{"id":7193,"date":"2022-12-08T19:51:09","date_gmt":"2022-12-08T10:51:09","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7193"},"modified":"2022-12-25T16:57:04","modified_gmt":"2022-12-25T07:57:04","slug":"kubernetes-%ec%84%9c%eb%b9%84%ec%8a%a4-%eb%8f%84%eb%a9%94%ec%9d%b8%ec%97%90-https-%ec%a0%81%ec%9a%a9%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7193","title":{"rendered":"Kubernetes \u2013 \uc11c\ube44\uc2a4 \ub3c4\uba54\uc778(svc.cluster.local) \uc5d0 https \uc801\uc6a9\ud558\uae30"},"content":{"rendered":"

Kubernetes \u2013 \uc11c\ube44\uc2a4 \ub3c4\uba54\uc778(svc.cluster.local) \uc5d0 https \uc801\uc6a9\ud558\uae30<\/h1>\n

\uc11c\ube44\uc2a4 DNS \uc5d0 \uc0ac\uc124 \uc778\uc99d\uc11c\ub97c \ubd99\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<\/p>\n

rootCA \uc778\uc99d\uc11c \uc0dd\uc131<\/h2>\n

\ucc38\uc870<\/a><\/p>\n

\uc704 \ub9c1\ud06c\ub97c \ucc38\uc870\ud558\uc5ec rootCA \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n

\ub2e8 Common Name<\/code> \uc740 svc.cluster.local<\/code> \ub85c \uc9c0\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n

