Kubernetes - Ingress 3-02-2021
Class Notes
You can set up -
Load Balancer -> Layer 7 LB -> Application LB
We will be performing this LAB on our local server env.
1. Start your minikube
> minikube start
Single or multinode deployment of ingess is same
2. Start your Linux VM
lets say for an example take a google
www.google.com -> IP address
Team1
search team -> app for search -> thousands of people access
-> lots of os instances running
say 3 POD running
Load Balancer - search
- S1 POD
- S2 POD
- S3 POD
Team2 ---> Mail ----> APP
Load Balancer - search
- m1 POD
- m2 POD
- 33 POD
LB -> SVC -> mail
For all services to access, google provides one IP.
Providing 100s of IP or name to client is hard to manage.
They market only one domain.
To reach my site/services, you have to remember only one name/IP
www.google.com
to search
www.google.com/search
for mail
www.google.com/mail
say an example, you can access, retirve the values...
google.com/search?j=67,k=77
when client sends data, sends on http or https through browser through the header
- path, key value pair -> it goes on http header
or mail or application
when request goes to google server, their server has capability to retribe it.
what path client types, key-value pair client types, they have capability to retrieve.
These programs are server side program.
One of the server which can retirve this kind of service is EngineX
EngineX
- has capability to know your host, search path, query you type.
- When users request goes to this server, we write some code on this server.
- You take request from user. say user type domain.com/search, request goes to LB
- we we detect /something say mail forward this request to mail server say 192.168.10.50
- if they type search forward to .55 server
By checking application header and looking at the application, EngineX does application level load balancer.
based on path, they do load balancing or routing. This is called Path-based-routing
Look for tcp/udp port/IP -> Layer 4 load balancing
get-method layer7 has this capability but not on layer4
Ingress is a concept, we will implement. [ check video 1:30 ]
google for
" kubernetes ingress controller "
istio.io
1.9
--------------------------------------
How to launch nginx ingress controller?
Lets add one of the add on
> minukube addons enable ingress
for multinode cluster
use ingress yaml file.. google it ..
> kc get pods
> kc get pods -n kube-system
you see it running
controller node
- you will create a role
we can use hpproxy, azure cloud, google cloud or nginx
- whatever you want, you have a choise of services.
k8s provides resources
- you just go and launch
- what you have to do is to create rules
- We have a resource - kind (pod)
> kc get ingress
no resource found
how to create ingress resource?
ingress is almost equal to create rule
what we have to do?
Lets say we have two team
Team1 -> search -> app on docker_image
Team2 -> Mail -> mail app on another docker image
LB - svc- search
- s1
- s2
- s3
LB - svc - mail
- m1
- m2
how to launch ingress controller
- it works on rules,
- we add some rules.
> kc enable ingress
Lets go and create an image
1. Login to your workstation
# mkdir /wsin
# cd /wsin
# docker images | grep vimal13
From vimal13/apache-webserver-php
vi Dockerfile
RUN echo "Search app !!!" > /var/wwww/html//index.php
# docker build -t vimal13/searchapp:v1 .
check if it works
# docker run -dit /vimal12/seeacchapp:v1
#
# curl 172.20.25.3
you get it.
Create
vi Dockerfile
RUN echo "Mail app !!!" > /var/wwww/html//index.php
# docker build -t vimal13/searchapp:v1 .
Push it to docker hub
# docker push vimal13/mailapp:v1
push search image too
# kc get pods
Create a deployment
> kc create deployment maild --image=vimal13/mailapp:v1 --replicas=3
if fails remove replicas section
# kc get pod
> kc scal deploy maild --replicas=2
> kc get pd
> kc create deployment searchd --image=vimal13/searchapp:v1
> kc scale deploy search --replicase=3
> kc get po
> kc expose deploy maild --port=80 --type=NodePort
> kc expose deploy searchd --port=80 --type=NodePort
# kc get svc
see the ip and port
# ifconfig
get the IP
.100
> curl 192.168.99.100:30168
> curl 192.168.99.100:20543
We don't want to give these two ip:port to our users
but one
> kc get pod -n kubesystem
> kc get svc -n kube-system
if you want any client to comes to your layer7 laod balancer (.100:80), you have to configure it.
Say client want to come to this ip and port
> curl 192.168.99.100:80
no error.
> curl 192.168.99.100:80/mail
> curl 192.168.99.100:80/search
we want to integrate layer 4 load balancer to layer 7
All layer7 protocal - load balancer working with the help of http header.
in http header, what ever URL you type goes on http header.
