Application Access in Kubernetes

Kubernetes Networking
In Kubernetes, networking happens at different levels:

- Between containers: implemented as IPC
- Between Pods: implemented by network plugins
- Between Pods and Services: implemented by Service resources
- Between external users and Services: implemented by Services, with the help of Ingress

Network Plugins

Network plugins are required to implement network traffic between Pods
Network plugins are provided by the Kubernetes Ecosystem
Vanilla Kubernetes does not come with a default network plugin, and you’ll have to install it while installing a cluster
Different plugins provide different features
Currently, the Calico plugin is commonly used because of its support for features like NetworkPolicy

Services

Service resources are used to provide access to Pods
If multiple Pods are used as Service endpoint, the Service will load balance traffic to the Pods
Different types of Service can be configured:
- ClusterIP: the Service is internally exposed and is reachable only from within the cluster
- NodePort: the Service is exposed at each node’s IP address as a port. The
  Service can be reached from outside the cluster at nodeip:nodeport
- LoadBalancer: the cloud provider offers a load balancer that routes traffic to
  either NodePort- or ClusterIP-based Services
- ExternalName: the Service is mapped to an external name that is implemented as a DNS CNAME record

Configuring Services

Use kubectl expose to expose applications through their Pods, ReplicaSet or Deployment (recommended)
Use kubectl create service as an alternative

Demo: Creating Services

kubectl create deploy webshop --image=nginx --replicas=3
kubectl get pods --selector app=webshop -o wide
kubectl expose deploy webshop --type NodePort --port=80
kubectl describe svc webshop
kubectl get svc
curl nodeip:nodeport

Let’s demonstrate creating services:

[root@k8s cka]# kubectl create deploy webshop --image=nginx --replicas=3
deployment.apps/webshop created

[root@k8s cka]# kubectl get pods --selector app=webshop -o wide
NAME                       READY   STATUS    RESTARTS   AGE   IP            NODE            NOMINATED NODE   READINESS GATES
webshop-7f9fd49d4c-92nj2   1/1     Running   0          32s   10.244.0.24   k8s.example.pl   <none>           <none>
webshop-7f9fd49d4c-kqllw   1/1     Running   0          32s   10.244.0.23   k8s.example.pl   <none>           <none>
webshop-7f9fd49d4c-x2czc   1/1     Running   0          32s   10.244.0.25   k8s.example.pl   <none>           <none>

[root@k8s cka]# kubectl expose deploy webshop --type=NodePort --port=80
service/webshop exposed

[root@k8s cka]# kubectl get all --selector app=webshop
NAME                           READY   STATUS    RESTARTS   AGE
pod/webshop-7f9fd49d4c-92nj2   1/1     Running   0          92m
pod/webshop-7f9fd49d4c-kqllw   1/1     Running   0          92m
pod/webshop-7f9fd49d4c-x2czc   1/1     Running   0          92m

NAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/webshop   NodePort   10.109.119.90   <none>        80:32064/TCP   27s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/webshop   3/3     3            3           92m

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/webshop-7f9fd49d4c   3         3         3       92m

[root@k8s cka]# kubectl describe svc webshop
Name:                     webshop
Namespace:                default
Labels:                   app=webshop
Annotations:              <none>
Selector:                 app=webshop
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.109.119.90
IPs:                      10.109.119.90
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  32064/TCP
Endpoints:                10.244.0.23:80,10.244.0.24:80,10.244.0.25:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@k8s cka]# kubectl get svc webshop
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
webshop   NodePort   10.109.119.90   <none>        80:32064/TCP   82s

[root@k8s cka]# curl k8s.example.pl:32064
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

[root@k8s cka]# kubectl create deploy webshop --image=nginx --replicas=3

deployment.apps/webshop created

[root@k8s cka]# kubectl get pods --selector app=webshop -o wide

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

webshop-7f9fd49d4c-92nj2 1/1 Running 0 32s 10.244.0.24 k8s.example.pl <none> <none>

webshop-7f9fd49d4c-kqllw 1/1 Running 0 32s 10.244.0.23 k8s.example.pl <none> <none>

webshop-7f9fd49d4c-x2czc 1/1 Running 0 32s 10.244.0.25 k8s.example.pl <none> <none>

