Skip to content

Latest commit

 

History

History
179 lines (145 loc) · 3.73 KB

ingress.md

File metadata and controls

179 lines (145 loc) · 3.73 KB

Ingress

  • Ingress manages external access to the services in a cluster, typically HTTP.
  • Ingress may provide load balancing, SSL termination and name-based virtual hosting.

Create the following

  • Deployment web with image gcr.io/google-samples/hello-app:1.0 with 3 replicas.
  • Service web to expose the deployment as Node Port
  • Ingress web-ingress to point to the web service using host hellow-world.info.

show

kubectl create deployment web --image=gcr.io/google-samples/hello-app:1.0
kubectl expose deployment web --type=NodePort --port=8080
kubectl get service web
# NAME   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
# web    NodePort   10.104.218.215   <none>        8080:30807/TCP   12s

Create Ingress with the below specs and apply using kubectl apply -f web-ingress.yaml

kubectl create ingress web-ingress --rule="hello-world.info/=web:8080"

OR

cat << EOF > web-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
    - host: hello-world.info
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 8080
EOF

kubectl apply -f web-ingress.yaml

OR below for older versions

cat << EOF > web-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - host: hello-world.info
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: web
          servicePort: 8080
EOF

kubectl apply -f web-ingress.yaml
# verification
kubectl get nodes -o wide # get node ip
kubectl get deploy web # check status
kubectl get svc web # check node port ip
curl http://10.0.26.3:32104 # use node ip:node port
kubectl get ingress web-ingress # you will get an ip address of the ingress controller if installed
# NAME          CLASS    HOSTS              ADDRESS   PORTS   AGE
# web-ingress   <none>   hello-world.info             80      11s


Ingress Security


Create a tls secret testsecret-tls using tls.crt from file ../data/tls.crt and ../data/tls.key. Enable tls for the ingress below.


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  rules:
  - host: https-example.foo.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80
show

kubectl create secret tls testsecret-tls --cert=tls.crt --key=tls.key
cat << EOF > tls-example-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  tls: # add tls entry 
  - hosts:
      - https-example.foo.com
    secretName: testsecret-tls
  rules:
  - host: https-example.foo.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80
EOF

kubectl apply -f tls-example-ingress.yaml

# verification
kubectl get secret testsecret-tls
kubectl get ingress tls-example-ingress


Clean up


kubectl delete secret testsecret-tls
kubectl delete ingress web-ingress tls-example-ingress
kubectl delete svc web
kubectl delete deployment web