๊ฐ€์ƒ ํ˜ธ์ŠคํŠธ ๊ตฌ์„ฑ

์ด ์ฃผ์ œ์—์„œ๋Š” virtualhosts ๊ตฌ์„ฑ ์†์„ฑ์„ ์„ค๋ช…ํ•ฉ๋‹ˆ๋‹ค. ๊ฐ€์ƒ ํ˜ธ์ŠคํŠธ๋ฅผ ํ†ตํ•ด Apigee Hybrid๋Š” ํ™˜๊ฒฝ ๊ทธ๋ฃน๊ณผ ์—ฐ๊ฒฐ๋œ hostalias์— ๋Œ€ํ•œ API ์š”์ฒญ์„ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ž์„ธํ•œ ๋‚ด์šฉ์€ ํ™˜๊ฒฝ ๋ฐ ํ™˜๊ฒฝ ๊ทธ๋ฃน ์ •๋ณด ์ฃผ์ œ์—์„œ ๋ผ์šฐํŒ… ๋ฐ ๊ธฐ๋ณธ ๊ฒฝ๋กœ๋ฅผ ์ฐธ์กฐํ•˜์„ธ์š”. 

...
virtualhosts:
  - name: my-env-group
    sslCertPath: ./certs/fullchain.pem
    sslKeyPath: ./certs/privkey.key
...

API ํ”„๋ก์‹œ ํ˜ธ์ถœ์ด ๋ฐœ์ƒํ•˜๋ฉด API ํ”„๋ก์‹œ๊ฐ€ ๋ฐฐํฌ๋œ ํ™˜๊ฒฝ ๊ทธ๋ฃน์˜ ํ˜ธ์ŠคํŠธ ๋ณ„์นญ์œผ๋กœ ๋ผ์šฐํŒ…๋ฉ๋‹ˆ๋‹ค.

ํด๋Ÿฌ์Šคํ„ฐ์— virtualhosts์„ ์ ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์€ virtualhost ๋ณ€๊ฒฝ์‚ฌํ•ญ ์ ์šฉ์„ ์ฐธ์กฐํ•˜์„ธ์š”. TLS ๊ตฌ์„ฑ์— ๋Œ€ํ•œ ์ž์„ธํ•œ ๋‚ด์šฉ์€ Istio ์ธ๊ทธ๋ ˆ์Šค์—์„œ TLS ๋ฐ mTLS ๊ตฌ์„ฑ์„ ์ฐธ์กฐํ•˜์„ธ์š”.

์—ฌ๋Ÿฌ ๊ฐ€์ƒ ํ˜ธ์ŠคํŠธ ์ถ”๊ฐ€

virtualhosts[] ์†์„ฑ์€ ๋ฐฐ์—ด์ด๋ฏ€๋กœ ๋‘˜ ์ด์ƒ์˜ ์†์„ฑ์„ ๋งŒ๋“ค ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

...
virtualhosts:
  - name: my-env-group-1
    sslCertPath: ./certs/fullchain1.pem
    sslKeyPath: ./certs/privkey1.key

  - name: my-env-group-2
    sslCertPath: ./certs/fullchain2.pem
    sslKeyPath: ./certs/privkey2.key
...

TLS ๊ตฌ์„ฑ์— ๋Œ€ํ•œ ์ž์„ธํ•œ ๋‚ด์šฉ์€ Istio ์ธ๊ทธ๋ ˆ์Šค์—์„œ TLS ๋ฐ mTLS ๊ตฌ์„ฑ์„ ์ฐธ์กฐํ•˜์„ธ์š”.

virtualhosts ๋ณ€๊ฒฝ์‚ฌํ•ญ ์ ์šฉ

virtualhosts ์†์„ฑ์„ ์ถ”๊ฐ€ํ•˜๊ฑฐ๋‚˜ ๋ณ€๊ฒฝํ•˜๊ณ  ๋‹ค๋ฅธ ๊ฒƒ์€ ๋ณ€๊ฒฝํ•˜์ง€ ์•Š๋Š” ๊ฒฝ์šฐ โ€‘โ€‘settings ํ”Œ๋ž˜๊ทธ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ•ด๋‹น ๋ณ€๊ฒฝ์‚ฌํ•ญ์„ ์ ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” apigeectl์—๋งŒ ์ ์šฉ๋ฉ๋‹ˆ๋‹ค. Helm์˜ ๊ฒฝ์šฐ ์ ์ ˆํ•œ ๋ณ€์ˆ˜์™€ ํ•จ๊ป˜ apigee-virtualhost๋ฅผ ์ ์šฉํ•ฉ๋‹ˆ๋‹ค.