[root@k8s cka]# kubectl expose deploy webshop --type=NodePort --port=80

service/webshop exposed

[root@k8s cka]# kubectl get all --selector app=webshop

NAME READY STATUS RESTARTS AGE

pod/webshop-7f9fd49d4c-92nj2 1/1 Running 0 92m

pod/webshop-7f9fd49d4c-kqllw 1/1 Running 0 92m

pod/webshop-7f9fd49d4c-x2czc 1/1 Running 0 92m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/webshop NodePort 10.109.119.90 <none> 80:32064/TCP 27s

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/webshop 3/3 3 3 92m

NAME DESIRED CURRENT READY AGE

replicaset.apps/webshop-7f9fd49d4c 3 3 3 92m

[root@k8s cka]# kubectl describe svc webshop

Name: webshop

Namespace: default

Labels: app=webshop

Annotations: <none>

Selector: app=webshop

Type: NodePort

IP Family Policy: SingleStack

IP Families: IPv4

IP: 10.109.119.90

IPs: 10.109.119.90

Port: <unset> 80/TCP

TargetPort: 80/TCP

NodePort: <unset> 32064/TCP

Endpoints: 10.244.0.23:80,10.244.0.24:80,10.244.0.25:80

Session Affinity: None

External Traffic Policy: Cluster

Events: <none>

[root@k8s cka]# kubectl get svc webshop

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

webshop NodePort 10.109.119.90 <none> 80:32064/TCP 82s

[root@k8s cka]# curl k8s.example.pl:32064

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

html { color-scheme: light dark; }

body { width: 35em; margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif; }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

Ingress

Ingress is an API object that manages external access to services in a cluster
Ingress works with external DNS to provide URL-based access to Kubernetes applications
Ingress consists of two parts
- A load balancer available on the external network
- An API resource that contacts the Service resources to find out about available back-end Pods
Ingress load balancers are provided by the Kubernetes ecosystem, different load balancers are available
Ingress exposes HTTP and HTTPS routes from outside the cluster to Services within the cluster
Ingress uses the selectorlabel in Services to connect to the Pod endpoints
Traffic routing is controlled by rules defined on the Ingress resource
Ingress can be configured to do the following, according to functionality
provided by the load balancer
- Give Services externally-reachable URLs
- Load balance traffic
- Terminate SSL/TLS
- Offer name based virtual hosting
  based virtual hosting.

Installing the Nginx Ingress Controller

helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
kubectl get pods -n ingress-nginx
kubectl create deploy nginxsvc --image=nginx --port=80
kubectl expose deploy nginxsvc

Before we can use the ingress we must ensure that ingress controler is installed. In minikube there is no ingress controller so we must install it using helm.

[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx -- create-namespace
Error: "helm upgrade" requires 2 arguments

Usage:  helm upgrade [RELEASE] [CHART] [flags]
[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
Release "ingress-nginx" does not exist. Installing it now.
NAME: ingress-nginx
LAST DEPLOYED: Fri Feb  2 15:08:51 2024
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace ingress-nginx ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

[root@k8s cka]# kubectl get all -n ingress-nginx
NAME                                            READY   STATUS    RESTARTS   AGE
pod/ingress-nginx-controller-6858749594-27tm9   1/1     Running   0          5m15s

NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/ingress-nginx-controller             LoadBalancer   10.98.212.3     <pending>     80:31333/TCP,443:31463/TCP   5m15s
service/ingress-nginx-controller-admission   ClusterIP      10.105.231.72   <none>        443/TCP                      5m15s

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           5m15s

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-6858749594   1         1         1       5m15s

[root@k8s cka]# kubectl create deploy nginxsvc --image=nginx --port=80
deployment.apps/nginxsvc created

[root@k8s cka]# kubectl expose deploy nginxsvc
service/nginxsvc exposed

[root@k8s cka]# kubectl get all --selector app=nginxsvc
NAME                            READY   STATUS    RESTARTS   AGE
pod/nginxsvc-5f8b7d4f4d-dtrs7   1/1     Running   0          85s

NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/nginxsvc   ClusterIP   10.104.155.180   <none>        80/TCP    72s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginxsvc   1/1     1            1           85s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginxsvc-5f8b7d4f4d   1         1         1       85s

[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx -- create-namespace

Error: "helm upgrade" requires 2 arguments

Usage: helm upgrade [RELEASE] [CHART] [flags]

[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace

Release "ingress-nginx" does not exist. Installing it now.

