Kubernetes Nginx Ingress 적용

1) git 저장소 복제

 # git clone https://github.com/nginxinc/kubernetes-ingress.git

2) Dockerfile

 # cd kubernetes-ingress
# build
# cp Dockerfile Dockerfile.bak
# vi Dockerfile

3) debian 배포 부분 수정

nginx.sh 실행부분에 Manager IP, 인증정보를 치환하여 입력하시기 바랍니다.

############################################# Base image for Debian #############################################
FROM nginx:1.27.2@sha256:d2eb56950b84efe34f966a2b92efb1a1a2ea53e7e93b94cdf45a27cf3cd47fc0 AS debian

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
        apt-get update \
        && apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
        && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
        && cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
        && ldconfig
#deepfinder
RUN apt-get install --no-install-recommends --no-install-suggests -y  wget gcc make libpcre3-dev libssl-dev zlib1g-dev libmagic1 procps net-tools\
        && wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz \
        && tar xzf DeepFinder.tar.gz \
        && cd DeepFinder \
        && ./nginx.sh 3.34.149.76 ca4ed79e74635ec1de350456eb485a1e7f3e9b2939f34b42a2138f5babb9a9de ssl /usr/local/deepfinder /usr/sbin/nginx
RUN sed -i '/^events {/i load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;' /etc/nginx/nginx.conf
RUN chown 101:0 -R /usr/local/deepfinder/
RUN chmod 0755 -R /usr/local/deepfinder/bin

4) Entrypoint 수정

 ######################### Create common files, permissions and setcap #########################
FROM ${BUILD_OS} AS common

ARG BUILD_OS
ARG IC_VERSION
ARG TARGETPLATFORM
ARG NAP_MODULES=none

ENV BUILD_OS=${BUILD_OS}

RUN --mount=type=bind,target=/code \
        --mount=type=bind,from=nginx-files,src=common.sh,target=/usr/local/bin/common.sh \
        --mount=type=bind,from=nginx-files,src=patch-os.sh,target=/usr/local/bin/patch-os.sh \
        patch-os.sh \
        && common.sh

EXPOSE 80 443

STOPSIGNAL SIGTERM
#ENTRYPOINT ["/nginx-ingress"]

COPY build/start.sh /start.sh
RUN chmod +x /start.sh
ENTRYPOINT ["/start.sh"]
# 101 is nginx
USER 101

LABEL org.opencontainers.image.version="${IC_VERSION}" \
        org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller \
        org.opencontainers.image.vendor="NGINX Inc " \
        org.nginx.kic.image.build.target="${TARGETPLATFORM}" \
        org.nginx.kic.image.build.os="${BUILD_OS}" \
        org.nginx.kic.image.build.nginx.version="${NGINX_VERSION}"

5) build 디렉토리에 start.sh 파일추가

 #!/bin/bash
# DeepFinder starter 실행
/usr/local/deepfinder/bin/starter

# nginx-ingress 실행
/nginx-ingress

# 모든 프로세스가 종료될 때까지 대기
wait

6) config 수정

Build config 설정 가이드

# cd kubernetes-ingress
# vi internal/configs/version1/nginx.tmpl
{{- /*gotype: github.com/nginxinc/kubernetes-ingress/internal/configs/version1.MainConfig*/ - }}
worker_processes  {{.WorkerProcesses}};
{{- if .WorkerRlimitNofile}}
worker_rlimit_nofile {{.WorkerRlimitNofile}};
{{- if .WorkerCPUAffinity}}
worker_cpu_affinity {{.WorkerCPUAffinity}};
{{- if .WorkerShutdownTimeout}}
worker_shutdown_timeout {{.WorkerShutdownTimeout}};
daemon off;

error_log  stderr {{.ErrorLogLevel}};
pid        /var/lib/nginx/nginx.pid;

{{- if .OpenTracingLoadModule}}
load_module modules/ngx_http_opentracing_module.so;
{{- end}}

{{- if .MainSnippets}}
{{range $value := .MainSnippets}}
{{$value}}{{end}}
{{- end}}

load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
load_module modules/ngx_http_js_module.so;

events {
    worker_connections  {{.WorkerConnections}};
}

nginx Configmap 설정 가이드 예시

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: my-ns
  name: my-nginx-conf
data:
  nginx-conf: |
    user  nginx;
    worker_processes  2;

    err_log    /var/log/nginx/err.log warn;
    pid         /var/run/nginx.pid;

    # DeepFinder Module 삽입
    load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so; 

    events {
        worker_connections  1024;
    }

    http {
        include         /etc/nginx/mime.types;
        default_type  application/octet-stream;
        ....
        include        /etc/nginx/conf.d/*.conf;
   }

7) build

# cd kubernetes-ingress
# make debian-image PREFIX=nginx-ingress TAG=deepfinder

8) nginx ingress 이미지 교체 재배포

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
    spec:
      containers:
      - name: nginx-ingress
        image: nginx-ingress:deepfinder
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80