Helm

helm upgrade ENV_GROUP_NAME apigee-virtualhost/ \
  --namespace apigee \
  --atomic \
  --set envgroup=ENV_GROUP_NAME \
  -f OVERRIDES_FILE.yaml

apigeectl

$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml โ€‘โ€‘settings virtualhosts

virtualhosts ๋ฐ env ์„ค์ •์„ ์ˆ˜์ •ํ•˜๋Š” ๊ฒฝ์šฐ Helm์˜ ๊ฒฝ์šฐ์—๋Š” ENV_GROUP_NAME apigee-virtualhost/, apigeectl์˜ ๊ฒฝ์šฐ์—๋Š” โ€‘โ€‘settings virtualhosts๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ณ  ๋ณ€๊ฒฝ์‚ฌํ•ญ์„ ์ ์šฉํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํด๋Ÿฌ์Šคํ„ฐ๋ฅผ ์—…๋ฐ์ดํŠธํ•˜๋Š” ๋ฐฉ๋ฒ•์€ ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Helm

์—…๋ฐ์ดํŠธํ•  ๊ฐ ํ™˜๊ฒฝ์— ๋Œ€ํ•œ helm ์—…๊ทธ๋ ˆ์ด๋“œ๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.

helm upgrade ENV_NAME apigee-env/ \
    --namespace apigee \
     --atomic \
     --set env=ENV_NAME \
     -f OVERRIDES_FILE.yaml

๊ทธ๋Ÿฐ ๋‹ค์Œ apigee-virtualhost ์ฐจํŠธ๋ฅผ ์—…๊ทธ๋ ˆ์ด๋“œํ•ฉ๋‹ˆ๋‹ค. 

helm upgrade ENV_GROUP_NAME apigee-virtualhost/ \
    --namespace apigee \
    --atomic \
    --set envgroup=ENV_GROUP_NAME \
    -f OVERRIDES_FILE.yaml

apigeectl

$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --env ENV_NAME

๋˜๋Š” ๋ชจ๋“  ํ™˜๊ฒฝ์˜ ๊ตฌ์„ฑ์š”์†Œ๋ฅผ ์—…๋ฐ์ดํŠธํ•˜๋ ค๋ฉด ๋‹ค์Œ์„ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค. 

$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --all-envs

๊ทธ๋Ÿฐ ๋‹ค์Œ virtualhost์— ๋ณ€๊ฒฝ์‚ฌํ•ญ์„ ์ ์šฉํ•ฉ๋‹ˆ๋‹ค. 

$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml settings virtualhosts

TLS ํ‚ค ๋ฐ ์ธ์ฆ์„œ

virtualhost ์†์„ฑ์—๋Š” TLS ํ‚ค์™€ ์ธ์ฆ์„œ๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ํ‚ค/์ธ์ฆ์„œ๋Š” ์ธ๊ทธ๋ ˆ์Šค ๊ฒŒ์ดํŠธ์›จ์ด์™€์˜ ๋ณด์•ˆ ํ†ต์‹ ์„ ์ œ๊ณตํ•˜๋Š” ๋ฐ ์‚ฌ์šฉ๋˜๋ฉฐ ์ง€์ •๋œ ํ™˜๊ฒฝ ๊ทธ๋ฃน์—์„œ ์‚ฌ์šฉ๋˜๋Š” ํ˜ธ์ŠคํŠธ ๋ณ„์นญ๊ณผ ํ˜ธํ™˜๋˜์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

ํ•˜์ด๋ธŒ๋ฆฌ๋“œ ๊ตฌ์„ฑ์— ์ ํ•ฉํ•œ TLS ์ธ์ฆ์„œ/ํ‚ค ์Œ์„ ์ƒ์„ฑํ•˜๋Š” ๋ฐฉ๋ฒ•์€ ์‚ฌ์šฉ์ž๊ฐ€ ๊ฒฐ์ •ํ•ฉ๋‹ˆ๋‹ค. ๋‹ค์Œ ์ฃผ์ œ๋Š” ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์œผ๋กœ TLS ์‚ฌ์šฉ์ž ์ธ์ฆ ์ •๋ณด๋ฅผ ์–ป์„ ์ˆ˜ ์—†๋Š” ๊ฒฝ์šฐ ์ƒˆ ํ•˜์ด๋ธŒ๋ฆฌ๋“œ ์„ค์น˜๋ฅผ ์‚ฌ์šฉํ•ด ๋ณด๊ฑฐ๋‚˜ ํ…Œ์ŠคํŠธํ•˜๊ธฐ ์œ„ํ•œ ์ƒ˜ํ”Œ๋กœ๋งŒ ์ œ๊ณต๋ฉ๋‹ˆ๋‹ค.