NAME: ingress-nginx

LAST DEPLOYED: Fri Feb 2 15:08:51 2024

NAMESPACE: ingress-nginx

STATUS: deployed

REVISION: 1

TEST SUITE: None

NOTES:

The ingress-nginx controller has been installed.

It may take a few minutes for the load balancer IP to be available.

You can watch the status by running 'kubectl get service --namespace ingress-nginx ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

namespace: foo

spec:

ingressClassName: nginx

rules:

- host: www.example.com

http:

paths:

- pathType: Prefix

backend:

service:

port:

number: 80

path: /

# This section is only required if TLS is to be enabled for the Ingress

tls:

- hosts:

- www.example.com

secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

apiVersion: v1

kind: Secret

metadata:

namespace: foo

data:

tls.crt: <base64 encoded cert>

tls.key: <base64 encoded key>

type: kubernetes.io/tls

[root@k8s cka]# kubectl get all -n ingress-nginx

NAME READY STATUS RESTARTS AGE

pod/ingress-nginx-controller-6858749594-27tm9 1/1 Running 0 5m15s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/ingress-nginx-controller LoadBalancer 10.98.212.3 <pending> 80:31333/TCP,443:31463/TCP 5m15s

service/ingress-nginx-controller-admission ClusterIP 10.105.231.72 <none> 443/TCP 5m15s

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/ingress-nginx-controller 1/1 1 1 5m15s

NAME DESIRED CURRENT READY AGE

replicaset.apps/ingress-nginx-controller-6858749594 1 1 1 5m15s

[root@k8s cka]# kubectl create deploy nginxsvc --image=nginx --port=80

deployment.apps/nginxsvc created

[root@k8s cka]# kubectl expose deploy nginxsvc

service/nginxsvc exposed

[root@k8s cka]# kubectl get all --selector app=nginxsvc

NAME READY STATUS RESTARTS AGE

pod/nginxsvc-5f8b7d4f4d-dtrs7 1/1 Running 0 85s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/nginxsvc ClusterIP 10.104.155.180 <none> 80/TCP 72s

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/nginxsvc 1/1 1 1 85s

NAME DESIRED CURRENT READY AGE

replicaset.apps/nginxsvc-5f8b7d4f4d 1 1 1 85s

Installing the Nginx Ingress Controller – part 2

kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info/*=nginxsvc:80
kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller 8080:80 & (run in background)
Fake DNS (in the real world it won’t be necessary because there were be DNS server.): echo "127.0.0.1 nginxsvc.info" >> /etc/hosts
curl nginxsvc.info:8080

[root@k8s cka]# kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info/*=nginxsvc:80
ingress.networking.k8s.io/nginxsvc created

[root@k8s cka]# kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller 8080:80 & 
[1] 295061 
[root@k8s cka]# Forwarding from 127.0.0.1:8080 -> 80 Forwarding from [::1]:8080 -> 80
[root@k8s cka]# vi /etc/hosts

[root@k8s cka]# ping nginxsvc.info
PING host.minikube.internal (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.106 ms
^C
--- host.minikube.internal ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.106/0.106/0.106/0.000 ms


[root@k8s cka]# curl nginxsvc.info:8080
Handling connection for 8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


[root@k8s cka]# kubectl get all --selector app=nginxsvc
NAME                            READY   STATUS    RESTARTS   AGE
pod/nginxsvc-5f8b7d4f4d-dtrs7   1/1     Running   0          20m

NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/nginxsvc   ClusterIP   10.104.155.180   <none>        80/TCP    20m

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginxsvc   1/1     1            1           20m

