{"id":290071,"date":"2018-09-28T19:40:03","date_gmt":"2018-09-28T15:40:03","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=290071"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=290071","title":{"rendered":"\u041a\u0430\u043a \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Ruby on Rails \u0441 HAProxy Ingress, unicorn\/puma \u0438 \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442\u0430\u043c\u0438"},"content":{"rendered":"\n<div class=\"post__text post__text-html js-mediator-article\">\n<p>\u041f\u043e\u0441\u043b\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0442\u0435\u0441\u0442\u043e\u0432 \u043c\u044b \u043d\u0430\u043a\u043e\u043d\u0435\u0446 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u043b\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Ruby on Rails \u0432 \u043f\u0440\u043e\u0434\u0430\u043a\u0448\u0435\u043d \u0441 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u043e\u043c Kubernetes.<\/p>\n<p>  <\/p>\n<p><em>\u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u044f \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443, \u043a\u0430\u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Ruby on Rails \u0432 Kubernetes \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c HAProxy Ingress.<\/em><\/p>\n<p>  <\/p>\n<p><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/getpro\/habr\/post_images\/3fa\/08e\/fa4\/3fa08efa4b7f76def073d9be03e73b62.jpg\" alt=\"image\"><\/p>\n<p><a name=\"habracut\"><\/a>  <\/p>\n<p>\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0432\u044b \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0435 \u0441\u0435\u0431\u0435, \u0447\u0442\u043e \u0442\u0430\u043a\u043e\u0435 <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/pods\/pod\/\">\u043f\u043e\u0434\u044b<\/a>, <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/controllers\/deployment\/\">\u0434\u0435\u043f\u043b\u043e\u0438<\/a>, <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/service\/\">\u0441\u0435\u0440\u0432\u0438\u0441\u044b<\/a>, <a href=\"https:\/\/kubernetes.io\/docs\/tasks\/configure-pod-container\/configure-pod-configmap\/\">\u043a\u0430\u0440\u0442\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438<\/a> \u0438 <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/ingress\/\">Ingress<\/a> \u0432 <a href=\"https:\/\/kubernetes.io\">Kubernetes<\/a><\/p>\n<p>  <\/p>\n<p>\u041e\u0431\u044b\u0447\u043d\u043e \u0432 Rails-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0435\u0441\u0442\u044c \u0442\u0430\u043a\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u043a\u0430\u043a unicorn\/puma, sidekiq\/delayed-job\/resque, \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442\u044b \u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 API \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432. \u0423 \u043d\u0430\u0441 \u0431\u044b\u043b \u043e\u0434\u0438\u043d \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043d\u0430\u0440\u0443\u0436\u0443 \u0447\u0435\u0440\u0435\u0437 \u0431\u0430\u043b\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0449\u0438\u043a, \u0438 \u0432\u0441\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e. \u041d\u043e \u0442\u0440\u0430\u0444\u0438\u043a \u0440\u043e\u0441, \u0438 \u043d\u0443\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u043f\u043e URL \u0438\u043b\u0438 Path.<\/p>\n<p>  <\/p>\n<p>\u0412 Kubernetes \u043d\u0435\u0442 \u0433\u043e\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u0430\u043b\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0442\u0430\u043a\u043e\u0433\u043e \u0442\u0438\u043f\u0430. \u041f\u043e\u0434 \u043d\u0435\u0435 \u0443\u0436\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f <a href=\"https:\/\/github.com\/kubernetes-sigs\/aws-alb-ingress-controller\">alb-ingress-controller<\/a>, \u043d\u043e \u043e\u043d \u043f\u043e\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0434\u0438\u0438 \u0430\u043b\u044c\u0444\u044b \u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0430\u043a\u0448\u0435\u043d\u0430 \u043d\u0435 \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442.<\/p>\n<p>  <\/p>\n<p>\u0414\u043b\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path \u043b\u0443\u0447\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/ingress\/#ingress-controllers\">Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440<\/a>.<\/p>\n<p>  <\/p>\n<p>\u041c\u044b \u0438\u0437\u0443\u0447\u0438\u043b\u0438 \u0432\u043e\u043f\u0440\u043e\u0441 \u0438 \u0443\u0437\u043d\u0430\u043b\u0438, \u0447\u0442\u043e \u0432 k8s \u0435\u0441\u0442\u044c \u0440\u0430\u0437\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0434\u043b\u044f Ingress.