{"id":5271,"date":"2023-11-04T13:57:36","date_gmt":"2023-11-04T12:57:36","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=5271"},"modified":"2025-05-19T15:16:15","modified_gmt":"2025-05-19T13:16:15","slug":"application-access-in-kubernetes","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2023\/11\/04\/application-access-in-kubernetes\/","title":{"rendered":"Application Access in Kubernetes"},"content":{"rendered":"<p>.<\/p>\n<p><!--more--><\/p>\n<p><span style=\"color: #3366ff;\">Kubernetes Networking<\/span><br \/>\nIn Kubernetes, networking happens at different levels:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Between containers: implemented as IPC<\/li>\n<li>Between Pods: implemented by network plugins<\/li>\n<li>Between Pods and Services: implemented by Service resources<\/li>\n<li>Between external users and Services: implemented by Services, with the help of Ingress<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"color: #3366ff;\">Network Plugins<\/span><\/p>\n<ul>\n<li>Network plugins are required to implement network traffic between Pods<\/li>\n<li>Network plugins are provided by the Kubernetes Ecosystem<\/li>\n<li>Vanilla Kubernetes does not come with a default network plugin, and you&#8217;ll have to install it while installing a cluster<\/li>\n<li>Different plugins provide different features<\/li>\n<li>Currently, the Calico plugin is commonly used because of its support for features like NetworkPolicy<\/li>\n<\/ul>\n<p><span style=\"color: #3366ff;\">Services<\/span><\/p>\n<ul>\n<li>Service resources are used to provide access to Pods<\/li>\n<li>If multiple Pods are used as Service endpoint, the Service will load balance traffic to the Pods<\/li>\n<li>Different types of Service can be configured:\n<ul>\n<li><strong>ClusterIP<\/strong>: the Service is internally exposed and is reachable only from within the cluster<\/li>\n<li><strong>NodePort:<\/strong> the Service is exposed at each node&#8217;s IP address as a port. The<br \/>\nService can be reached from outside the cluster at nodeip:nodeport<\/li>\n<li><strong>LoadBalancer<\/strong>: the cloud provider offers a load balancer that routes traffic to<br \/>\neither NodePort- or ClusterIP-based Services<\/li>\n<li><strong>ExternalName<\/strong>: the Service is mapped to an external name that is implemented as a DNS CNAME record<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"color: #3366ff;\">Configuring Services<\/span><\/p>\n<ul>\n<li>Use<code> kubectl expose<\/code> to expose applications through their Pods, ReplicaSet or Deployment (recommended)<\/li>\n<li>Use <code>kubectl create service<\/code> as an alternative<\/li>\n<\/ul>\n<p><span style=\"color: #3366ff;\">Demo: Creating Services<\/span><\/p>\n<ul>\n<li><code>kubectl create deploy webshop --image=nginx --replicas=3 <\/code><\/li>\n<li><code>kubectl get pods --selector app=webshop -o wide <\/code><\/li>\n<li><code>kubectl expose deploy webshop --type NodePort --port=80 <\/code><\/li>\n<li><code>kubectl describe svc webshop <\/code><\/li>\n<li><code>kubectl get svc <\/code><\/li>\n<li><code>curl nodeip:nodeport<\/code><\/li>\n<\/ul>\n<p>Let&#8217;s demonstrate creating services:<\/p>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl create deploy webshop --image=nginx --replicas=3\r\ndeployment.apps\/webshop created\r\n\r\n[root@k8s cka]# kubectl get pods --selector app=webshop -o wide\r\nNAME                       READY   STATUS    RESTARTS   AGE   IP            NODE            NOMINATED NODE   READINESS GATES\r\nwebshop-7f9fd49d4c-92nj2   1\/1     Running   0          32s   10.244.0.24   k8s.example.pl   &lt;none&gt;           &lt;none&gt;\r\nwebshop-7f9fd49d4c-kqllw   1\/1     Running   0          32s   10.244.0.23   k8s.example.pl   &lt;none&gt;           &lt;none&gt;\r\nwebshop-7f9fd49d4c-x2czc   1\/1     Running   0          32s   10.244.0.25   k8s.example.pl   &lt;none&gt;           &lt;none&gt;\r\n\r\n[root@k8s cka]# kubectl expose deploy webshop --type=NodePort --port=80\r\nservice\/webshop exposed\r\n\r\n[root@k8s cka]# kubectl get all --selector app=webshop\r\nNAME                           READY   STATUS    RESTARTS   AGE\r\npod\/webshop-7f9fd49d4c-92nj2   1\/1     Running   0          92m\r\npod\/webshop-7f9fd49d4c-kqllw   1\/1     Running   0          92m\r\npod\/webshop-7f9fd49d4c-x2czc   1\/1     Running   0          92m\r\n\r\nNAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE\r\nservice\/webshop   NodePort   10.109.119.90   &lt;none&gt;        80:32064\/TCP   27s\r\n\r\nNAME                      READY   UP-TO-DATE   AVAILABLE   AGE\r\ndeployment.apps\/webshop   3\/3     3            3           92m\r\n\r\nNAME                                 DESIRED   CURRENT   READY   AGE\r\nreplicaset.apps\/webshop-7f9fd49d4c   3         3         3       92m\r\n\r\n[root@k8s cka]# kubectl describe svc webshop\r\nName:                     webshop\r\nNamespace:                default\r\nLabels:                   app=webshop\r\nAnnotations:              &lt;none&gt;\r\nSelector:                 app=webshop\r\nType:                     NodePort\r\nIP Family Policy:         SingleStack\r\nIP Families:              IPv4\r\nIP:                       10.109.119.90\r\nIPs:                      10.109.119.90\r\nPort:                     &lt;unset&gt;  80\/TCP\r\nTargetPort:               80\/TCP\r\nNodePort:                 &lt;unset&gt;  32064\/TCP\r\nEndpoints:                10.244.0.23:80,10.244.0.24:80,10.244.0.25:80\r\nSession Affinity:         None\r\nExternal Traffic Policy:  Cluster\r\nEvents:                   &lt;none&gt;\r\n[root@k8s cka]# kubectl get svc webshop\r\nNAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE\r\nwebshop   NodePort   10.109.119.90   &lt;none&gt;        80:32064\/TCP   82s\r\n\r\n[root@k8s cka]# curl k8s.example.pl:32064\r\n&lt;!DOCTYPE html&gt;\r\n&lt;html&gt;\r\n&lt;head&gt;\r\n&lt;title&gt;Welcome to nginx!&lt;\/title&gt;\r\n&lt;style&gt;\r\nhtml { color-scheme: light dark; }\r\nbody { width: 35em; margin: 0 auto;\r\nfont-family: Tahoma, Verdana, Arial, sans-serif; }\r\n&lt;\/style&gt;\r\n&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;h1&gt;Welcome to nginx!&lt;\/h1&gt;\r\n&lt;p&gt;If you see this page, the nginx web server is successfully installed and\r\nworking. Further configuration is required.&lt;\/p&gt;\r\n\r\n&lt;p&gt;For online documentation and support please refer to\r\n&lt;a href=\"http:\/\/nginx.org\/\"&gt;nginx.org&lt;\/a&gt;.&lt;br\/&gt;\r\nCommercial support is available at\r\n&lt;a href=\"http:\/\/nginx.com\/\"&gt;nginx.com&lt;\/a&gt;.&lt;\/p&gt;\r\n\r\n&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;\/em&gt;&lt;\/p&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Ingress <\/span><\/p>\n<ul>\n<li>Ingress is an API object that manages external access to services in a cluster<\/li>\n<li>Ingress works with external DNS to provide URL-based access to Kubernetes applications<\/li>\n<li>Ingress consists of two parts\n<ul>\n<li>A load balancer available on the external network<\/li>\n<li>An API resource that contacts the Service resources to find out about available back-end Pods<\/li>\n<\/ul>\n<\/li>\n<li>Ingress load balancers are provided by the Kubernetes ecosystem, different load balancers are available<\/li>\n<li>Ingress