본문 바로가기
카테고리 없음

6.1 파드를 외부에 노출시키기

jiwonbae 2024. 5. 27. 16:03

파드에 접근하도록 정책을 정의

  • ClusterIP
    • 쿠버네티스가 지원하는 기본적인 형태의 서비스
    • POD 들이 클러스터 내부의 다른 리소스들과 통신할 수 있도록 해주는 가상의 클러스터 전용 IP다.
    • <ClusterIP>로 들어온 클러스터 내부 트래픽을 해당 파드의 <파드IP>:<targetPort>로 넘겨주도록 동작하므로,
      오직 클러스터 내부에서만 접근 가능하게 된다.

형식

root@k8s-master-00:~# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   3d4h

 

--service 생성 후 접근 테스트
--서비스 실행후  cluster 에서만 접근하도록 구성 
root@k8s-master-00:~# vim nodejs-app.yml
apiVersion: v1
kind: Pod
metadata:
  name: nodejs-app
  labels:
    app: nodejs-app
spec:
  containers:
   - name: nodejs-app
     image: yakir32/nodejs-hello-world
     ports:
       - containerPort: 3000
  imagePullSecrets:
       - name: jarrod-secret-test

--실행
root@k8s-master-00:~# kubectl apply -f nodejs-app.yml
pod/nodejs-app created

root@k8s-master-00:~# kubectl get pod -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
nodejs-app   1/1     Running   0          47s   192.168.118.106   k8s-worker-02   <none>           <none>
web-7j4zq    1/1     Running   0          17m   192.168.36.209    k8s-worker-01   <none>           <none>
web-8njhp    1/1     Running   0          17m   192.168.118.105   k8s-worker-02   <none>           <none>
web-lb5s8    1/1     Running   0          17m   192.168.118.104   k8s-worker-02   <none>           <none>

--만들어지긴했는데 비어있음
root@k8s-master-00:~# curl -s 192.168.118.106
root@k8s-master-00:~# kubectl get pod -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
nodejs-app   1/1     Running   0          15m   192.168.118.106   k8s-worker-02   <none>           <none>


root@k8s-master-00:~# kubectl expose pod nodejs-app
service/nodejs-app exposed

root@k8s-master-00:~# kubectl get service
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP    3d5h
nodejs-app   ClusterIP   10.108.107.255   <none>        3000/TCP   19s

--192.168.118.106:3000과 ClusterIP인 10.108.107.255:3000으로 접근

--pod 삭제
root@k8s-master-00:~# kubectl delete pod nodejs-app
pod "nodejs-app" deleted
root@k8s-master-00:~# kubectl get service
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP    3d5h
nodejs-app   ClusterIP   10.108.107.255   <none>        3000/TCP   8m6s
root@k8s-master-00:~# kubectl get pod -o wide
No resources found in default namespace.

root@k8s-master-00:~# kubectl apply -f nodejs-app.yml
pod/nodejs-app created

root@k8s-master-00:~# kubectl get pod -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
nodejs-app   1/1     Running   0          10s   192.168.118.107   k8s-worker-02   <none>           <none>

--clusterip로 접근하면 해당 웹페이지가 나온다
--pod주소가 일정하지 않기때문에 service로 웹페이지를 찾는다

--service만 지우기
root@k8s-master-00:~# kubectl delete svc nodejs-app
service "nodejs-app" deleted
root@k8s-master-00:~# kubectl get pod -o wide
NAME         READY   STATUS    RESTARTS   AGE     IP                NODE            NOMINATED NODE   READINESS GATES
nodejs-app   1/1     Running   0          3m42s   192.168.118.107   k8s-worker-02   <none>           <none>
--노드포트
root@k8s-master-00:~# kubectl expose pod nodejs-app --type=NodePort
service/nodejs-app exposed
root@k8s-master-00:~# kubectl get service
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP          3d5h
nodejs-app   NodePort    10.103.143.89   <none>        3000:31391/TCP   6s

외부호스트에서 node ip에 포트번호를 붙혀서 접근하면 웹페이지가 노출된다

--선언형으로 해보기
root@k8s-master-00:~# vi nodejs-service.yml
apiVersion: v1
kind: Service
metadata:
  name: nodejs-app
spec:
  selector:
    app: nodejs-app
  ports:
    - protocol: TCP
      port: 30000
      targetPort: 3000
      nodePort: 55555
  type: NodePort
  
--오류발생
root@k8s-master-00:~# kubectl apply -f nodejs-service.yml
The Service "nodejs-app" is invalid: spec.ports[0].nodePort: Invalid value: 55555: provided port is not in the valid range. The range of valid ports is 30000-32767

--매니페스트 nodePort 부분 수정
apiVersion: v1
kind: Service
metadata:
  name: nodejs-app
spec:
  selector:
    app: nodejs-app
  ports:
    - protocol: TCP
      port: 30000
      targetPort: 3000
      nodePort: 32222
  type: NodePort

--재실행
root@k8s-master-00:~# kubectl apply -f nodejs-service.yml
service/nodejs-app created

--확인
root@k8s-master-00:~# kubectl get service
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP           3d5h
nodejs-app   NodePort    10.96.112.55   <none>        30000:32222/TCP   21s

--pod 실행
root@k8s-master-00:~# kubectl apply -f nodejs-app.yml
pod/nodejs-app created

root@k8s-master-00:~# kubectl get pod -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
nodejs-app   1/1     Running   0          23s   192.168.118.108   k8s-worker-02   <none>           <none>

외부호스트에서 포트번호로 접근 성공

기본 포트번호는 2의 16승개로 65536번까지 사용이 가능 하나 노드포트는 30000~32767로 제한되어있다

두개의 포트를 잘 구분하자

 

 

저작자표시 비영리 변경금지 (새창열림)

티스토리툴바