<\/p>\n<p>  <\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/kubernetes\/ingress-nginx\">nginx-ingress<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/kubernetes\/ingress-gce\">ingress-gce<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/jcmoraisjr\/haproxy-ingress\">HAProxy-ingress<\/a><\/li>\n<li><a href=\"https:\/\/docs.traefik.io\/configuration\/backends\/kubernetes\/\">traefik<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/appscode\/voyager\">voyager<\/a><\/li>\n<\/ul>\n<p>  <\/p>\n<p>\u041c\u044b \u043f\u043e\u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441 nginx-ingress \u0438 HAProxy \u0438 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u043d\u0430 HAProxy \u2014 \u043e\u043d \u043b\u0443\u0447\u0448\u0435 \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u0434\u043b\u044f \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442\u043e\u0432 Rails, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0435.<\/p>\n<p>  <\/p>\n<p>\u042f \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443 \u043f\u043e\u0448\u0430\u0433\u043e\u0432\u043e, \u043a\u0430\u043a \u043f\u0440\u0438\u043a\u0440\u0443\u0442\u0438\u0442\u044c HAProxy Ingress \u043a Rails-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e. <\/p>\n<p>  <\/p>\n<h3 id=\"nastroyka-rails-prilozheniya-s-kontrollerom-haproxy-ingress\">\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Rails-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c HAProxy Ingress<\/h3>\n<p>  <\/p>\n<p>\u0412\u043e\u0442 \u0447\u0442\u043e \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u0434\u0435\u043b\u0430\u0442\u044c:<\/p>\n<p>  <\/p>\n<ul>\n<li>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c Rails-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0441 \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438 \u0438 \u0434\u0435\u043f\u043b\u043e\u044f\u043c\u0438.<\/li>\n<li>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0441\u0435\u043a\u0440\u0435\u0442 TLS \u0434\u043b\u044f SSL.<\/li>\n<li>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u043a\u0430\u0440\u0442\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 HAProxy Ingress.<\/li>\n<li>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 HAProxy Ingress.<\/li>\n<li>\u041e\u0442\u043a\u0440\u043e\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a Ingress \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0440\u0432\u0438\u0441 \u0442\u0438\u043f\u0430 LoadBalancer.<\/li>\n<li>\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u043c DNS \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 Ingress.<\/li>\n<li>\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0440\u0430\u0437\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 Ingress \u0434\u043b\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path.<\/li>\n<li>\u041f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u0443\u0435\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path.<\/li>\n<\/ul>\n<p>  <\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f Rails-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u2014 \u0432\u0435\u0431 (unicorn), \u0444\u043e\u043d\u043e\u0432\u044b\u0435 \u0437\u0430\u0434\u0430\u0447\u0438 (sidekiq), \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442 (ruby thin), API (\u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 unicorn).<\/p>\n<p>  <\/p>\n<p>\u0412\u043e\u0442 \u043d\u0430\u0448 \u0434\u0435\u043f\u043b\u043e\u0439 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0448\u0430\u0431\u043b\u043e\u043d \u0441\u0435\u0440\u0432\u0438\u0441\u0430.<\/p>\n<p>  <\/p>\n<pre><code>--- apiVersion: v1 kind: Deployment metadata:   name: test-production-web   labels:     app: test-production-web   namespace: test spec:   template:     metadata:       labels:         app: test-production-web     spec:       containers:       - image: &lt;your-repo&gt;\/&lt;your-image-name&gt;:latest         name: test-production         imagePullPolicy: Always        env:         - name: POSTGRES_HOST           value: test-production-postgres         - name: REDIS_HOST           value: test-production-redis         - name: APP_ENV           value: production         - name: APP_TYPE           value: web         - name: CLIENT           value: test         ports:         - containerPort: 80       imagePullSecrets:         - name: registrykey --- apiVersion: v1 kind: Service metadata:   name: test-production-web   labels:     app: test-production-web   namespace: test spec:   ports:   - port: 80     protocol: TCP     targetPort: 80   selector:     app: test-production-web<\/code><\/pre>\n<p>  <\/p>\n<p>\u0412\u043e\u0442 \u0434\u0435\u043f\u043b\u043e\u0439 \u0444\u043e\u043d\u043e\u0432\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0448\u0430\u0431\u043b\u043e\u043d \u0441\u0435\u0440\u0432\u0438\u0441\u0430.