Kubernetes Ingress 101
•
2 gefällt mir•99 views
This presentation explains the basics of Kubernetes ingress traffic management functionality, and how it can be used to simplify managing applications across different environments - in the cloud or on premise.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Kubernetes Ingress 101
Ähnlich wie Kubernetes Ingress 101 (20)
Mehr von Kublr
Mehr von Kublr (18)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Kubernetes Ingress 101
- 1. Kubernetes Ingress 101 Oleg Chunikhin | CTO, Kublr
- 2. Introductions Oleg Chunikhin CTO, Kublr • 25 years in software architecture & development • Working w/ Kubernetes since its release in 2015 • Software architect behind Kublr—an enterprise ready container management platform • Twitter @olgch
- 3. Enterprise Kubernetes Needs Developers SRE/Ops/DevOps/SecOps • Self-service • Compatible • Conformant • Configurable • Open & Flexible • Governance • Org multi-tenancy • Single pane of glass • Operations • Monitoring • Log collection • Image management • Identity management • Security • Reliability • Performance • Portability @olgch; @kublr
- 4. @olgch; @kublr Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE
- 5. Kubernetes Ingress @olgch; @kublr • Kubernetes overview / refresher • Services - ClusterIP, NodePort, LoadBalancer • Ingress rules • Ingress and TLS • Examples
- 6. Kubernetes Cluster K8S Architecture Refresher: Components The Master, agent, etcd, API, overlay network, and DNS Master API Server etcd data controller manager scheduler etcd kubectl Worker kubelet container runtime overlay network cluster DNS kube-proxy @olgch; @kublr
- 7. Cluster K8S Architecture Refresher: API Objects Nodes, pods, services, and persistent volumes Node 1 Node 2 Pod A-1 10.0.0.3 Cnt1 Cnt2 Pod A-2 10.0.0.5 Cnt1 Cnt2 Pod B-1 10.0.0.8 Cnt3 SrvA 10.7.0.1 SrvB 10.7.0.3 Persistent Volume @olgch; @kublr
- 8. Cluster K8S Service: ClusterIP Pod A-1 Pod A-2 SrvA 100.65.56.180 ClusterIP @olgch; @kublr kube-proxy kind: Service apiVersion: v1 metadata: name: echoserver namespace: echoserver spec: ports: - name: http protocol: TCP port: 80 targetPort: 8080 selector: app: echoserver clusterIP: 100.65.56.180 type: ClusterIP sessionAffinity: None Node 1 192.168.12.1 Node 2 192.168.12.2
- 9. Sample Application and ClusterIP Service apiVersion: v1 kind: Namespace metadata: name: echoserver --- apiVersion: apps/v1 kind: Deployment metadata: name: echoserver namespace: echoserver spec: selector: matchLabels: app: echoserver replicas: 1 template: metadata: labels: app: echoserver spec: containers: - image: gcr.io/google_containers/echoserver:1.4 imagePullPolicy: Always name: echoserver ports: - containerPort: 8080 apiVersion: v1 kind: Service metadata: name: echoserver namespace: echoserver spec: ports: - port: 80 targetPort: 8080 protocol: TCP selector: app: echoserver # In the cluster curl http://echoserver.echoserver # Outside the cluster kubectl port-forward -n echoserver service/echoserver 8080:80 curl http://127.0.0.1:8080 @olgch; @kublr
- 10. Cluster K8S Service: NodePort Pod A-1 Pod A-2 SrvA 100.65.56.180 NodePort @olgch; @kublr Node 1 192.168.12.1 Node 2 192.168.12.2 Port 33243 Port 33243 kube-proxy kind: Service apiVersion: v1 metadata: name: my-svc namespace: default spec: ports: - name: http protocol: TCP port: 80 targetPort: 80 nodePort: 33243 selector: app: my-app clusterIP: 100.65.56.180 type: NodePort sessionAffinity: None
- 11. NodePort Service apiVersion: v1 kind: Service metadata: name: echoserver-np namespace: echoserver spec: ports: - port: 80 targetPort: 8080 protocol: TCP type: NodePort selector: app: echoserver # List Nodes and their addresses kubectl get nodes # Get node address ADDR=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(.type=="ExternalIP")].address}') # Get service NodePort PORT=$(kubectl get svc echoserver-np -o jsonpath='{.spec.ports[0].nodePort}') # Send request curl http://$ADDR:$PORT @olgch; @kublr
