SO1S-349 ALB / NLB 걷어내기

apps/dev/app-inference.yaml

@@ -20,7 +20,7 @@ spec:
 
   destination:
     server: https://kubernetes.default.svc
-    namespace: backend
+    namespace: istio-system
 
   syncPolicy:
     syncOptions:

apps/dev/app-istio-base.yaml

@@ -23,5 +23,8 @@ spec:
     namespace: istio-system
 
   syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
     syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true

apps/dev/app-istio-gateway.yaml

@@ -22,5 +22,8 @@ spec:
     namespace: istio-system
 
   syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
     syncOptions:
       - CreateNamespace=true

apps/dev/app-istiod.yaml

@@ -23,5 +23,8 @@ spec:
     namespace: istio-system
 
   syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
     syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true

apps/dev/app-logging.yaml

@@ -23,8 +23,8 @@ spec:
     namespace: logging
 
   syncPolicy:
-    automated: 
-      prune: true 
-      selfHeal: true   
+    automated:
+      prune: true
+      selfHeal: true
     syncOptions:
       - CreateNamespace=true

apps/prod/app-inference.yaml

@@ -20,7 +20,7 @@ spec:
 
   destination:
     server: https://kubernetes.default.svc
-    namespace: backend
+    namespace: istio-system
 
   syncPolicy:
     automated:

charts/argocd/argocd-dev-values.yaml

@@ -4,28 +4,20 @@ server:
   logFormat: json
 
   extraArgs: # To avoid internal redirection loops from HTTP to HTTPS
-    - --insecure 
+    - --insecure
   tolerations:
     - key: kind
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
   ingress:
-    enabled: true
-    annotations: 
-      kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/target-type: instance 
-      alb.ingress.kubernetes.io/scheme: internet-facing 
-      external-dns.alpha.kubernetes.io/hostname: argo.so1s.io
-    hosts:
-      - test.argo.so1s.io
+    enabled: false
+    annotations: {}
+    hosts: []
     tls: []
   service:
-    type: LoadBalancer
-    annotations:
-      service.beta.kubernetes.io/aws-load-balancer-type: "external"
-      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
-      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+    type: ClusterIP
+    annotations: {}
 
 controller:
   logFormat: json
@@ -65,7 +57,7 @@ applicationSet:
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
-    
+
 notification:
   tolerations:
     - key: kind
@@ -81,4 +73,3 @@ notifications:
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
-

charts/argocd/argocd-prod-values.yaml

@@ -4,33 +4,30 @@ server:
   logFormat: json
 
   extraArgs: # To avoid internal redirection loops from HTTP to HTTPS
-    - --insecure 
+    - --insecure
   tolerations:
     - key: kind
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
   ingress:
     enabled: true
-    annotations: 
+    annotations:
       kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/target-type: instance 
-      alb.ingress.kubernetes.io/scheme: internet-facing 
+      alb.ingress.kubernetes.io/target-type: instance
+      alb.ingress.kubernetes.io/scheme: internet-facing
       alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
-      alb.ingress.kubernetes.io/healthcheck-port: '443'
+      alb.ingress.kubernetes.io/healthcheck-port: "443"
       alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
-      alb.ingress.kubernetes.io/ssl-redirect: '443'
+      alb.ingress.kubernetes.io/ssl-redirect: "443"
       alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:ap-northeast-2:089143290485:certificate/8f20bc85-876b-47a2-8c9f-27e9f5455ca9"
       external-dns.alpha.kubernetes.io/hostname: argo.so1s.io
     hosts:
       - argo.so1s.io
     tls: []
   service:
-    type: LoadBalancer
-    annotations:
-      service.beta.kubernetes.io/aws-load-balancer-type: "external"
-      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
-      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+    type: ClusterIP
+    annotations: {}
 
 controller:
   logFormat: json
@@ -70,7 +67,7 @@ applicationSet:
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
-    
+
 notification:
   tolerations:
     - key: kind
@@ -86,4 +83,3 @@ notifications:
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
-

charts/backend/dev-values.yaml

@@ -37,13 +37,9 @@ resources:
     cpu: "300m"
 
 ingress:
-  annotations:
-    kubernetes.io/ingress.class: alb #alb를 사용한다는 의미
-    alb.ingress.kubernetes.io/target-type: instance #target이 ec2 인스턴스
-    alb.ingress.kubernetes.io/scheme: internet-facing #외부에 노출
-    external-dns.alpha.kubernetes.io/hostname: test.www.so1s.io
-  hosts: 
-    - test.www.so1s.io
+  annotations: {}
+  hosts:
+    - test-www.so1s.io
   paths:
     - /
   tls: []
@@ -66,26 +62,21 @@ swagger:
       memory: "50Mi"
       cpu: "25m"
 