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginxsvc-5f8b7d4f4d   1         1         1       20m

[root@k8s cka]# kubectl get ingress
NAME       CLASS   HOSTS           ADDRESS   PORTS   AGE
nginxsvc   nginx   nginxsvc.info             80      10m

[root@k8s cka]# kubectl describe  ingress nginxsvc
Name:             nginxsvc
Labels:           <none>
Namespace:        default
Address:
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host           Path  Backends
  ----           ----  --------
  nginxsvc.info
                 /   nginxsvc:80 (10.244.0.29:80)
Annotations:     <none>
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    10m   nginx-ingress-controller  Scheduled for sync

[root@k8s cka]# kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info/*=nginxsvc:80

ingress.networking.k8s.io/nginxsvc created

[root@k8s cka]# kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller 8080:80 &

[1] 295061

[root@k8s cka]# Forwarding from 127.0.0.1:8080 -> 80 Forwarding from [::1]:8080 -> 80

[root@k8s cka]# vi /etc/hosts

[root@k8s cka]# ping nginxsvc.info

PING host.minikube.internal (127.0.0.1) 56(84) bytes of data.

64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.106 ms

--- host.minikube.internal ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.106/0.106/0.106/0.000 ms

[root@k8s cka]# curl nginxsvc.info:8080

Handling connection for 8080

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

html { color-scheme: light dark; }

body { width: 35em; margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif; }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

[root@k8s cka]# kubectl get all --selector app=nginxsvc

NAME READY STATUS RESTARTS AGE

pod/nginxsvc-5f8b7d4f4d-dtrs7 1/1 Running 0 20m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/nginxsvc ClusterIP 10.104.155.180 <none> 80/TCP 20m

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/nginxsvc 1/1 1 1 20m

NAME DESIRED CURRENT READY AGE

replicaset.apps/nginxsvc-5f8b7d4f4d 1 1 1 20m

[root@k8s cka]# kubectl get ingress

NAME CLASS HOSTS ADDRESS PORTS AGE

nginxsvc nginx nginxsvc.info 80 10m

[root@k8s cka]# kubectl describe ingress nginxsvc

Name: nginxsvc

Labels: <none>

Namespace: default

Address:

Ingress Class: nginx

Default backend: <default>

Rules:

Host Path Backends

---- ---- --------

nginxsvc.info

/ nginxsvc:80 (10.244.0.29:80)

Annotations: <none>

Events:

Type Reason Age From Message

---- ------ ---- ---- -------

Normal Sync 10m nginx-ingress-controller Scheduled for sync

Now, let’s edit ngninx svc

[root@k8s cka]# kubectl edit svc nginxsvc

1	[root@k8s cka]# kubectl edit svc nginxsvc

and disturb the selector label

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2024-02-02T20:15:42Z"
  labels:
    app: nginxsvc
  name: nginxsvc
  namespace: default
  resourceVersion: "98698"
  uid: f2dfba3e-1c47-443d-a969-a78cd81cf47c
spec:
  clusterIP: 10.104.155.180
  clusterIPs:
  - 10.104.155.180
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginxSVC
# instaed nginxsvc
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

apiVersion: v1

kind: Service

metadata:

creationTimestamp: "2024-02-02T20:15:42Z"

labels:

app: nginxsvc

namespace: default

resourceVersion: "98698"

uid: f2dfba3e-1c47-443d-a969-a78cd81cf47c

spec:

clusterIP: 10.104.155.180

clusterIPs:

- 10.104.155.180

internalTrafficPolicy: Cluster

ipFamilies:

- IPv4

ipFamilyPolicy: SingleStack

ports:

- port: 80

protocol: TCP

targetPort: 80

selector:

app: nginxSVC

# instaed nginxsvc

sessionAffinity: None

type: ClusterIP

status:

loadBalancer: {}

We see that the service is unavailable now:

[root@k8s cka]# curl nginxsvc.info:8080
Handling connection for 8080
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>

[root@k8s cka]# curl nginxsvc.info:8080

Handling connection for 8080

<html>

<head><title>503 Service Temporarily Unavailable</title></head>

<body>

<center><h1>503 Service Temporarily Unavailable</h1></center>

<hr><center>nginx</center>

</body>

</html>

So, if you have ever problem in ingress you might have investigate what is going on in the service to fix your problem.