- 12. Cluster K8S Service: LoadBalancer Pod A-1 Pod A-2 SrvA 100.65.56.180 LoadBalancer annotations @olgch; @kublr Node 1 192.168.12.1 Node 2 192.168.12.2 Load Balancer 34.227.27.99 Port 33243 Port 33243 Port 33243 kube-controller-manager cloud-controller-manager cloud-provider or custom controller kube-proxy kind: Service apiVersion: v1 metadata: name: my-svc namespace: default spec: ports: - name: http protocol: TCP port: 80 targetPort: 80 nodePort: 33243 selector: app: my-app clusterIP: 100.65.56.180 type: LoadBalancer sessionAffinity: None
- 13. LoadBalancer Service apiVersion: v1 kind: Service metadata: name: echoserver-lb namespace: echoserver spec: ports: - port: 80 targetPort: 8080 protocol: TCP type: LoadBalancer selector: app: echoserver # List Nodes and their addresses kubectl get svc echoserver-lb # Get node address ADDR=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(.type=="ExternalIP")].address}') # Get service NodePort PORT=$(kubectl get svc echoserver-np -o jsonpath='{.spec.ports[0].nodePort}') # Send request curl http://$ADDR:$PORT @olgch; @kublr
- 14. LB Service Annotations and Properties @olgch; @kublr • AWS service.beta.kubernetes.io/aws-load-balancer-type service.beta.kubernetes.io/aws-load-balancer-internal service.beta.kubernetes.io/aws-load-balancer-access-log-enabled ... • Azure service.beta.kubernetes.io/azure-load-balancer-internal service.beta.kubernetes.io/azure-dns-label-name ... • ...
- 15. Cluster K8S Service: ExternalName SrvA ExternalName example.com @olgch; @kublr kind: Service apiVersion: v1 metadata: name: my-svc namespace: default spec: type: ExternalNane externalName: example.com kube-dns coredns CNAME DNS record example.com
- 16. Cluster K8S Ingress Pod A-1 Pod A-2 SrvA 10.7.0.1 ClusterIP @olgch; @kublr Ingress Rule https://my-host/path Ingress Controller kind: Ingress apiVersion: extensions/v1beta1 metadata: name: echoserver namespace: echoserver spec: rules: - http: paths: - backend: serviceName: echoserver servicePort: 80 path: /echo
- 17. Cluster K8S Ingress: In-Cluster Reverse Proxy Pod A-1 Pod A-2 SrvA 10.7.0.1 ClusterIP @olgch; @kublr Ingress Rule https://my-host/path Ingress Controller (nginx, traefik, HAProxy) SrvIngress 10.7.0.15 LoadBalancer Load Balancer 34.227.44.12 Ingress Controller Application
- 18. Cluster K8S Ingress: External Reverse Proxy Pod A-1 Pod A-2 SrvA 10.7.0.1 ClusterIP @olgch; @kublr Ingress Ingress Controller (nginx, traefik, HAProxy) AWS API ALB Node or Pod Port kind: Ingress apiVersion: extensions/v1beta1 metadata: name: echoserver-alb namespace: echoserver annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing spec: rules: - http: paths: - backend: serviceName: echoserver-np servicePort: 80 path: /echo pathType: ImplementationSpecific
- 19. Ingress with TLS kind: Ingress apiVersion: extensions/v1beta1 metadata: name: echoserver-tls namespace: echoserver annotations: kubernetes.io/tls-acme: 'true' spec: tls: - hosts: - echo.ing-101-aws.workshop.kublr.com secretName: echo-tls rules: - http: paths: - backend: serviceName: echoserver servicePort: 80 path: / pathType: ImplementationSpecific host: echo.ing-101-aws.workshop.kublr.com @olgch; @kublr
- 20. K8S Ingress: Concepts @olgch; @kublr • Ingress Class • Routing • TLS and Certificates
- 21. Beyond this demo • CNI / Kubernetes Overlay Network • Service Meshes • API Gateways • Cross-cluster Connectivity • ... @olgch; @kublr
- 24. Oleg Chunikhin CTO oleg@kublr.com @olgch Kublr | kublr.com @kublr Signup for our newsletter at kublr.com @olgch; @kublr