-
   tolerations:
     - key: kind
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
 
-
   ingress:
-    enabled: true
-    annotations: 
-      kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/scheme: internet-facing
-      external-dns.alpha.kubernetes.io/hostname: test.swagger.so1s.io
-    hosts: 
-      - test.swagger.so1s.io
+    enabled: false
+    annotations: {}
+    hosts:
+      - test-swagger.so1s.io
     paths:
       - /
     tls: []
-  
+
   service:
     port: 80
-    targetPort: 8080
+    targetPort: 8080

charts/backend/prod-values.yaml

@@ -37,17 +37,8 @@ resources:
     cpu: "600m"
 
 ingress:
-  annotations:
-    kubernetes.io/ingress.class: alb #alb를 사용한다는 의미
-    alb.ingress.kubernetes.io/target-type: instance #target이 ec2 인스턴스
-    alb.ingress.kubernetes.io/scheme: internet-facing #외부에 노출
-    alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
-    alb.ingress.kubernetes.io/healthcheck-port: '443'
-    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
-    alb.ingress.kubernetes.io/ssl-redirect: '443'
-    alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:ap-northeast-2:089143290485:certificate/8f20bc85-876b-47a2-8c9f-27e9f5455ca9"
-    external-dns.alpha.kubernetes.io/hostname: www.so1s.io
-  hosts: 
+  annotations: {}
+  hosts:
     - www.so1s.io
   paths:
     - /
@@ -66,20 +57,12 @@ swagger:
       operator: "Equal"
       value: "api"
       effect: "NoSchedule"
-  
+
   ingress:
-    enabled: true
-    annotations: 
-      kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/scheme: internet-facing
-      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
-      alb.ingress.kubernetes.io/healthcheck-port: '443'
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
-      alb.ingress.kubernetes.io/ssl-redirect: '443'
-      alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:ap-northeast-2:089143290485:certificate/8f20bc85-876b-47a2-8c9f-27e9f5455ca9"
-      external-dns.alpha.kubernetes.io/hostname: swagger.so1s.io
-    hosts: 
+    enabled: false
+    annotations: {}
+    hosts:
       - swagger.so1s.io
     paths:
       - /
-    tls: []
+    tls: []

charts/backend/templates/gateway.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: {{ include "backend.fullname" . }}
+spec:
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+      {{ toYaml .Values.ingress.hosts | indent 4 }}

charts/backend/templates/swagger/gateway.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: {{ include "backend.fullname" . }}-swagger
+spec:
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+      {{ toYaml .Values.swagger.ingress.hosts | indent 4 }}

charts/backend/templates/swagger/virtualservice.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ include "backend.fullname" . }}-swagger
+spec:
+  hosts:
+    {{ toYaml .Values.swagger.ingress.hosts | indent 4 }}
+  gateways:
+  - {{ include "backend.fullname" . }}-swagger
+  http:
+  - match:
+    - uri:
+        prefix: /
+    route:
+    - destination:
+        port:
+          number: 80
+        host: {{ include "backend.fullname" . }}-swagger

charts/backend/templates/virtualservice.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ include "backend.fullname" . }}
+spec:
+  hosts:
+    {{ toYaml .Values.ingress.hosts | indent 4 }}
+  gateways:
+  - {{ include "backend.fullname" . }}
+  http:
+  - match:
+    - uri:
+        prefix: /
+    route:
+    - destination:
+        port:
+          number: 80
+        host: {{ include "backend.fullname" . }}

charts/backend/values.yaml

@@ -1,4 +1,3 @@
-
 vender: "AWS" # AWS | on-premise
 
 environment: "develop" # develop | production
@@ -25,10 +24,12 @@ serviceAccount:
   annotations: {}
   name: ""
 
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -37,7 +38,7 @@ securityContext: {}
   # runAsUser: 1000
 
 ingress:
-  enabled: true
+  enabled: false
   annotations: {}
   labels: {}
   hosts: []
@@ -47,7 +48,7 @@ ingress:
   servicePort: 80
 
 service:
-  type: LoadBalancer
+  type: ClusterIP
   port: 80
   targetPort: 8080
 
@@ -82,9 +83,9 @@ swagger:
 
   resources: {}
   tolerations: []
-  
+
   ingress:
-    enabled: true
+    enabled: false
     annotations: {}
     labels: {}
     hosts: []
@@ -99,4 +100,4 @@ swagger:
 
 pullSecret:
   enabled: false
-  dockerConfigJson: ""
+  dockerConfigJson: ""