Wednesday, March 3, 2021

Day 26 - Kubernetes - Ingress

 Kubernetes - Ingress 3-02-2021

Class Notes

You can set up -
Load Balancer -> Layer 7 LB -> Application LB

We will be performing this LAB on our local server env.
1. Start your minikube
> minikube start

Single or multinode deployment of ingess is same

2. Start your Linux VM


lets say for an example take a google

www.google.com -> IP address

Team1
search team -> app for search -> thousands of people access
-> lots of os instances running

say 3 POD running

Load Balancer - search
- S1 POD    
- S2 POD
- S3 POD

Team2  ---> Mail ----> APP
Load Balancer - search
- m1 POD    
- m2 POD
- 33 POD

LB -> SVC -> mail

For all services to access, google provides one IP.
Providing 100s of IP or name to client is hard to manage.

They market only one domain.
To reach my site/services, you have to remember only one name/IP

www.google.com
to search
www.google.com/search
for mail
www.google.com/mail

say an example, you can access, retirve the values...
google.com/search?j=67,k=77


when client sends data, sends on http or https  through browser through the header
- path, key value pair -> it goes on http header

or mail or application

when request goes to google server, their server has capability to retribe it.
what path client types, key-value pair client types, they have capability to retrieve.

These programs are server side program.

One of the server which can retirve this kind of service is EngineX

EngineX
- has capability to know your host, search path, query you type.
- When users request goes to this server, we write some code on this server.
- You take request from user. say user type domain.com/search, request goes to LB
- we we detect /something say mail forward this request to mail server say 192.168.10.50
- if they type search forward to .55 server

By checking application header and looking at the application, EngineX does application level load balancer.
based on path, they do load balancing or routing. This is called Path-based-routing

Look for tcp/udp port/IP -> Layer 4 load balancing

get-method layer7 has this capability but not on layer4

Ingress is a concept, we will implement. [ check video 1:30 ]

google for
" kubernetes ingress controller "

istio.io
1.9

--------------------------------------
How to launch nginx ingress controller?

Lets add one of the add on
> minukube addons enable ingress

for multinode cluster
use ingress yaml file..  google it ..

> kc get pods
> kc get pods -n kube-system

you see it running

controller node
- you will create a role


we can use hpproxy, azure cloud, google cloud or nginx
- whatever you want, you have a choise of services.

k8s provides resources
- you just go and launch
- what you have to do is to create rules
- We have a resource - kind (pod)

> kc get ingress
no resource found

how to create ingress resource?
ingress is almost equal to create rule

what we have to do?
Lets say we have two team

Team1 -> search -> app on docker_image
Team2 -> Mail -> mail app on another docker image

LB - svc- search
- s1
- s2
- s3

LB - svc - mail
- m1
- m2

how to launch ingress controller
- it works on rules,
- we add some rules.

> kc enable ingress


Lets go and create an image

1. Login to your workstation
# mkdir /wsin
# cd /wsin
# docker images | grep vimal13



From vimal13/apache-webserver-php
vi Dockerfile
RUN echo "Search app !!!" > /var/wwww/html//index.php

# docker build -t vimal13/searchapp:v1 .

check if it works
# docker run -dit /vimal12/seeacchapp:v1
#
# curl 172.20.25.3

you get it.


Create

vi Dockerfile
RUN echo "Mail app !!!" > /var/wwww/html//index.php


# docker build -t vimal13/searchapp:v1 .

Push it to docker hub
# docker push vimal13/mailapp:v1
push search image too

# kc get pods

Create a deployment
> kc create deployment maild --image=vimal13/mailapp:v1 --replicas=3
if fails remove replicas section

# kc get pod
> kc scal deploy maild --replicas=2
> kc get pd
> kc create deployment searchd --image=vimal13/searchapp:v1
> kc scale deploy search --replicase=3
> kc get po
> kc expose deploy maild --port=80 --type=NodePort
> kc expose deploy searchd --port=80 --type=NodePort

# kc get svc
see the ip and port

# ifconfig
get the IP

.100

> curl 192.168.99.100:30168
> curl 192.168.99.100:20543

We don't want to give these two ip:port to our users
but one

> kc get pod -n kubesystem
> kc get svc -n kube-system

if you want any client to comes to your layer7 laod balancer (.100:80),  you have to configure it.

Say client want to come to this ip and port
> curl 192.168.99.100:80

no error.

> curl 192.168.99.100:80/mail
> curl 192.168.99.100:80/search

we want to integrate layer 4 load balancer to layer 7

All layer7 protocal - load balancer working with the help of http header.
in http header, what ever URL you type goes on http header.
- if you type ip on URL say http://192.168.99.100:80/search -> entire info goes as http header

ip goes to layer 3

if you change from ip to host
http://www.domain.com:80/search

this info goes to dns server and converts to IP
same IP comes up but this IP provided by DNS is sent in packge

domain goes to layer 7
and IP to layer3

lets think of off virtual hosting

if you want to send host name also go in package to server, you have to include hostname on domain

> nslookup google.com

if IP not coming as output, use dig

if you try to open the site with IP it does not open.

in virtual hosting, they don't do that.
One ip, they host hundreds of domain they host.

you can take a decision based on hostname

> curl 192.168.99.100:81
you get error

-------------------------------

now, add entry to host file
c:\windows\system32\driver\etc\hosts - on win
/etc/hosts - linux

add entry here
192.168.99.100    www.eg.com

> curl www.eg.com

you have same ooutput

> curl http://www/eg.com:80/mail
this all info goes in http header.