- if you type ip on URL say http://192.168.99.100:80/search -> entire info goes as http header
ip goes to layer 3
if you change from ip to host
http://www.domain.com:80/search
this info goes to dns server and converts to IP
same IP comes up but this IP provided by DNS is sent in packge
domain goes to layer 7
and IP to layer3
lets think of off virtual hosting
if you want to send host name also go in package to server, you have to include hostname on domain
> nslookup google.com
if IP not coming as output, use dig
if you try to open the site with IP it does not open.
in virtual hosting, they don't do that.
One ip, they host hundreds of domain they host.
you can take a decision based on hostname
> curl 192.168.99.100:81
you get error
-------------------------------
now, add entry to host file
c:\windows\system32\driver\etc\hosts - on win
/etc/hosts - linux
add entry here
192.168.99.100 www.eg.com
> curl www.eg.com
you have same ooutput
> curl http://www/eg.com:80/mail
this all info goes in http header.
-----------------------
create rules with ingress resources
> kc get ingress
> kc create -h
look for options
lets create yaml file
cd ws
> myingress.yaml
apiVersion: networking.k8s.io/v1 # how do you know, what api you have? Networking.. read docs
kind: Ingress
metadata:
name: myingress
spec:
rules: # we have multiple rules
- rule1
- rule2
hostbased routing..
- we can put multiple hosts
when host matches, they check path.
any client type
http://hostnname/path
http -> hostname->path-> port
you have to write rule here
www.eg.com/mail
the path match, it routes.
> kc ge svc
one pod, you may have multiple
> myingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
spec:
rules:
- host: www.eg.com
http:
paths:
- path: /search
backend:
service:
name: searchd
port:
number: 80
- path: /mail
backend:
service:
name: maild
port:
number: 80
> kc create -f myingress.yaml
we got error something is wrong
pythtype need to define
> myingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
spec:
rules:
- host: www.eg.com
http:
paths:
- path: /search
pathtype: Prefix # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
backend:
service:
name: searchd
port:
number: 80
- path: /mail
pathtype: Prefix
backend:
service:
name: maild
port:
number: 80
google ingress path type
you will get 2/3 path types
other options
exact
prefix
check your syntax of the file and run
> kc create -f myingress.yaml
> kc get ingress
you will seee IP under address
your dns should be working
# curl http://192.168.99.100
# curl http://192.168.99.100/mail
you get same result.
lets try with hostname
# curl http://eg.com:80/mail
if everything is good result will be good
failed.. not found error. same error as the last ones..
> kc get ingress
> kc describe ingress myingress
everything looks clean here. They automatically detected that controller is runnning.
they auto detected, if someone comes on this path, connct to different pods which are running behind the scene.
they auto detected 2 pods.
eventhough, we have clallegnge that its not working
h
> curl http://192.168.99.100/mail
you have to
we have load balancers
LB-ingress
mail-lb
mail-svc
DB -serv
-------------------
# docker ps
# curl 172.17.0.2/index.php
working
# # curl 172.17.0.2/mail
you get error
this folder not available
You provide this folder to check the rule.
if you want to send data to final target, you have to have your url to be read/write
re-write URL
so we want to change mail to change /
for this, you have two solutions
- anyone who type mail, mailer, Mail, any of the cases
I want to rename the file.
if some type /mail, i would like to type mail/
we are trying to send a signal through
> myingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$i # whatever they type here retieve on $1 value
spec:
rules:
- host: www.eg.com
http:
paths:
- path: /search
pathtype: Prefix # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
backend:
service:
name: searchd
port:
number: 80
- path: /mail
pathtype: Prefix
backend:
service:
name: maild
port:
number: 80
UPdate this file
> kc apply -f myingress.yaml
we got some warnings but its ok
now describe,
kc describe ingress myingress
you see noew annotation
go to lcient and type
> curl http://www/eg.com:80/mail
you see mail app !!
try search too.
> curl http://www/eg.com:80/search
we use path to detech. it is path based routing.. and commonly use routing
host based routing can also be use.
we have one single web server and one ip address
eg.com -> 1.1.1.1
we want to host multiple sites
in one computer, multiple systems can be use
we tell client to use name
www.dg.com it will go to 1.1.1.1
virtual hosting based routing
lets edit
> myingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$i # whatever they type here retieve on $1 value
spec:
rules:
- host: www.eg.com
http:
paths:
- path: /search
pathtype: Prefix # /mail, /Mail, /mail/ they pay type / or not, upper case or lower case.
backend:
service:
name: searchd
port:
number: 80
- path: /mail
pathtype: Prefix
backend:
service:
name: maild
port:
number: 80
# ----------------------
spec:
rules:
- host: www.dg.com # or *.dg.com
http:
paths:
- path: /db
pathtype: Prefix
backend:
service:
name: dbd
port:
number: 80
add host entyr
192.168.99.100 www.dg.com
No comments:
Post a Comment