今回はpythonのバックエンドにuwsgiとnginxを1つのコンテナ内に収めた。
php-fpmとhttpdを1つのコンテナに同居させてしまう感じ。
プロセスが2つになるのでちょっといまいち。でもuwsgiにhttpを話させるわけにはいかない。
こんな感じのファイル配置。フレームワークにFlaskを使ったよ。pythonはapp/main.pyを最初に読み込む。
❯ tree .
.
├── app
│ ├── config.py
│ ├── dapps.py
│ ├── main.py
├── app.config.yaml
├── config
│ ├── dev.app.config.yaml
│ └── prod.app.config.yaml
├── Dockerfile.dev
├── Dockerfile.prod
├── k8s.gascenter-web-backend-dapps.prod.yaml
├── Pipfile
├── Pipfile.lock
├── uwsgi.dev.ini
└── uwsgi.prod.ini
1. Dockerfile
tiangolo/uwsgi-nginx-flaskを利用した。
# dappsのbackend(api)コンテナ
FROM tiangolo/uwsgi-nginx-flask:python3.7
RUN pip install pipenv
ENV UWSGI_CHEAPER 4
ENV UWSGI_PROCESSES 64
ENV NGINX_MAX_UPLOAD 1m
ENV LISTEN_PORT 3030
EXPOSE 3030
ENV NGINX_WORKER_PROCESSES auto
ENV UWSGI_INI /uwsgi.prod.ini
COPY ./ /
RUN pipenv install --system
COPY config/prod.app.config.yaml ../app.config.yaml
2. k8s yaml
80で受けてコンテナの3030に流す。
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: gascenter-web-backend-dapps
spec:
replicas: 2
selector:
matchLabels:
app: gascenter-web-backend-dapps
template:
metadata:
labels:
app: gascenter-web-backend-dapps
spec:
containers:
- args:
image: 026695289470.dkr.ecr.ap-northeast-1.amazonaws.com/gascenter-web-backend-dapps:latest
imagePullPolicy: Always
name: gascenter-web-backend-dapps
ports:
- containerPort: 3030
protocol: TCP
imagePullSecrets:
- name: awsecs
---
kind: Service
apiVersion: v1
metadata:
name: gascenter-web-backend-dapps-svc
spec:
# externalTrafficPolicy: Local
type: NodePort
ports:
- name: "http-port"
protocol: TCP
port: 80
targetPort: 3030
selector:
app: gascenter-web-backend-dapps
今回はURIのpathでサーバを振り分けたため、Ingress(ALB)設定で配信先サーバを振り分ける。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gascenter-web-backend-app
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
# alb.ingress.kubernetes.io/subnets: subnet-000000,subnet-111111,subnet-22222
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-1:026695289470:certificate/65a878de-ed52-4415-a69e-c0fcf9aeca7a
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- host: api.coinpedia.cc
http:
paths:
- path: /api/v1/gas
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /api/v1/gas*
backend:
serviceName: gascenter-web-backend-gas-svc
servicePort: 80
- path: /api/v1/dapps
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /api/v1/dapps*
backend:
serviceName: gascenter-web-backend-dapps-svc
servicePort: 80