Managing Ingress Rules

ingress rules catch incoming traffic that matches a specific path and optional hostname and connects that to a Service and port
Use kubectl create ingress to create rules
Different paths can be defined on the same host
- kubectl create ingress mygress --rule="/mygress=mygress:80" --rule="yourgress=yourgress:80"
Different virtual hosts can be defined in the same Ingress
- kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info/*=nginxsvc:80 --rule=otherserver.org/*=otherserver:80

IngressClass

In one cluster, different Ingress controllers can be hosted, each with its own
configuration
Controllers can be included in an IngressClass
While defining Ingress rules, the --class option should be used to implement the role on a specific Ingress controller
- If this option is not used, a default IngressClass must be defined
- Set ingressclass.kubernetes.io/is-default-class: true as an annotation on the IngressClass to make it the default
After creating the Ingress controller as described before, an IngressClass API resource has been created
Use kubectl get ingressclass -o yaml to investigate its content

[root@k8s cka]# kubectl get ingressclass
NAME    CONTROLLER             PARAMETERS   AGE
nginx   k8s.io/ingress-nginx   <none>       49m

[root@k8s cka]# kubectl get ingressclass -o yaml
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: IngressClass
  metadata:
    annotations:
      meta.helm.sh/release-name: ingress-nginx
      meta.helm.sh/release-namespace: ingress-nginx
    creationTimestamp: "2024-02-02T20:09:01Z"
    generation: 1
    labels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
      app.kubernetes.io/version: 1.9.6
      helm.sh/chart: ingress-nginx-4.9.1
    name: nginx
    resourceVersion: "98227"
    uid: 6e638977-b341-46c3-a469-cfb655cd4dac
  spec:
    controller: k8s.io/ingress-nginx
kind: List
metadata:
  resourceVersion: ""
[root@k8s cka]#

[root@k8s cka]# kubectl edit ingressclass nginx
ingressclass.networking.k8s.io/nginx edited

[root@k8s cka]# kubectl get ingressclass -o yaml
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: IngressClass
  metadata:
    annotations:
      ingressclass.kubernetes.io/is-default-class: "true"
      meta.helm.sh/release-name: ingress-nginx
      meta.helm.sh/release-namespace: ingress-nginx
    creationTimestamp: "2024-02-02T20:09:01Z"
    generation: 1
    labels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
      app.kubernetes.io/version: 1.9.6
      helm.sh/chart: ingress-nginx-4.9.1
    name: nginx
    resourceVersion: "101308"
    uid: 6e638977-b341-46c3-a469-cfb655cd4dac
  spec:
    controller: k8s.io/ingress-nginx
kind: List
metadata:
  resourceVersion: ""

[root@k8s cka]# kubectl get ingressclass

NAME CONTROLLER PARAMETERS AGE

nginx k8s.io/ingress-nginx <none> 49m

[root@k8s cka]# kubectl get ingressclass -o yaml

apiVersion: v1

items:

- apiVersion: networking.k8s.io/v1

kind: IngressClass

metadata:

annotations:

meta.helm.sh/release-name: ingress-nginx

meta.helm.sh/release-namespace: ingress-nginx

creationTimestamp: "2024-02-02T20:09:01Z"

generation: 1

labels:

app.kubernetes.io/component: controller

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/part-of: ingress-nginx

app.kubernetes.io/version: 1.9.6

helm.sh/chart: ingress-nginx-4.9.1

resourceVersion: "98227"

uid: 6e638977-b341-46c3-a469-cfb655cd4dac

spec:

controller: k8s.io/ingress-nginx

kind: List

metadata:

resourceVersion: ""

[root@k8s cka]#

[root@k8s cka]# kubectl edit ingressclass nginx

ingressclass.networking.k8s.io/nginx edited

[root@k8s cka]# kubectl get ingressclass -o yaml

apiVersion: v1

items:

