948/TCP,8004:31646/TCP 6m30s
kongee kong-admin NodePort 10.100.152.38 <none> 8001:32342/TCP 6m31s
kongee kong-admin-ssl NodePort 10.100.75.190 <none> 8444:32577/TCP 6m31s
kongee kong-manager NodePort 10.100.134.202 <none> 8002:30870/TCP 6m31s
kongee kong-manager-ssl NodePort 10.100.6.108 <none> 8445:30478/TCP 6m31s
kongee kong-portal NodePort 10.100.101.25 <none> 8003:30239/TCP 6m31s
kongee kong-portal-admin NodePort 10.100.125.191 <none> 8004:31144/TCP 6m31s
kongee kong-portal-admin-ssl NodePort 10.100.241.79 <none> 8447:30706/TCP 6m31s
kongee kong-portal-ssl NodePort 10.100.198.195 <none> 8446:32653/TCP 6m31s
kongee kong-proxy NodePort 10.100.32.1 <none> 8000:32626/TCP 6m31s
kongee kong-proxy-ssl NodePort 10.100.152.16 <none> 8443:30724/TCP 6m31s
kongee postgres ClusterIP 10.100.95.227 <none> 5432/TCP 6m31s
kube-system kube-dns ClusterIP 10.100.0.10 <none> 53/UDP,53/TCP 29m