728x90
반응형
1. 폴더 생성
mkdir -p /home/msa/k8s/envirionments/rabbitmq
cd /home/msa/k8s/envirionments/rabbitmq
1) deployment 생성
vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rabbitmq-deployment
labels:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-deployment
spec:
replicas: 1
selector:
matchLabels:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-pod
template:
metadata:
labels:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-pod
spec:
containers:
- name: rabbitmq
image: rabbitmq:management
ports:
- containerPort: 5672
name: http-5672
- containerPort: 15672
name: http-15672
env:
- name: TZ
valueFrom:
configMapKeyRef:
name: common-configmap
key: TZ
startupProbe:
httpGet:
path: /
port: 15672
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
failureThreshold: 36
readinessProbe:
httpGet:
path: /
port: 15672
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 32. servie 생성
vi service.yaml
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
labels:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-service
spec:
type: NodePort
# type: ClusterIP
selector:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-pod
ports:
- name: http-5672
protocol: TCP
port: 5672
targetPort: 5672
nodePort: 30003
- name: http-15672
protocol: TCP
port: 15672
targetPort: 15672
nodePort: 300043. 인증서 생성
openssl genrsa -out rabbitmq.co.kr.key 4096
vi v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=invako.kro.kr
DNS.2=nginx.co.kr
DNS.3=zipkin.co.kr
DNS.4=argocd.co.kr
DNS.5=rabbitmq.co.kr /* CN은 도메인이나 아이피 입력 */
openssl req -sha512 -new \
-subj "/C=CN/ST=South/L=Osong/O=invako/OU=Personal/CN=rabbitmq.co.kr" \
-key rabbitmq.co.kr.key \
-out rabbitmq.co.kr.csropenssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in rabbitmq.co.kr.csr \
-out rabbitmq.co.kr.crt
4. 쿠버네티스 시크릿생성
kubectl create secret tls tlssecret-rabbitmq --key rabbitmq.co.kr.key --cert rabbitmq.co.kr.crt
5. ingress 생성
mkdir ingress
cd ingress
vi ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rabbitmq-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
labels:
env: production
tier: backend
app: rabbitmq
name: rabbitmq-ingress
spec:
tls:
- hosts:
- rabbitmq.co.kr
secretName: tlssecret-rabbitmq
ingressClassName: nginx
rules:
- host: rabbitmq.co.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rabbitmq
port:
number: 15672
6. rabbitmq 생성
kubectl create -f deployment.yaml
kubectl create -f service.yaml
kubectl create -f ingress.yaml
7. 기동 확인
root@master:/home/msa/k8s/envirionments/rabbitmq/ingress# kubectl describe ingress rabbitmq-ingress
Name: rabbitmq-ingress
Labels: app=rabbitmq
env=production
name=rabbitmq-ingress
tier=backend
Namespace: ingress-nginx
Address: 10.110.66.239
Ingress Class: nginx
Default backend: <default>
TLS:
tlssecret-rabbitmq terminates rabbitmq.co.kr
Rules:
Host Path Backends
---- ---- --------
rabbitmq.co.kr
/ rabbitmq:15672 (10.1.104.44:15672)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 7s (x2 over 55s) nginx-ingress-controller Scheduled for sync8 브라우저 접속
https://rabbitmq.co.kr:30200
id/pw : guest/guest
728x90
반응형
'시스템 > 쿠버네티스' 카테고리의 다른 글
| [쿠버네티스] Argocd TLS/SSL 적용 (0) | 2024.01.24 |
|---|---|
| [쿠버네티스] nginx TLS(SSL) 접속 & vhost & proxy 설정 젠킨스 ssl 적용 (0) | 2024.01.23 |
| [쿠버네티스] Ingress TLL/SSL 설정 (0) | 2024.01.23 |
| [쿠버네티스] GitLab-ArgoCd CD 구축 (0) | 2024.01.16 |
| [쿠버네티스] 쿠버네티스 배포하기 위한 manifest 파일생성 & 깃랩전송 오류시 credential 설정 (0) | 2024.01.16 |
댓글