exposes HTTP and HTTPS routes from outside the cluster to Services within the cluster<\/li>\n<li>Ingress uses the selectorlabel in Services to connect to the Pod endpoints<\/li>\n<li>Traffic routing is controlled by rules defined on the Ingress resource<\/li>\n<li>Ingress can be configured to do the following, according to functionality<br \/>\nprovided by the load balancer<\/p>\n<ul>\n<li>Give Services externally-reachable URLs<\/li>\n<li>Load balance traffic<\/li>\n<li>Terminate SSL\/TLS<\/li>\n<li>Offer name based virtual hosting<br \/>\nbased virtual hosting.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Installing the Nginx Ingress Controller<\/span><\/p>\n<ul>\n<li><code>helm upgrade --install ingress-nginx ingress-nginx --repo https:\/\/kubernetes.github.io\/ingress-nginx --namespace ingress-nginx --create-namespace <\/code><\/li>\n<li><code>kubectl get pods -n ingress-nginx <\/code><\/li>\n<li><code>kubectl create deploy nginxsvc --image=nginx --port=80 <\/code><\/li>\n<li><code>kubectl expose deploy nginxsvc<\/code><\/li>\n<\/ul>\n<p>Before we can use the ingress we must ensure that ingress controler is installed. In minikube there is no ingress controller so we must install it using helm.<\/p>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https:\/\/kubernetes.github.io\/ingress-nginx --namespace ingress-nginx -- create-namespace\r\nError: \"helm upgrade\" requires 2 arguments\r\n\r\nUsage:  helm upgrade [RELEASE] [CHART] [flags]\r\n[root@k8s cka]# helm upgrade --install ingress-nginx ingress-nginx --repo https:\/\/kubernetes.github.io\/ingress-nginx --namespace ingress-nginx --create-namespace\r\nRelease \"ingress-nginx\" does not exist. Installing it now.\r\nNAME: ingress-nginx\r\nLAST DEPLOYED: Fri Feb  2 15:08:51 2024\r\nNAMESPACE: ingress-nginx\r\nSTATUS: deployed\r\nREVISION: 1\r\nTEST SUITE: None\r\nNOTES:\r\nThe ingress-nginx controller has been installed.\r\nIt may take a few minutes for the load balancer IP to be available.\r\nYou can watch the status by running 'kubectl get service --namespace ingress-nginx ingress-nginx-controller --output wide --watch'\r\n\r\nAn example Ingress that makes use of the controller:\r\n  apiVersion: networking.k8s.io\/v1\r\n  kind: Ingress\r\n  metadata:\r\n    name: example\r\n    namespace: foo\r\n  spec:\r\n    ingressClassName: nginx\r\n    rules:\r\n      - host: www.example.com\r\n        http:\r\n          paths:\r\n            - pathType: Prefix\r\n              backend:\r\n                service:\r\n                  name: exampleService\r\n                  port:\r\n                    number: 80\r\n              path: \/\r\n    # This section is only required if TLS is to be enabled for the Ingress\r\n    tls:\r\n      - hosts:\r\n        - www.example.com\r\n        secretName: example-tls\r\n\r\nIf TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:\r\n\r\n  apiVersion: v1\r\n  kind: Secret\r\n  metadata:\r\n    name: example-tls\r\n    namespace: foo\r\n  data:\r\n    tls.crt: &lt;base64 encoded cert&gt;\r\n    tls.key: &lt;base64 encoded key&gt;\r\n  type: kubernetes.io\/tls\r\n\r\n[root@k8s cka]# kubectl get all -n ingress-nginx\r\nNAME                                            READY   STATUS    RESTARTS   AGE\r\npod\/ingress-nginx-controller-6858749594-27tm9   1\/1     Running   0          5m15s\r\n\r\nNAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE\r\nservice\/ingress-nginx-controller             LoadBalancer   10.98.212.3     &lt;pending&gt;     80:31333\/TCP,443:31463\/TCP   5m15s\r\nservice\/ingress-nginx-controller-admission   ClusterIP      10.105.231.72   &lt;none&gt;        