- apiVersion: networking.k8s.io/v1

kind: IngressClass

metadata:

annotations:

ingressclass.kubernetes.io/is-default-class: "true"

meta.helm.sh/release-name: ingress-nginx

meta.helm.sh/release-namespace: ingress-nginx

creationTimestamp: "2024-02-02T20:09:01Z"

generation: 1

labels:

app.kubernetes.io/component: controller

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/part-of: ingress-nginx

app.kubernetes.io/version: 1.9.6

helm.sh/chart: ingress-nginx-4.9.1

resourceVersion: "101308"

uid: 6e638977-b341-46c3-a469-cfb655cd4dac

spec:

controller: k8s.io/ingress-nginx

kind: List

metadata:

resourceVersion: ""

Configuring Ingress Rules

kubectl get deployment
kubectl get svc webshop
kubectl create ingress webshop-ingress --rule="/=webshop:80" --rule="/hello=newdep:8080"
sudo vim /etc/hosts
- 127.0.0.1 webshop.info
kubectl get ingress
kubectl describe ingress webshop-ingress

[root@k8s cka]# kubectl get deploy
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
firstnginx   4/4     4            4           2d1h
nginxsvc     1/1     1            1           54m
webserver    1/1     1            1           7h50m
webshop      3/3     3            3           3h19m

[root@k8s cka]# kubectl  get svc webshop
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
webshop   NodePort   10.109.119.90   <none>        80:32064/TCP   107m

[root@k8s cka]# kubectl create ingress webshop-ingress --rule="/=webshop:80" --rule="/hello=newdep:8080"
ingress.networking.k8s.io/webshop-ingress created

[root@k8s cka]# vi /etc/hosts
[root@k8s cka]# ping webshop.info
PING host.minikube.internal (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.041 ms
^C
--- host.minikube.internal ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1021ms
rtt min/avg/max/mdev = 0.041/0.066/0.092/0.026 ms

[root@k8s cka]# kubectl get ingress
NAME              CLASS   HOSTS           ADDRESS   PORTS   AGE
nginxsvc          nginx   nginxsvc.info             80      45m
webshop-ingress   nginx   *                         80      67s

[root@k8s cka]# kubectl describe ingress webshop-ingress
Name:             webshop-ingress
Labels:           <none>
Namespace:        default
Address:
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host        Path  Backends
  ----        ----  --------
  *
              /        webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)
              /hello   newdep:8080 (<error: endpoints "newdep" not found>)
Annotations:  <none>
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    72s   nginx-ingress-controller  Scheduled for sync

[root@k8s cka]# kubectl get deploy

NAME READY UP-TO-DATE AVAILABLE AGE

firstnginx 4/4 4 4 2d1h

nginxsvc 1/1 1 1 54m

webserver 1/1 1 1 7h50m

webshop 3/3 3 3 3h19m

[root@k8s cka]# kubectl get svc webshop

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

webshop NodePort 10.109.119.90 <none> 80:32064/TCP 107m

[root@k8s cka]# kubectl create ingress webshop-ingress --rule="/=webshop:80" --rule="/hello=newdep:8080"

ingress.networking.k8s.io/webshop-ingress created

[root@k8s cka]# vi /etc/hosts

[root@k8s cka]# ping webshop.info

PING host.minikube.internal (127.0.0.1) 56(84) bytes of data.

64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.092 ms

64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.041 ms

--- host.minikube.internal ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1021ms

rtt min/avg/max/mdev = 0.041/0.066/0.092/0.026 ms

[root@k8s cka]# kubectl get ingress

NAME CLASS HOSTS ADDRESS PORTS AGE

nginxsvc nginx nginxsvc.info 80 45m

webshop-ingress nginx * 80 67s

[root@k8s cka]# kubectl describe ingress webshop-ingress

Name: webshop-ingress

Labels: <none>

Namespace: default

Address:

Ingress Class: nginx

Default backend: <default>

Rules:

Host Path Backends

---- ---- --------

/ webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)

/hello newdep:8080 (<error: endpoints "newdep" not found>)

Annotations: <none>

Events:

