LoginSignup
1

More than 3 years have passed since last update.

k8sでpythonのapiサーバをはいしんする。

Posted at

今回はpythonのバックエンドにuwsgiとnginxを1つのコンテナ内に収めた。
php-fpmとhttpdを1つのコンテナに同居させてしまう感じ。
プロセスが2つになるのでちょっといまいち。でもuwsgiにhttpを話させるわけにはいかない。

こんな感じのファイル配置。フレームワークにFlaskを使ったよ。pythonはapp/main.pyを最初に読み込む。

❯ tree .
.
├── app
│   ├── config.py
│   ├── dapps.py
│   ├── main.py
├── app.config.yaml
├── config
│   ├── dev.app.config.yaml
│   └── prod.app.config.yaml
├── Dockerfile.dev
├── Dockerfile.prod
├── k8s.gascenter-web-backend-dapps.prod.yaml
├── Pipfile
├── Pipfile.lock
├── uwsgi.dev.ini
└── uwsgi.prod.ini

1. Dockerfile

tiangolo/uwsgi-nginx-flaskを利用した。

# dappsのbackend(api)コンテナ
FROM tiangolo/uwsgi-nginx-flask:python3.7

RUN pip install pipenv

ENV UWSGI_CHEAPER 4
ENV UWSGI_PROCESSES 64
ENV NGINX_MAX_UPLOAD 1m
ENV LISTEN_PORT 3030
EXPOSE 3030
ENV NGINX_WORKER_PROCESSES auto
ENV UWSGI_INI /uwsgi.prod.ini

COPY ./ /
RUN pipenv install --system
COPY config/prod.app.config.yaml ../app.config.yaml

2. k8s yaml

80で受けてコンテナの3030に流す。


kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: gascenter-web-backend-dapps
spec:
  replicas: 2
  selector:
    matchLabels:
      app: gascenter-web-backend-dapps
  template:
    metadata:
      labels:
        app: gascenter-web-backend-dapps
    spec:
      containers:
      - args:
        image: 026695289470.dkr.ecr.ap-northeast-1.amazonaws.com/gascenter-web-backend-dapps:latest
        imagePullPolicy: Always
        name: gascenter-web-backend-dapps
        ports:
        - containerPort: 3030
          protocol: TCP
      imagePullSecrets:
        - name: awsecs
---
kind: Service
apiVersion: v1
metadata:
  name: gascenter-web-backend-dapps-svc
spec:
  # externalTrafficPolicy: Local
  type: NodePort
  ports:
  - name: "http-port"
    protocol: TCP
    port: 80
    targetPort: 3030
  selector:
    app: gascenter-web-backend-dapps

今回はURIのpathでサーバを振り分けたため、Ingress(ALB)設定で配信先サーバを振り分ける。


apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gascenter-web-backend-app
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    # alb.ingress.kubernetes.io/subnets: subnet-000000,subnet-111111,subnet-22222
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-1:026695289470:certificate/65a878de-ed52-4415-a69e-c0fcf9aeca7a
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  rules:
    - host: api.coinpedia.cc
      http:
        paths:
          - path: /api/v1/gas
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /api/v1/gas*
            backend:
              serviceName: gascenter-web-backend-gas-svc
              servicePort: 80
          - path: /api/v1/dapps
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /api/v1/dapps*
            backend:
              serviceName: gascenter-web-backend-dapps-svc
              servicePort: 80

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1