<\/p>\n<p>  <\/p>\n<pre><code>--- apiVersion: v1 kind: Deployment metadata:   name: test-production-background   labels:     app: test-production-background   namespace: test spec:   template:     metadata:       labels:         app: test-production-background     spec:       containers:       - image: &lt;your-repo&gt;\/&lt;your-image-name&gt;:latest         name: test-production         imagePullPolicy: Always        env:         - name: POSTGRES_HOST           value: test-production-postgres         - name: REDIS_HOST           value: test-production-redis         - name: APP_ENV           value: production         - name: APP_TYPE           value: background         - name: CLIENT           value: test         ports:         - containerPort: 80       imagePullSecrets:         - name: registrykey --- apiVersion: v1 kind: Service metadata:   name: test-production-background   labels:     app: test-production-background   namespace: test spec:   ports:   - port: 80     protocol: TCP     targetPort: 80   selector:     app: test-production-background<\/code><\/pre>\n<p>  <\/p>\n<p>\u0412\u043e\u0442 \u0434\u0435\u043f\u043b\u043e\u0439 \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0448\u0430\u0431\u043b\u043e\u043d \u0441\u0435\u0440\u0432\u0438\u0441\u0430.<\/p>\n<p>  <\/p>\n<pre><code>--- apiVersion: v1 kind: Deployment metadata:   name: test-production-websocket   labels:     app: test-production-websocket   namespace: test spec:   template:     metadata:       labels:         app: test-production-websocket     spec:       containers:       - image: &lt;your-repo&gt;\/&lt;your-image-name&gt;:latest         name: test-production         imagePullPolicy: Always        env:         - name: POSTGRES_HOST           value: test-production-postgres         - name: REDIS_HOST           value: test-production-redis         - name: APP_ENV           value: production         - name: APP_TYPE           value: websocket         - name: CLIENT           value: test         ports:         - containerPort: 80       imagePullSecrets:         - name: registrykey --- apiVersion: v1 kind: Service metadata:   name: test-production-websocket   labels:     app: test-production-websocket   namespace: test spec:   ports:   - port: 80     protocol: TCP     targetPort: 80   selector:     app: test-production-websocket<\/code><\/pre>\n<p>  <\/p>\n<p>\u0412\u043e\u0442 \u0434\u0435\u043f\u043b\u043e\u0439 API \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0435.<\/p>\n<p>  <\/p>\n<pre><code>--- `apiVersion: v1 kind: Deployment metadata:   name: test-production-api   labels:     app: test-production-api   namespace: test spec:   template:     metadata:       labels:         app: test-production-api     spec:       containers:       - image: &lt;your-repo&gt;\/&lt;your-image-name&gt;:latest         name: test-production         imagePullPolicy: Always        env:         - name: POSTGRES_HOST           value: test-production-postgres         - name: REDIS_HOST           value: test-production-redis         - name: APP_ENV           value: production         - name: APP_TYPE           value: api         - name: CLIENT           value: test         ports:         - containerPort: 80       imagePullSecrets:         - name: registrykey --- apiVersion: v1 kind: Service metadata:   name: test-production-api   labels:     app: test-production-api   namespace: test spec:   ports:   - port: 80     protocol: TCP     targetPort: 80   selector:     app: test-production-api<\/code><\/pre>\n<p>  <\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043c \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 <code>kubectl apply<\/code>.<\/p>\n<p>  <\/p>\n<pre><code>$ kubectl apply -f test-web.yml -f test-background.yml -f test-websocket.yml -f test-api.yml deployment \"test-production-web\" created service \"test-production-web\" created deployment \"test-production-background\" created service \"test-production-background\" created deployment \"test-production-websocket\" created service \"test-production-websocket\" created deployment \"test-production-api\" created service \"test-production-api\" created<\/code><\/pre>\n<p>  <\/p>\n<p>\u041a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u043e \u0438 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e, \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c HAProxy Ingress. \u041d\u043e \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0441\u0435\u043a\u0440\u0435\u0442 TLS \u0441 \u043a\u043b\u044e\u0447\u043e\u043c \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c SSL.