443\/TCP                      5m15s\r\n\r\nNAME                                       READY   UP-TO-DATE   AVAILABLE   AGE\r\ndeployment.apps\/ingress-nginx-controller   1\/1     1            1           5m15s\r\n\r\nNAME                                                  DESIRED   CURRENT   READY   AGE\r\nreplicaset.apps\/ingress-nginx-controller-6858749594   1         1         1       5m15s\r\n\r\n[root@k8s cka]# kubectl create deploy nginxsvc --image=nginx --port=80\r\ndeployment.apps\/nginxsvc created\r\n\r\n[root@k8s cka]# kubectl expose deploy nginxsvc\r\nservice\/nginxsvc exposed\r\n\r\n[root@k8s cka]# kubectl get all --selector app=nginxsvc\r\nNAME                            READY   STATUS    RESTARTS   AGE\r\npod\/nginxsvc-5f8b7d4f4d-dtrs7   1\/1     Running   0          85s\r\n\r\nNAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE\r\nservice\/nginxsvc   ClusterIP   10.104.155.180   &lt;none&gt;        80\/TCP    72s\r\n\r\nNAME                       READY   UP-TO-DATE   AVAILABLE   AGE\r\ndeployment.apps\/nginxsvc   1\/1     1            1           85s\r\n\r\nNAME                                  DESIRED   CURRENT   READY   AGE\r\nreplicaset.apps\/nginxsvc-5f8b7d4f4d   1         1         1       85s\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Installing the Nginx Ingress Controller &#8211; part 2<\/span><\/p>\n<ul>\n<li><code>kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info\/*=nginxsvc:80<\/code><\/li>\n<li><code>kubectl port-forward -n ingress-nginx svc\/ingress-nginx-controller 8080:80 &amp;<\/code> (run in background)<\/li>\n<li>Fake DNS (in the real world it won&#8217;t be necessary because there were be DNS server.):<code> echo \"127.0.0.1 nginxsvc.info\" &gt;&gt; \/etc\/hosts<\/code><\/li>\n<li><code>curl nginxsvc.info:8080<\/code><\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info\/*=nginxsvc:80\r\ningress.networking.k8s.io\/nginxsvc created\r\n\r\n[root@k8s cka]# kubectl port-forward -n ingress-nginx svc\/ingress-nginx-controller 8080:80 &amp; \r\n[1] 295061 \r\n[root@k8s cka]# Forwarding from 127.0.0.1:8080 -&gt; 80 Forwarding from [::1]:8080 -&gt; 80\r\n[root@k8s cka]# vi \/etc\/hosts\r\n\r\n[root@k8s cka]# ping nginxsvc.info\r\nPING host.minikube.internal (127.0.0.1) 56(84) bytes of data.\r\n64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.106 ms\r\n^C\r\n--- host.minikube.internal ping statistics ---\r\n1 packets transmitted, 1 received, 0% packet loss, time 0ms\r\nrtt min\/avg\/max\/mdev = 0.106\/0.106\/0.106\/0.000 ms\r\n\r\n\r\n[root@k8s cka]# curl nginxsvc.info:8080\r\nHandling connection for 8080\r\n&lt;!DOCTYPE html&gt;\r\n&lt;html&gt;\r\n&lt;head&gt;\r\n&lt;title&gt;Welcome to nginx!&lt;\/title&gt;\r\n&lt;style&gt;\r\nhtml { color-scheme: light dark; }\r\nbody { width: 35em; margin: 0 auto;\r\nfont-family: Tahoma, Verdana, Arial, sans-serif; }\r\n&lt;\/style&gt;\r\n&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;h1&gt;Welcome to nginx!&lt;\/h1&gt;\r\n&lt;p&gt;If you see this page, the nginx web server is successfully installed and\r\nworking. Further configuration is required.&lt;\/p&gt;\r\n\r\n&lt;p&gt;For online documentation and support please refer to\r\n&lt;a href=\"http:\/\/nginx.org\/\"&gt;nginx.org&lt;\/a&gt;.&lt;br\/&gt;\r\nCommercial support is available at\r\n&lt;a href=\"http:\/\/nginx.com\/\"&gt;nginx.com&lt;\/a&gt;.