1ambda · May 12, 2022 01:32
diff --git a/ingress.yaml b/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ...   
  namespace: ...   
  annotations:

    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/load-balancer-name: ...
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip   # POD 으로 직접 연결 (aws-vpc-cni)

    external-dns.alpha.kubernetes.io/exclude: "false" # FIXME: External DNS Ignore
    external-dns.alpha.kubernetes.io/ttl: "60"

    alb.ingress.kubernetes.io/group.name: ...         # FIXME: {PROJECT}-{MODULE}

    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/success-codes: 200-404                # FIXME: 서버 설정에 맞게 변경

    alb.ingress.kubernetes.io/healthcheck-path: /                   # FIXME: 서버 설정에 맞게 변경
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
    alb.ingress.kubernetes.io/healthy-threshold-count: '3'
    alb.ingress.kubernetes.io/unhealthy-threshold-count: '5'

    # HTTP keep-alive 를 위해 다음처럼 설정
    # - (ALB) idle_timeout * 2 = (TARGET GROUP) deregistration_delay
    # - (ALB) idle_timeout < (WAS) idle timeout
    # - WAS idle timeout 의 경우 15초 이하 등 너무 짧게 설정하지 말 것 (60초 이상)

    alb.ingress.kubernetes.io/target-group-attributes: |-
      deregistration_delay.timeout_seconds=100,
      load_balancing.algorithm.type=round_robin,
      slow_start.duration_seconds=0,
      stickiness.enabled=false

    # FIXME: security group name
    alb.ingress.kubernetes.io/security-groups: ...
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: "..."
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06

    # FIXME: Environment, Tag
    alb.ingress.kubernetes.io/tags: |-
      Team=data,
      Terraform=false,
      Kubernetes=true,
      Environment=dev,
      Service=...

    # FIXME: bucket, prefix
    alb.ingress.kubernetes.io/load-balancer-attributes: |-
      access_logs.s3.enabled=true,
      access_logs.s3.bucket=...,
      access_logs.s3.prefix=...,
      idle_timeout.timeout_seconds=100,
      deletion_protection.enabled=false
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: ...
	namespace: ...
	annotations:

	kubernetes.io/ingress.class: alb
	alb.ingress.kubernetes.io/load-balancer-name: ...
	alb.ingress.kubernetes.io/scheme: internal
	alb.ingress.kubernetes.io/target-type: ip # POD 으로 직접 연결 (aws-vpc-cni)

	external-dns.alpha.kubernetes.io/exclude: "false" # FIXME: External DNS Ignore
	external-dns.alpha.kubernetes.io/ttl: "60"

	alb.ingress.kubernetes.io/group.name: ... # FIXME: {PROJECT}-{MODULE}

	alb.ingress.kubernetes.io/backend-protocol: HTTP
	alb.ingress.kubernetes.io/success-codes: 200-404 # FIXME: 서버 설정에 맞게 변경

	alb.ingress.kubernetes.io/healthcheck-path: / # FIXME: 서버 설정에 맞게 변경
	alb.ingress.kubernetes.io/healthcheck-port: traffic-port
	alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
	alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
	alb.ingress.kubernetes.io/healthy-threshold-count: '3'
	alb.ingress.kubernetes.io/unhealthy-threshold-count: '5'

	# HTTP keep-alive 를 위해 다음처럼 설정
	# - (ALB) idle_timeout * 2 = (TARGET GROUP) deregistration_delay
	# - (ALB) idle_timeout < (WAS) idle timeout
	# - WAS idle timeout 의 경우 15초 이하 등 너무 짧게 설정하지 말 것 (60초 이상)

	alb.ingress.kubernetes.io/target-group-attributes: \|-
	deregistration_delay.timeout_seconds=100,
	load_balancing.algorithm.type=round_robin,
	slow_start.duration_seconds=0,
	stickiness.enabled=false

	# FIXME: security group name
	alb.ingress.kubernetes.io/security-groups: ...
	alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
	alb.ingress.kubernetes.io/certificate-arn: "..."
	alb.ingress.kubernetes.io/ssl-redirect: '443'
	alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06

	# FIXME: Environment, Tag
	alb.ingress.kubernetes.io/tags: \|-
	Team=data,
	Terraform=false,
	Kubernetes=true,
	Environment=dev,
	Service=...

	# FIXME: bucket, prefix
	alb.ingress.kubernetes.io/load-balancer-attributes: \|-
	access_logs.s3.enabled=true,
	access_logs.s3.bucket=...,
	access_logs.s3.prefix=...,
	idle_timeout.timeout_seconds=100,
	deletion_protection.enabled=false