<\/p>\n<p>  <\/p>\n<p>\u041e\u043d \u0436\u0435 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0442\u044c HTTPS \u0434\u043b\u044f URL \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u043d\u0430 L7.<\/p>\n<p>  <\/p>\n<p><code>$ kubectl create secret tls tls-certificate --key server.key --cert server.pem<\/code><\/p>\n<p>  <\/p>\n<p><code>server.key<\/code> \u0437\u0434\u0435\u0441\u044c \u2014 \u044d\u0442\u043e \u043d\u0430\u0448 \u043a\u043b\u044e\u0447 SSL, \u0430 <code>server.pem<\/code> \u2014 \u043d\u0430\u0448 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 SSL \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 pem.<\/p>\n<p>  <\/p>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 HAProxy.<\/p>\n<p>  <\/p>\n<h3 id=\"karta-konfiguracii-haproxy\">\u041a\u0430\u0440\u0442\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 HAProxy<\/h3>\n<p>  <\/p>\n<p>\u0412\u0441\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f HAProxy \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 <a href=\"https:\/\/github.com\/jcmoraisjr\/HAProxy-ingress#configmap\">\u0437\u0434\u0435\u0441\u044c<\/a>.<\/p>\n<p>  <\/p>\n<pre><code>apiVersion: v1 data:     dynamic-scaling: \"true\"     backend-server-slots-increment: \"4\" kind: ConfigMap metadata:   name: haproxy-configmap   namespace: test<\/code><\/pre>\n<p>  <\/p>\n<h3 id=\"razvertyvanie-kontrollera-haproxy-ingress\">\u0420\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 HAProxy Ingress<\/h3>\n<p>  <\/p>\n<p>\u0428\u0430\u0431\u043b\u043e\u043d \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 \u0434\u0432\u0443\u043c\u044f \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0435\u043f\u043b\u043e\u0435\u043c.<\/p>\n<p>  <\/p>\n<pre><code>apiVersion: extensions\/v1beta1 kind: Deployment metadata:   labels:     run: haproxy-ingress   name: haproxy-ingress   namespace: test spec:   replicas: 2   selector:     matchLabels:       run: haproxy-ingress   template:     metadata:       labels:         run: haproxy-ingress     spec:       containers:       - name: haproxy-ingress         image: quay.io\/jcmoraisjr\/haproxy-ingress:v0.5-beta.1         args:         - --default-backend-service=$(POD_NAMESPACE)\/test-production-web         - --default-ssl-certificate=$(POD_NAMESPACE)\/tls-certificate         - --configmap=$(POD_NAMESPACE)\/haproxy-configmap         - --ingress-class=haproxy         ports:         - name: http           containerPort: 80         - name: https           containerPort: 443         - name: stat           containerPort: 1936         env:         - name: POD_NAME           valueFrom:             fieldRef:               fieldPath: metadata.name         - name: POD_NAMESPACE           valueFrom:             fieldRef:               fieldPath: metadata.namespace<\/code><\/pre>\n<p>  <\/p>\n<p>\u0412 \u044d\u0442\u043e\u043c \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442\u0435 \u043d\u0430\u0441 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0442 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u044b, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443.<br \/>  <code>--default-backend-service<\/code> \u2014 \u044d\u0442\u043e \u0441\u0435\u0440\u0432\u0438\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u0435\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0443 \u043d\u0435 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430.<\/p>\n<p>  <\/p>\n<p>\u0423 \u043d\u0430\u0441 \u044d\u0442\u043e \u0441\u0435\u0440\u0432\u0438\u0441 <code>test-production-web<\/code>, \u043d\u043e \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043a\u0430\u0441\u0442\u043e\u043c\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 404 \u0438\u043b\u0438 \u0447\u0442\u043e-\u043d\u0438\u0431\u0443\u0434\u044c \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435 \u2014 \u0440\u0435\u0448\u0430\u0442\u044c \u0432\u0430\u043c.