Written by php-style
on 2021-10-08

Helm Chart를 이용하여 nginx 설치하기

실습 환경은 Cloud9에서 진행하며, Helm 설치는 간단히 설명한다.

Helm 설치

아래 명령어를 통해 Helm CLI를 설치한다.

$ curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash Downloading https://get.helm.sh/helm-v3.7.0-linux-amd64.tar.gz Verifying checksum... Done. Preparing to install helm into /usr/local/bin helm installed into /usr/local/bin/helm

helm version을 입력하면 설치된 버전 이외에 WARNING 문구가 표시된다.

오류를 보면 .kube/config 파일이 insecure하기 때문에 표시되는 오류인 것 같다.

mzmz01:~/environment $ helm version WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/ec2-user/.kube/config WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/ec2-user/.kube/config version.BuildInfo{Version:"v3.7.0", GitCommit:"eeac83883cb4014fe60267ec6373570374ce770b", GitTreeState:"clean", GoVersion:"go1.16.8"}

.kube/config 파일의 권한을 보면 group, other에 각각 read 권한이 부여되어 있다.

user를 제외하고 read 권한을 제거해주자.

$ ls -al -rw-rw-r-- 1 ec2-user ec2-user 4377 Oct 7 09:19 config

$ sudo chmod g-r config $ sudo chmod o-r config

다시 helm version을 확인해보자.

$ helm version version.BuildInfo{Version:"v3.7.0", GitCommit:"eeac83883cb4014fe60267ec6373570374ce770b", GitTreeState:"clean", GoVersion:"go1.16.8"}

Helm Chart 저장소 등록

helm chart repository를 추가해준다.

mzmz01:~/environment $ helm repo add stable https://charts.helm.sh/stable "stable" has been added to your repositories mzmz01:~/environment $ helm search repo stable NAME CHART VERSION APP VERSION DESCRIPTION stable/acs-engine-autoscaler 2.2.2 2.1.1 DEPRECATED Scales worker nodes within agent pools stable/aerospike 0.3.5 v4.5.0.5 DEPRECATED A Helm chart for Aerospike in Kubern... stable/airflow 7.13.3 1.10.12 DEPRECATED - please use: https://github.com/air... stable/ambassador 5.3.2 0.86.1 DEPRECATED A Helm chart for Datawire Ambassador stable/anchore-engine 1.7.0 0.7.3 Anchore container analysis and policy evaluatio... stable/apm-server 2.1.7 7.0.0 DEPRECATED The server receives data from the El...

Helm Chart를 업데이트 해준다.

mzmz01:~/environment $ helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "stable" chart repository Update Complete. ⎈Happy Helming!⎈

이번 실습에선 nginx 서버를 설치해야 하므로 nginx와 관련된 repository를 검색한다.

mzmz01:~/environment $ helm search repo nginx NAME CHART VERSION APP VERSION DESCRIPTION stable/nginx-ingress 1.41.3 v0.34.1 DEPRECATED! An nginx Ingress controller that us... stable/nginx-ldapauth-proxy 0.1.6 1.13.5 DEPRECATED - nginx proxy with ldapauth stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego stable/gcloud-endpoints 0.1.2 1 DEPRECATED Develop, deploy, protect and monitor...

bitnami repository도 추가해준다.

Bitnami NginX는 통합된 php, mysql, nginx 개발환경을 제공한다.

mzmz01:~/environment $ helm repo add bitnami https://charts.bitnami.com/bitnami "bitnami" has been added to your repositories

다시 nginx repo를 검색하면 위 검색 결과에 추가된 내용을 확인할 수 있다.

mzmz01:~/environment $ helm search repo nginx NAME CHART VERSION APP VERSION DESCRIPTION bitnami/nginx 9.5.6 1.21.3 Chart for the nginx server bitnami/nginx-ingress-controller 7.6.21 0.48.1 Chart for the nginx Ingress controller stable/nginx-ingress 1.41.3 v0.34.1 DEPRECATED! An nginx Ingress controller that us... stable/nginx-ldapauth-proxy 0.1.6 1.13.5 DEPRECATED - nginx proxy with ldapauth stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego bitnami/kong 4.1.4 2.6.0 Kong is a scalable, open source API layer (aka ... stable/gcloud-endpoints 0.1.2 1 DEPRECATED Develop, deploy, protect and monitor...

bitnami/nginx repository를 통해 서버를 설치한다.

mzmz01:~/environment $ helm install nginx bitnami/nginx NAME: nginx LAST DEPLOYED: Thu Oct 7 17:28:43 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: ** Please be patient while the chart is being deployed ** NGINX can be accessed through the following DNS name from within your cluster: nginx.default.svc.cluster.local (port 80) To access NGINX from outside the cluster, follow the steps below: 1. Get the NGINX URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. Watch the status with: 'kubectl get svc --namespace default -w nginx' export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services nginx) export SERVICE_IP=$(kubectl get svc --namespace default nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo "http://${SERVICE_IP}:${SERVICE_PORT}"

Service, Pod, Deployment를 각각 확인한다.

mzmz01:~/environment $ kubectl get svc,po,deploy NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 172.20.0.1 443/TCP 30h service/nginx LoadBalancer 172.20.212.35 a53938eb41b2041e69361d34125ea204-1918174223.us-west-2.elb.amazonaws.com 80:30357/TCP 87s NAME READY STATUS RESTARTS AGE pod/nginx-854656fbf9-b5lwx 1/1 Running 0 87s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/nginx 1/1 1 1 87s

nginx 서비스의 상세 정보를 확인한다.

mzmz01:~/environment $ kubectl get svc nginx -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR nginx LoadBalancer 172.20.212.35 a53938eb41b2041e69361d34125ea204-1918174223.us-west-2.elb.amazonaws.com 80:30357/TCP 2m31s app.kubernetes.io/instance=nginx,app.kubernetes.io/name=nginx

service의 EXTERNAL-IP로 접속하면 정상적으로 nginx 서버가 구축된 것을 확인할 수 있다.

혹은 URL의 공인 IP 주소를 확인하여 접속해본다.

mzmz01:~/environment $ dig +short a53938eb41b2041e69361d34125ea204-1918174223.us-west-2.elb.amazonaws.com 35.83.239.60 34.223.130.199 52.38.169.195

from http://public-cloud.tistory.com/74 by ccl(A) rewrite - 2021-10-08 03:01:06

Top