https๋ awx-operator๋ก ์ด๋ป๊ฒ ๊ตฌ์ฑ๋ฉ๋๊น?
OCP์ ์๋ ๊ฒฝ์ฐ ๊ฒฝ๋ก๋ https ๋ฐ ssl ์ข ๋ฃ๋ฅผ ์ฒ๋ฆฌํฉ๋๋ค. ์ธ๊ทธ๋ ์ค ์ปจํธ๋กค๋ฌ ์ธก์์๋ ๋ด๊ฐ ์๊ฐํ๋ ๋ค๋ฅธ ๋ฐฉ์์ผ๋ก ์ด๋ฅผ ํ์ ํด์ผ ํฉ๋๋ค.
k8s์ ์ธ๊ทธ๋ ์ค์ TLS๋ฅผ ์ค์ ํ๋ ค๋ ๊ฒฝ์ฐ ์ฌ๊ธฐ์ ๋จ๊ฒจ ๋ก๋๋ค.
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
namespace: ansible-awx
spec:
deployment_type: awx
tower_admin_user: test
tower_admin_email: [email protected]
tower_admin_password: changeme
tower_broadcast_websocket_secret: changeme
tower_ingress_type: none
ExternalName
์๋น์ค๋ฅผ ์์ฑํ์ฌ ๋ค์์คํ์ด์ค ๊ฐ ์์ฒญ์ ํ๋ก์ํฉ๋๋ค(์ธ๋ถ ์ด๋ฆ์ awx ์๋น์ค์ FQDN์).kind: Service
apiVersion: v1
metadata:
name: awx-service-proxy
spec:
type: ExternalName
externalName: awx-service.ansible-awx.svc.cluster.local
ports:
- port: 80
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: awx-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
- awx.mydomain.com
secretName: ingress-tls
rules:
- host: awx.mydomain.com
http:
paths:
- backend:
serviceName: awx-service-proxy
servicePort: 80
path: /
pathType: ImplementationSpecific
k8s์ ์ธ๊ทธ๋ ์ค์ TLS๋ฅผ ์ค์ ํ๋ ค๋ ๊ฒฝ์ฐ ์ฌ๊ธฐ์ ๋จ๊ฒจ ๋ก๋๋ค.
- ๋จผ์ awx ๋ฆฌ์์ค์์ ์์ ์ ํ์ด ์์์ผ๋ก ์ค์ ๋์ด ์๋์ง ํ์ธํด์ผ ํฉ๋๋ค.
apiVersion: awx.ansible.com/v1beta1 kind: AWX metadata: name: awx namespace: ansible-awx spec: deployment_type: awx tower_admin_user: test tower_admin_email: [email protected] tower_admin_password: changeme tower_broadcast_websocket_secret: changeme tower_ingress_type: none
- (์ ํ ์ฌํญ) tls ์ธ์ฆ์ ์ํธ๊ฐ ๋ค๋ฅธ ๋ค์์คํ์ด์ค์ ์๋ ๊ฒฝ์ฐ
ExternalName
์๋น์ค๋ฅผ ์์ฑํ์ฌ ๋ค์์คํ์ด์ค ๊ฐ ์์ฒญ์ ํ๋ก์ํฉ๋๋ค(์ธ๋ถ ์ด๋ฆ์ awx ์๋น์ค์ FQDN์).kind: Service apiVersion: v1 metadata: name: awx-service-proxy spec: type: ExternalName externalName: awx-service.ansible-awx.svc.cluster.local ports: - port: 80
- ํ๋ก์ ์๋น์ค(๋๋ awx ์๋น์ค)๋ฅผ ๊ฐ๋ฆฌํค๋ ์์ ๋ฆฌ์์ค๋ฅผ ์์ฑํฉ๋๋ค.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: awx-ingress annotations: kubernetes.io/ingress.class: nginx spec: tls: - hosts: - awx.mydomain.com secretName: ingress-tls rules: - host: awx.mydomain.com http: paths: - backend: serviceName: awx-service-proxy servicePort: 80 path: / pathType: ImplementationSpecific
์ ๋ง ๊ณ ๋ง์. ์ธ์ฆ์๋ฅผ ์ด๋ป๊ฒ ์ถ๊ฐํฉ๋๊น?
@nicolaibaralmueller https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
k8s์ ์ธ๊ทธ๋ ์ค์ TLS๋ฅผ ์ค์ ํ๋ ค๋ ๊ฒฝ์ฐ ์ฌ๊ธฐ์ ๋จ๊ฒจ ๋ก๋๋ค.
ExternalName
์๋น์ค๋ฅผ ์์ฑํ์ฌ ๋ค์์คํ์ด์ค ๊ฐ ์์ฒญ์ ํ๋ก์ํฉ๋๋ค(์ธ๋ถ ์ด๋ฆ์ awx ์๋น์ค์ FQDN์).