<\/p>\n<p>  <\/p>\n<p><code>--default-ssl-certificate<\/code> \u2014 \u044d\u0442\u043e \u0441\u0435\u043a\u0440\u0435\u0442 SSL, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u044b \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u043b\u0438. \u041e\u043d \u0431\u0443\u0434\u0435\u0442 \u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c SSL \u043d\u0430 L7, \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0438\u0437\u0432\u043d\u0435 \u043f\u043e HTTPS.<\/p>\n<p>  <\/p>\n<h3 id=\"servis-haproxy-ingress\">\u0421\u0435\u0440\u0432\u0438\u0441 HAProxy Ingress<\/h3>\n<p>  <\/p>\n<p>\u042d\u0442\u043e \u0442\u0438\u043f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 <code>LoadBalancer<\/code>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u043c\u0443 \u0442\u0440\u0430\u0444\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0430\u0448\u0435\u043c\u0443 Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443.<\/p>\n<p>  <\/p>\n<p>\u0423 LoadBalancer \u0435\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0441\u0435\u0442\u0438 Kubernetes, \u0430 \u043d\u0430 L7 \u043e\u043d \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u0442\u0440\u0430\u0444\u0438\u043a \u0434\u043b\u044f Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430.<\/p>\n<p>  <\/p>\n<pre><code>apiVersion: v1 kind: Service metadata:   labels:     run: haproxy-ingress   name: haproxy-ingress   namespace: test spec:   type: LoadBalancer   ports:   - name: http     port: 80     protocol: TCP     targetPort: 80   - name: https     port: 443     protocol: TCP     targetPort: 443   - name: stat     port: 1936     protocol: TCP     targetPort: 1936   selector:     run: haproxy-ingress<\/code><\/pre>\n<p>  <\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c \u0432\u0441\u0435 \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442\u044b HAProxy.<\/p>\n<p>  <\/p>\n<pre><code>$ kubectl apply -f haproxy-configmap.yml -f haproxy-deployment.yml -f haproxy-service.yml configmap \"haproxy-configmap\" created deployment \"haproxy-ingress\" created service \"haproxy-ingress\" created<\/code><\/pre>\n<p>  <\/p>\n<p>\u041a\u043e\u0433\u0434\u0430 \u0432\u0441\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u044b, \u0443\u043a\u0430\u0436\u0438\u0442\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 LoadBalancer.<\/p>\n<p>  <\/p>\n<pre><code>$ kubectl -n test get svc haproxy-ingress -o wide  NAME               TYPE           CLUSTER-IP       EXTERNAL-IP                                                            PORT(S)                                     AGE       SELECTOR haproxy-ingress   LoadBalancer   100.67.194.186   a694abcdefghi11e8bc3b0af2eb5c5d8-806901662.us-east-1.elb.amazonaws.com   80:31788\/TCP,443:32274\/TCP,1936:32157\/TCP   2m        run=ingress<\/code><\/pre>\n<p>  <\/p>\n<h3 id=\"sopostavlenie-dns-s-url-prilozheniya\">\u0421\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 DNS \u0441 URL \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f<\/h3>\n<p>  <\/p>\n<p>\u041a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u044b \u0443\u043a\u0430\u0436\u0435\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 ELB \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 Ingress, \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043c\u0435\u0436\u0434\u0443 \u0441\u043e\u0431\u043e\u0439 DNS \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0438 URL \u0437\u0430\u043f\u0440\u043e\u0441\u0430 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 <code>test-rails-app.com<\/code>).<\/p>\n<p>  <\/p>\n<h3 id=\"realizaciya-ingress\">\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Ingress<\/h3>\n<p>  <\/p>\n<p>\u0421\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u043e\u0437\u0430\u0434\u0438, \u043f\u043e\u0440\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c Ingress \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path.<\/p>\n<p>  <\/p>\n<p>\u041d\u0430\u043c \u043d\u0443\u0436\u043d\u044b \u043d\u0443\u0436\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430.<\/p>\n<p>  <\/p>\n<p>\u0417\u0430\u043f\u0440\u043e\u0441\u044b \u043a <i><a href=\"https:\/\/test-rails-app.com\">https:\/\/test-rails-app.com<\/a><\/i> \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c <code>test-production-web<\/code>.<\/p>\n<p>  <\/p>\n<p>\u0417\u0430\u043f\u0440\u043e\u0441\u044b \u043a <i><a href=\"https:\/\/test-rails-app.com\/websocket\">https:\/\/test-rails-app.com\/websocket<\/a><\/i> \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c <code>test-production-websocket<\/code>.<\/p>\n<p>  <\/p>\n<p>\u0417\u0430\u043f\u0440\u043e\u0441\u044b \u043a <i><a href=\"https:\/\/test-rails-app.com\/api\">https:\/\/test-rails-app.com\/api<\/a><\/i> \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c <code>test-production-api<\/code>.