Common Name (e.g. server FQDN or YOUR name) []:svc.cluster.local<\/code><\/pre>\n
rootCA \ub4f1\ub85d<\/h2>\n
\ud544\uc694\ud55c namespace \ubaa8\ub450\uc5d0 \uac01\uac01 \ub4f1\ub85d\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n
# kubectl get configmap -n default\n# kubectl get configmap -n repository\n\n# kubectl delete configmap private-rootca.crt -n default\n# kubectl delete configmap private-rootca.crt -n repository\n\nkubectl create configmap private-rootca.crt --from-file=rootCA.crt -n default\nkubectl create configmap private-rootca.crt --from-file=rootCA.crt -n repository\nkubectl create configmap private-rootca.crt --from-file=rootCA.crt -n argocd<\/code><\/pre>\n
\uc11c\ubc84 \uc778\uc99d\uc11c \uc0dd\uc131<\/h2>\n
\uc11c\ubc84 \uc778\uc99d\uc11c \uc0dd\uc131<\/h3>\n
\uc544\ub798 \ub0b4\uc6a9\uc740 repository \ub124\uc784\uc2a4\ud398\uc774\uc2a4\uc6a9 \uc11c\ubc84\uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
\ub2e8 Common Name<\/code> \uc740 repository.svc.cluster.local<\/code> \ub85c \uc9c0\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
Common Name (e.g. server FQDN or YOUR name) []:repository.svc.cluster.local<\/code><\/pre>\n
openssl ecparam -out repository.key -name prime256v1 -genkey\nopenssl req -new -sha256 -key repository.key -out repository.csr<\/code><\/pre>\n
wildcard \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
vi repository-extention.ext\n---------------------------\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = *.repository.svc.cluster.local\n---------------------------<\/code><\/pre>\n
openssl x509 -req -sha256 -days 999999 -in repository.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out repository.crt -extfile repository-extention.ext<\/code><\/pre>\n
rm -rf repository\/\nmkdir repository\nmv repository.* repository\/<\/code><\/pre>\n
\ub514\ub809\ud1a0\ub9ac\ub97c configmap \uc5d0 \ub4f1\ub85d\ud569\ub2c8\ub2e4.<\/p>\n
# kubectl delete configmap repository-pemstore -n repository\nkubectl create configmap repository-pemstore --from-file=repository\/ -n repository<\/code><\/pre>\n
Deployment \uc0dd\uc131<\/h2>\n
nginx \uc124\uc815\ud30c\uc77c \uc0dd\uc131<\/h3>\n
vi test.repository.conf\n---------------------------\nserver {\n    listen       80;\n    server_name  test.repository;\n\n    location \/ {\n        root   \/usr\/share\/nginx\/html;\n        index  index.html index.htm;\n    }\n\n    error_page   500 502 503 504  \/50x.html;\n    location = \/50x.html {\n        root   \/usr\/share\/nginx\/html;\n    }\n}\n\nserver {\n    listen       443 ssl;\n    server_name  test.repository;\n\n    ssl_certificate \/ssl\/repository.crt;\n    ssl_certificate_key \/ssl\/repository.key;\n\n    location \/ {\n        root   \/usr\/share\/nginx\/html;\n        index  index.html index.htm;\n    }\n\n    error_page   500 502 503 504  \/50x.html;\n    location = \/50x.html {\n        root   \/usr\/share\/nginx\/html;\n    }\n}\n---------------------------<\/code><\/pre>\n
kubectl create configmap test.repository.conf --from-file=test.repository.conf -n repository<\/code><\/pre>\n
Deployment \uc0dd\uc131<\/h3>\n
vi test.repository.yaml\n---------------------------\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: nginx-deployment\n  namespace: repository\n  labels:\n    app: nginx-deployment\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: nginx-test-repository\n  template:\n    metadata:\n      labels:\n        app: nginx-test-repository\n    spec:\n      containers:\n      - name: nginx-test-repository\n        image: nginx:1.14.2\n        volumeMounts:\n        - name: private-rootca-crt\n          mountPath: \/etc\/ssl\/certs\/repository.pem\n          subPath: rootCA.crt\n          readOnly: true\n        - name: repository-pemstore\n          mountPath: \/ssl\/\n          readOnly: true\n        - name: test-repository-conf     # \uc5ec\uae30\n          mountPath: \/etc\/nginx\/conf.d\/default.conf\n          subPath: test.repository.conf\n          readOnly: true\n        ports:\n        - containerPort: 80\n      volumes:\n      - name: private-rootca-crt\n        configMap:\n          name: private-rootca.crt\n      - name: repository-pemstore\n        configMap:\n          name: repository-pemstore\n      - name: test-repository-conf       # \uc5ec\uae30\n        configMap:\n          name: test.repository.conf\n---------------------------<\/code><\/pre>\n
kubectl apply -f test.repository.yaml<\/code><\/pre>\n
kubectl get pods -n repository<\/code><\/pre>\n
Service \uc0dd\uc131<\/h2>\n
vi test-repository-svc.yaml\n---------------------------\napiVersion: v1\nkind: Service\nmetadata:\n  name: test\n  namespace: repository\n  labels:\n    app: nginx-service\nspec:\n  type: ClusterIP    # \uc11c\ube44\uc2a4 \ud0c0\uc785\n  ports:\n  - name: http\n    port: 80         # \uc11c\ube44\uc2a4 \ud3ec\ud2b8\n    targetPort: 80   # \ucee8\ud14c\uc774\ub108 \ud3ec\ud2b8(pod \ud3ec\ud2b8)\n    protocol: TCP\n  - name: https\n    port: 443        # \uc11c\ube44\uc2a4 \ud3ec\ud2b8\n    targetPort: 443  # \ucee8\ud14c\uc774\ub108 \ud3ec\ud2b8(pod \ud3ec\ud2b8)\n    protocol: TCP\n  selector:\n    app: nginx-test-repository\n---------------------------<\/code><\/pre>\n
kubectl apply -f test-repository-svc.yaml<\/code><\/pre>\n
kubectl get svc -n repository\nkubectl describe svc test -n repository<\/code><\/pre>\n
\ud655\uc778\ud558\uae30<\/h2>\n
Worker \ub178\ub4dc\uc5d0\uc11c \ud14c\uc2a4\ud2b8\ud558\uae30 \uc704\ud574\uc11c\ub294 \uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud558\uc5ec \uc778\uc99d\uc11c\ub97c \uc11c\ubc84\uc5d0 \ucd94\uac00\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n
kubectl get svc -n repository\nNAME                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE\ntest                ClusterIP   10.96.241.144   <none>        80\/TCP,443\/TCP   29h<\/code><\/pre>\n
sudo vi \/etc\/hosts\n---------------------------\n10.96.241.144   test.repository.svc.cluster.local\n---------------------------<\/code><\/pre>\n
curl http:\/\/test.repository.svc.cluster.local\/\ncurl https:\/\/test.repository.svc.cluster.local\/<\/code><\/pre>\n
ingress-nginx \uc5d0 https \uc801\uc6a9\ud558\uae30<\/h2>\n
\uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud574\uc11c ingress-nginx \uc5d0 https \ub97c \uc801\uc6a9\ud558\uba74 \uac04\ud3b8\ud558\ub2e4<\/p>\n
Pod \uc5d0 \ub8e8\ud2b8\uc778\uc99d\uc11c \uc801\uc6a9\ud558\uae30<\/h2>\n
\uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud574\uc11c \ub8e8\ud2b8\uc778\uc99d\uc11c\ub97c Pod \uc5d0 \uc801\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/p>\n
Docker \uc774\ubbf8\uc9c0\uc5d0 \ub8e8\ud2b8\uc778\uc99d\uc11c \uc801\uc6a9\ud558\uae30<\/h2>\n
\uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud558\uc5ec \ub8e8\ud2b8\uc778\uc99d\uc11c\ub97c Docker \uc5d0 \uc801\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\ub3c4\ucee4\ub85c \uc0dd\uc131\ud55c \uc774\ubbf8\uc9c0\ub97c docker repository \ub85c push \ud558\ub824\ud560 \ub54c https \ud1b5\uc2e0\uc774 \uc815\uc0c1\uc801\uc73c\ub85c \uc774\ub8e8\uc5b4\uc9c0\ub824\uba74 \ud544\uc694\ud558\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
Kubernetes \u2013 \uc11c\ube44\uc2a4 \ub3c4\uba54\uc778(svc.cluster.local) \uc5d0 https \uc801\uc6a9\ud558\uae30 \uc11c\ube44\uc2a4 DNS \uc5d0 \uc0ac\uc124 \uc778\uc99d\uc11c\ub97c \ubd99\uc5ec\uc90d\ub2c8\ub2e4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-7193","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7193"}],"version-history":[{"count":19,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7193\/revisions"}],"predecessor-version":[{"id":7305,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7193\/revisions\/7305"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}