&lt;\/p&gt;\r\n\r\n&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;\/em&gt;&lt;\/p&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;\r\n\r\n\r\n[root@k8s cka]# kubectl get all --selector app=nginxsvc\r\nNAME                            READY   STATUS    RESTARTS   AGE\r\npod\/nginxsvc-5f8b7d4f4d-dtrs7   1\/1     Running   0          20m\r\n\r\nNAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE\r\nservice\/nginxsvc   ClusterIP   10.104.155.180   &lt;none&gt;        80\/TCP    20m\r\n\r\nNAME                       READY   UP-TO-DATE   AVAILABLE   AGE\r\ndeployment.apps\/nginxsvc   1\/1     1            1           20m\r\n\r\nNAME                                  DESIRED   CURRENT   READY   AGE\r\nreplicaset.apps\/nginxsvc-5f8b7d4f4d   1         1         1       20m\r\n\r\n[root@k8s cka]# kubectl get ingress\r\nNAME       CLASS   HOSTS           ADDRESS   PORTS   AGE\r\nnginxsvc   nginx   nginxsvc.info             80      10m\r\n\r\n[root@k8s cka]# kubectl describe  ingress nginxsvc\r\nName:             nginxsvc\r\nLabels:           &lt;none&gt;\r\nNamespace:        default\r\nAddress:\r\nIngress Class:    nginx\r\nDefault backend:  &lt;default&gt;\r\nRules:\r\n  Host           Path  Backends\r\n  ----           ----  --------\r\n  nginxsvc.info\r\n                 \/   nginxsvc:80 (10.244.0.29:80)\r\nAnnotations:     &lt;none&gt;\r\nEvents:\r\n  Type    Reason  Age   From                      Message\r\n  ----    ------  ----  ----                      -------\r\n  Normal  Sync    10m   nginx-ingress-controller  Scheduled for sync\r\n<\/pre>\n<p>Now, let&#8217;s edit ngninx svc<\/p>\n<pre class=\"lang:default decode:true \">[root@k8s cka]# kubectl edit svc nginxsvc\r\n<\/pre>\n<p>and disturb the selector label<\/p>\n<pre class=\"lang:default decode:true \">apiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  creationTimestamp: \"2024-02-02T20:15:42Z\"\r\n  labels:\r\n    app: nginxsvc\r\n  name: nginxsvc\r\n  namespace: default\r\n  resourceVersion: \"98698\"\r\n  uid: f2dfba3e-1c47-443d-a969-a78cd81cf47c\r\nspec:\r\n  clusterIP: 10.104.155.180\r\n  clusterIPs:\r\n  - 10.104.155.180\r\n  internalTrafficPolicy: Cluster\r\n  ipFamilies:\r\n  - IPv4\r\n  ipFamilyPolicy: SingleStack\r\n  ports:\r\n  - port: 80\r\n    protocol: TCP\r\n    targetPort: 80\r\n  selector:\r\n    app: nginxSVC\r\n# instaed nginxsvc\r\n  sessionAffinity: None\r\n  type: ClusterIP\r\nstatus:\r\n  loadBalancer: {}\r\n<\/pre>\n<p>We see that the service is unavailable now:<\/p>\n<pre class=\"lang:default decode:true \">[root@k8s cka]# curl nginxsvc.info:8080\r\nHandling connection for 8080\r\n&lt;html&gt;\r\n&lt;head&gt;&lt;title&gt;503 Service Temporarily Unavailable&lt;\/title&gt;&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;center&gt;&lt;h1&gt;503 Service Temporarily Unavailable&lt;\/h1&gt;&lt;\/center&gt;\r\n&lt;hr&gt;&lt;center&gt;nginx&lt;\/center&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;\r\n<\/pre>\n<p>So, if you have ever problem in ingress you might have investigate what is going on in the service to fix your problem.<\/p>\n<p><span style=\"color: #3366ff;\">Managing Ingress Rules<\/span><\/p>\n<ul>\n<li>ingress rules catch incoming traffic that matches a specific path and optional hostname and connects that to a Service and port<\/li>\n<li>Use <code>kubectl create ingress<\/code> to create rules<\/li>\n<li>Different paths can be defined on the same host\n<ul>\n<li><code> kubectl create ingress mygress --rule=\"\/mygress=mygress:80\" --rule=\"yourgress=yourgress:80\"<\/code><\/li>\n<\/ul>\n<\/li>\n<li>Different virtual hosts can be defined in the same Ingress\n<ul>\n<li><code>kubectl create ingress nginxsvc --class=nginx --rule=nginxsvc.info\/*=nginxsvc:80 --rule=otherserver.org\/*=otherserver:80<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"color: #3366ff;\">IngressClass<\/span><\/p>\n<ul>\n<li>In one cluster, different