Type Reason Age From Message

---- ------ ---- ---- -------

Normal Sync 72s nginx-ingress-controller Scheduled for sync

As we see the endpoint “newdep” not fount and we must fix it:

Configuring Ingress Rules – part 2

kubectl create deployment newdep --image=gcr.io/google-samples/hello-app:2.0
kubectl expose deployment newdep --port=8080
kubectl describe ingress webshop-ingress

[root@k8s cka]# kubectl create deployment newdep --image=gcr.io/google-samples/hello-app:2.0
deployment.apps/newdep created

[root@k8s cka]# kubectl expose deployment newdep --port=8080
service/newdep exposed

[root@k8s cka]# kubectl describe ingress webshop-ingress

Name:             webshop-ingress
Labels:           <none>
Namespace:        default
Address:
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host        Path  Backends
  ----        ----  --------
  *
              /        webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)
              /hello   newdep:8080 (10.244.0.30:8080)
Annotations:  <none>
Events:
  Type    Reason  Age    From                      Message
  ----    ------  ----   ----                      -------
  Normal  Sync    9m21s  nginx-ingress-controller  Scheduled for sync

[root@k8s cka]# kubectl create deployment newdep --image=gcr.io/google-samples/hello-app:2.0

deployment.apps/newdep created

[root@k8s cka]# kubectl expose deployment newdep --port=8080

service/newdep exposed

[root@k8s cka]# kubectl describe ingress webshop-ingress

Name: webshop-ingress

Labels: <none>

Namespace: default

Address:

Ingress Class: nginx

Default backend: <default>

Rules:

Host Path Backends

---- ---- --------

/ webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)

/hello newdep:8080 (10.244.0.30:8080)

Annotations: <none>

Events:

Type Reason Age From Message

---- ------ ---- ---- -------

Normal Sync 9m21s nginx-ingress-controller Scheduled for sync

Now everything works. Thats how you can use rules.

Lots of useful creating ingress examples you can see when you type:

[root@k8s cka]# kubectl  create ingress -h
Examples:
  # Create a single ingress called 'simple' that directs requests to foo.com/bar to svc
  # svc1:8080 with a TLS secret "my-cert"
  kubectl create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert"

[root@k8s cka]# kubectl create ingress -h

Examples:

# Create a single ingress called 'simple' that directs requests to foo.com/bar to svc

# svc1:8080 with a TLS secret "my-cert"

kubectl create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert"

Using Port Forwarding

kubectl port-forward can be used to connect to applications for analyzing and troubleshooting
It forwards traffic coming in to a local port on the kubectl client machine to a port that is available in a Pod
Using port forwarding allows you to test application access without the need to configure Services and Ingress
Use kubectl port-forward mypod 1235:80 to forward local port 1235 to Pod port 80
To run in the background, use Ctrl-z or start with a & at the end of the kubectl port-forward command

[root@k8s cka]# kubectl get pods
NAME                         READY   STATUS    RESTARTS         AGE
deploydaemon-zzllp           1/1     Running   0                24h
firstnginx-d8679d567-249g9   1/1     Running   0                2d1h
firstnginx-d8679d567-66c4s   1/1     Running   0                2d1h
firstnginx-d8679d567-72qbd   1/1     Running   0                2d1h
firstnginx-d8679d567-rhhlz   1/1     Running   0                32h
init-demo                    1/1     Running   0                34h
lab4-pod                     1/1     Running   0                6h57m
morevol                      2/2     Running   40 (3m53s ago)   20h
mydaemon-d4dcd               1/1     Running   0                24h
newdep-749c9b5675-2x9mb      1/1     Running   0                10m
nginxsvc-5f8b7d4f4d-dtrs7    1/1     Running   0                74m
pv-pod                       1/1     Running   0                19h
sleepy                       1/1     Running   24 (31m ago)     35h
testpod                      1/1     Running   0                2d1h
two-containers               2/2     Running   143 (70s ago)    32h
web-0                        1/1     Running   0                37h
web-1                        1/1     Running   0                24h
web-2                        1/1     Running   0                24h
webserver-76d44586d-8gqhf    1/1     Running   0                7h57m
webshop-7f9fd49d4c-92nj2     1/1     Running   0                3h40m
webshop-7f9fd49d4c-kqllw     1/1     Running   0                3h40m
webshop-7f9fd49d4c-x2czc     1/1     Running   0                3h40m