-----------------------
create rules with ingress resources

> kc get ingress
> kc create -h

look for options

lets create yaml file

cd ws
> myingress.yaml

apiVersion: networking.k8s.io/v1    # how do you know, what api you have? Networking.. read docs
kind: Ingress
metadata:
  name: myingress
spec:
  rules:    # we have multiple rules
    - rule1
    - rule2

hostbased routing..
- we can put multiple hosts

when host matches, they check path.

any client type
http://hostnname/path
http -> hostname->path-> port
you have to write rule here


www.eg.com/mail

the path match, it routes.

> kc ge svc
one pod, you may have multiple

> myingress.yaml

apiVersion: networking.k8s.io/v1    
kind: Ingress
metadata:
  name: myingress
spec:
  rules:    
    - host: www.eg.com
      http:
        paths:
      - path: /search
            backend:
        service:
          name: searchd
          port:
            number: 80

      - path: /mail
            backend:
        service:
          name: maild
          port:
            number: 80


> kc create -f myingress.yaml
we got error something is wrong
pythtype need to define



> myingress.yaml

apiVersion: networking.k8s.io/v1    
kind: Ingress
metadata:
  name: myingress
spec:
  rules:    
    - host: www.eg.com
      http:
        paths:
      - path: /search
            pathtype: Prefix    # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
            backend:
        service:
          name: searchd
          port:
            number: 80

      - path: /mail
            pathtype: Prefix
            backend:
        service:
          name: maild
          port:
            number: 80


google ingress path type
you will get 2/3 path types

other options
exact
prefix

check your syntax of the file and run
> kc create -f myingress.yaml

> kc get ingress

you will seee IP under address

your dns should be working


# curl http://192.168.99.100
# curl http://192.168.99.100/mail

you get same result.

lets try with hostname
# curl http://eg.com:80/mail

if everything is good result will be good

failed.. not found error. same error as the last ones..

> kc get ingress
> kc describe ingress myingress

everything looks clean here. They automatically detected that controller is runnning.
they auto detected, if someone comes on this path, connct to different pods which are running behind the scene.

they auto detected 2 pods.


eventhough, we have clallegnge that its  not working

h
> curl http://192.168.99.100/mail

you have to

we have load balancers

LB-ingress

mail-lb
mail-svc

DB -serv



-------------------
# docker ps
# curl 172.17.0.2/index.php
working
# # curl 172.17.0.2/mail

you get error
this folder not available


You provide this folder to check the rule.


if you want to send data to final target, you have to have your url to be read/write
re-write URL

so we want to change mail to change /

for this, you have two solutions
- anyone who type mail, mailer, Mail, any of the cases

I want to rename the file.


if some type /mail, i would like to type mail/

we are trying to send a signal through




> myingress.yaml

apiVersion: networking.k8s.io/v1    
kind: Ingress
metadata:
  name: myingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$i    # whatever they type here retieve on $1 value
spec:
  rules:    
    - host: www.eg.com
      http:
        paths:
      - path: /search
            pathtype: Prefix    # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
            backend:
        service:
          name: searchd
          port:
            number: 80

      - path: /mail
            pathtype: Prefix
            backend:
        service:
          name: maild
          port:
            number: 80


UPdate this file
> kc apply -f myingress.yaml
we got some warnings but its ok

now describe,
kc describe ingress myingress

you see noew annotation

go to lcient and type

> curl http://www/eg.com:80/mail

you see mail app !!
try search too.

> curl http://www/eg.com:80/search

we use path to detech. it is path based routing.. and commonly use routing


host based routing can also be use.

we have one single web server and one ip address
eg.com -> 1.1.1.1

we want to host multiple sites

in one computer, multiple systems can be use
we tell client to use name
www.dg.com it will go to 1.1.1.1

virtual hosting based routing


lets edit


> myingress.yaml

apiVersion: networking.k8s.io/v1    
kind: Ingress
metadata:
  name: myingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$i    # whatever they type here retieve on $1 value
spec:
  rules:    
    - host: www.eg.com
      http:
        paths:
      - path: /search
            pathtype: Prefix    # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
            backend:
        service:
          name: searchd
          port:
            number: 80

      - path: /mail
            pathtype: Prefix
            backend:
        service:
          name: maild
          port:
            number: 80


# ----------------------

spec:
  rules:    
    - host: www.dg.com    # or *.dg.com
      http:
        paths:
      - path: /db
            pathtype: Prefix
            backend:
        service:
          name: dbd
          port:
            number: 80


add host entyr
192.168.99.100    www.dg.com

No comments:

Post a Comment

Git branch show detached HEAD

  Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03)   00 2. Run re-set hard $ git reset --hard 3. ...