<\/p>\n<p>  <\/p>\n<p>\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442 Ingress \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u044d\u0442\u0438\u043c\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c\u0438.<\/p>\n<p>  <\/p>\n<pre><code>--- apiVersion: extensions\/v1beta1 kind: Ingress metadata:   name: ingress   namespace: test spec:   tls:     - hosts:       - test-rails-app.com       secretName: tls-certificate   rules:     - host: test-rails-app.com       http:         paths:           - path: \/             backend:               serviceName: test-production-web               servicePort: 80           - path: \/api             backend:               serviceName: test-production-api               servicePort: 80           - path: \/websocket             backend:               serviceName: test-production-websocket               servicePort: 80<\/code><\/pre>\n<p>  <\/p>\n<p>\u041d\u0430 \u0441\u043b\u0443\u0447\u0430\u0439 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0443 \u043d\u0430\u0441 \u0435\u0441\u0442\u044c <a href=\"https:\/\/github.com\/jcmoraisjr\/haproxy-ingress#annotations\">\u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u0438 \u0434\u043b\u044f Ingress \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432<\/a>.<\/p>\n<p>  <\/p>\n<p>\u041a\u0430\u043a \u0438 \u043e\u0436\u0438\u0434\u0430\u043b\u043e\u0441\u044c, \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043d\u0430\u0448 \u0442\u0440\u0430\u0444\u0438\u043a \u043d\u0430 <code>\/<\/code> \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0440\u0432\u0438\u0441 <code>test-production-web<\/code>, <code>\/api<\/code> \u2014 \u0432 <code>test-production-api<\/code>, \u0430 <code>\/websocket<\/code> \u2014 \u0432 <code>test-production-websocket<\/code>.<\/p>\n<p>  <\/p>\n<p>\u041d\u0430\u043c \u043d\u0443\u0436\u043d\u0430 \u0431\u044b\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path \u0438 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u0446\u0438\u044f SSL \u043d\u0430 L7 \u0432 Kubernetes, \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Ingress \u0440\u0435\u0448\u0438\u043b\u0430 \u044d\u0442\u0443 \u0437\u0430\u0434\u0430\u0447\u0443.<\/p>\n<\/div>\n<p>        <script class=\"js-mediator-script\">!function(e){function t(t,n){if(!(n in e)){for(var r,a=e.document,i=a.scripts,o=i.length;o--;)if(-1!==i[o].src.indexOf(t)){r=i[o];break}if(!r){r=a.createElement(\"script\"),r.type=\"text\/javascript\",r.async=!0,r.defer=!0,r.src=t,r.charset=\"UTF-8\";var d=function(){var e=a.getElementsByTagName(\"script\")[0];e.parentNode.insertBefore(r,e)};\"[object Opera]\"==e.opera?a.addEventListener?a.addEventListener(\"DOMContentLoaded\",d,!1):e.attachEvent(\"onload\",d):d()}}}t(\"\/\/mediator.mail.ru\/script\/2820404\/\",\"_mediator\")}(window);<\/script>     <br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/post\/424789\/\"> https:\/\/habr.com\/post\/424789\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\n<div class=\"post__text post__text-html js-mediator-article\">\n<p>\u041f\u043e\u0441\u043b\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0442\u0435\u0441\u0442\u043e\u0432 \u043c\u044b \u043d\u0430\u043a\u043e\u043d\u0435\u0446 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u043b\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Ruby on Rails \u0432 \u043f\u0440\u043e\u0434\u0430\u043a\u0448\u0435\u043d \u0441 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u043e\u043c Kubernetes.<\/p>\n<p>  <\/p>\n<p><em>\u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u044f \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443, \u043a\u0430\u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Path \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Ruby on Rails \u0432 Kubernetes \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c HAProxy Ingress.<\/em><\/p>\n<p>  <\/p>\n<p><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/getpro\/habr\/post_images\/3fa\/08e\/fa4\/3fa08efa4b7f76def073d9be03e73b62.jpg\" alt=\"image\"><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-290071","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/290071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=290071"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/290071\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=290071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=290071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=290071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}