[root@k8s cka]# kubectl port-forward pods/webserver-76d44586d-8gqhf 1235:80 &
[3] 307824
[root@k8s cka]# Forwarding from 127.0.0.1:1235 -> 80
Forwarding from [::1]:1235 -> 80

[root@k8s cka]# curl localhost:1235
Handling connection for 1235
hello world

[root@k8s cka]# kubectl get pods

NAME READY STATUS RESTARTS AGE

deploydaemon-zzllp 1/1 Running 0 24h

firstnginx-d8679d567-249g9 1/1 Running 0 2d1h

firstnginx-d8679d567-66c4s 1/1 Running 0 2d1h

firstnginx-d8679d567-72qbd 1/1 Running 0 2d1h

firstnginx-d8679d567-rhhlz 1/1 Running 0 32h

init-demo 1/1 Running 0 34h

lab4-pod 1/1 Running 0 6h57m

morevol 2/2 Running 40 (3m53s ago) 20h

mydaemon-d4dcd 1/1 Running 0 24h

newdep-749c9b5675-2x9mb 1/1 Running 0 10m

nginxsvc-5f8b7d4f4d-dtrs7 1/1 Running 0 74m

pv-pod 1/1 Running 0 19h

sleepy 1/1 Running 24 (31m ago) 35h

testpod 1/1 Running 0 2d1h

two-containers 2/2 Running 143 (70s ago) 32h

web-0 1/1 Running 0 37h

web-1 1/1 Running 0 24h

web-2 1/1 Running 0 24h

webserver-76d44586d-8gqhf 1/1 Running 0 7h57m

webshop-7f9fd49d4c-92nj2 1/1 Running 0 3h40m

webshop-7f9fd49d4c-kqllw 1/1 Running 0 3h40m

webshop-7f9fd49d4c-x2czc 1/1 Running 0 3h40m

[root@k8s cka]# kubectl port-forward pods/webserver-76d44586d-8gqhf 1235:80 &

[3] 307824

[root@k8s cka]# Forwarding from 127.0.0.1:1235 -> 80

Forwarding from [::1]:1235 -> 80

[root@k8s cka]# curl localhost:1235

Handling connection for 1235

hello world

It was a siple example of port-forwarding.

Lab: Managing Networking

Run a deployment with the name apples, using 3 replicas and the Nginx image
Expose this deployment in such a way that it is accessible on my.fruit
Use port fowarding to test

[root@k8s cka]# kubectl create deployment apples --image=nginx --replicas=3
deployment.apps/apples created

[root@k8s cka]# kubectl expose deployment apples --port=80
service/apples exposed

[root@k8s cka]# kubectl  create ingress apples --rule="my.fruit/*=apples:80"
ingress.networking.k8s.io/apples created
[root@k8s cka]# vim /etc/hosts
[root@k8s cka]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1       host.minikube.internal nginxsvc.info webshop.info my.fruit
172.30.9.24     control-plane.minikube.internal

[root@k8s cka]# curl my.fruit:8080
Handling connection for 8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

[root@k8s cka]# kubectl create deployment apples --image=nginx --replicas=3

deployment.apps/apples created

[root@k8s cka]# kubectl expose deployment apples --port=80

service/apples exposed

[root@k8s cka]# kubectl create ingress apples --rule="my.fruit/*=apples:80"

ingress.networking.k8s.io/apples created

[root@k8s cka]# vim /etc/hosts

[root@k8s cka]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

127.0.0.1 host.minikube.internal nginxsvc.info webshop.info my.fruit

172.30.9.24 control-plane.minikube.internal

[root@k8s cka]# curl my.fruit:8080

Handling connection for 8080

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

html { color-scheme: light dark; }

body { width: 35em; margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif; }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

We get Welcome to nginx because we do have a default ingressClass. If you don’t have a default IngressClass this doesn’t work.