使用 Kubernetes 的 Ingress 架設 Web application(前端與 NodeJS 後端)
6 min readMar 19, 2019
開始之前
這次文章的重點:
- 使用 GCP 的 GKE 架設 Kubernetes
- 使用 Ingress 管理網站前端與後端流量與導向
- 使用 TLS/SSL 做完連線標準
需要先準備的有:
- 一組 Domain name 和 TLS/SSL 憑證
- 已經包裝好的網站前端的 Docker(本文使用 nginx 做完網站引擎)
- 已經包裝好的網站後端的 Docker(本文使用 NodeJS 和 express.js)
Let’s go
建立 TLS/SSL Secret
使用 Secret 來儲存 TLS/SSL key
$ kubectl create secret tls my-ssl --cert /mount/my-ssl/ssl.crt --key /mount/my-ssl/my.key建立檔案儲存用 Persistent Volumes
使用 Persistent Volume 作為後端處理檔案還儲存檔案的空間
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi部署
$ kubectl apply -f volumeclaim.yaml
建立後端的 Deployment 和 Service
建立 Deployment,並且透過 volumes 把 TLS/SSL 的 Secret 和 Persistent Volume 映射到 container 的目錄底下
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
labels:
app: server
spec:
replicas: 1
selector:
matchLabels:
app: server
template:
metadata:
labels:
app: server
spec:
containers:
- name: server
image: your_docker_hub/server:latest
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 80
volumeMounts:
- name: persistent-storage
mountPath: /usr/src/app/server/storage
- name: ssl-secret-volume
mountPath: /etc/creds
readOnly: true
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: volumeclaim
- name: ssl-secret-volume
secret:
secretName: my-ssl部署 Deployment
kubectl apply -f server-deployment.yaml
建立 Service
apiVersion: v1
kind: Service
metadata:
name: server
labels:
app: server
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: server
selector:
app: server部署 Service
kubectl apply -f server-service.yaml
建立前端的 Deployment 和 Service
建立 Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: client
labels:
app: client
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: your_docker_hub/client:latest
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 80部署 Deployment
kubectl apply -f client-deployment.yaml
建立 Service
apiVersion: v1
kind: Service
metadata:
name: client
labels:
app: client
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: client
selector:
app: client部署 Service
kubectl apply -f client-service.yaml
建立 Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
spec:
tls:
- tls:
secretName: my-ssl
rules:
- host: your_web.com
http:
paths:
- path: /
backend:
serviceName: client
servicePort: 80
- host: your_api.com
http:
paths:
- path: /
backend:
serviceName: server
servicePort: 80
- host: your_web.com
http:
paths:
- path: /*
backend:
serviceName: client
servicePort: 80
- host: your_api.com
http:
paths:
- path: /*
backend:
serviceName: server
servicePort: 80部署 Ingress
kubectl apply -f ingress.yaml
https://gist.github.com/tpps88206/b41351874aa3bb6e6eb184821de3aebd