Ingress controllers can be hosted, each with its own<br \/>\nconfiguration<\/li>\n<li>Controllers can be included in an IngressClass<\/li>\n<li>While defining Ingress rules, the <code>--class<\/code> option should be used to implement the role on a specific Ingress controller\n<ul>\n<li>If this option is not used, a default IngressClass must be defined<\/li>\n<li>Set ingressclass.kubernetes.io\/is-default-class: true as an annotation on the IngressClass to make it the default<\/li>\n<\/ul>\n<\/li>\n<li>After creating the Ingress controller as described before, an IngressClass API resource has been created<\/li>\n<li>Use<code> kubectl get ingressclass -o yaml<\/code> to investigate its content<\/li>\n<\/ul>\n<pre class=\"lang:default mark:44 decode:true \">[root@k8s cka]# kubectl get ingressclass\r\nNAME    CONTROLLER             PARAMETERS   AGE\r\nnginx   k8s.io\/ingress-nginx   &lt;none&gt;       49m\r\n\r\n[root@k8s cka]# kubectl get ingressclass -o yaml\r\napiVersion: v1\r\nitems:\r\n- apiVersion: networking.k8s.io\/v1\r\n  kind: IngressClass\r\n  metadata:\r\n    annotations:\r\n      meta.helm.sh\/release-name: ingress-nginx\r\n      meta.helm.sh\/release-namespace: ingress-nginx\r\n    creationTimestamp: \"2024-02-02T20:09:01Z\"\r\n    generation: 1\r\n    labels:\r\n      app.kubernetes.io\/component: controller\r\n      app.kubernetes.io\/instance: ingress-nginx\r\n      app.kubernetes.io\/managed-by: Helm\r\n      app.kubernetes.io\/name: ingress-nginx\r\n      app.kubernetes.io\/part-of: ingress-nginx\r\n      app.kubernetes.io\/version: 1.9.6\r\n      helm.sh\/chart: ingress-nginx-4.9.1\r\n    name: nginx\r\n    resourceVersion: \"98227\"\r\n    uid: 6e638977-b341-46c3-a469-cfb655cd4dac\r\n  spec:\r\n    controller: k8s.io\/ingress-nginx\r\nkind: List\r\nmetadata:\r\n  resourceVersion: \"\"\r\n[root@k8s cka]#\r\n\r\n[root@k8s cka]# kubectl edit ingressclass nginx\r\ningressclass.networking.k8s.io\/nginx edited\r\n\r\n[root@k8s cka]# kubectl get ingressclass -o yaml\r\napiVersion: v1\r\nitems:\r\n- apiVersion: networking.k8s.io\/v1\r\n  kind: IngressClass\r\n  metadata:\r\n    annotations:\r\n      ingressclass.kubernetes.io\/is-default-class: \"true\"\r\n      meta.helm.sh\/release-name: ingress-nginx\r\n      meta.helm.sh\/release-namespace: ingress-nginx\r\n    creationTimestamp: \"2024-02-02T20:09:01Z\"\r\n    generation: 1\r\n    labels:\r\n      app.kubernetes.io\/component: controller\r\n      app.kubernetes.io\/instance: ingress-nginx\r\n      app.kubernetes.io\/managed-by: Helm\r\n      app.kubernetes.io\/name: ingress-nginx\r\n      app.kubernetes.io\/part-of: ingress-nginx\r\n      app.kubernetes.io\/version: 1.9.6\r\n      helm.sh\/chart: ingress-nginx-4.9.1\r\n    name: nginx\r\n    resourceVersion: \"101308\"\r\n    uid: 6e638977-b341-46c3-a469-cfb655cd4dac\r\n  spec:\r\n    controller: k8s.io\/ingress-nginx\r\nkind: List\r\nmetadata:\r\n  resourceVersion: \"\"\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Configuring Ingress Rules<\/span><\/p>\n<ul>\n<li><code>kubectl get deployment <\/code><\/li>\n<li><code>kubectl get svc webshop <\/code><\/li>\n<li><code>kubectl create ingress webshop-ingress --rule=\"\/=webshop:80\" --rule=\"\/hello=newdep:8080\" <\/code><\/li>\n<li><code>sudo vim \/etc\/hosts <\/code>\n<ul>\n<li><code>127.0.0.1 webshop.info <\/code><\/li>\n<\/ul>\n<\/li>\n<li><code>kubectl get ingress <\/code><\/li>\n<li><code>kubectl describe ingress webshop-ingress<\/code><\/li>\n<\/ul>\n<pre class=\"lang:default mark:42 decode:true \">[root@k8s cka]# kubectl get deploy\r\nNAME         READY   UP-TO-DATE   AVAILABLE   AGE\r\nfirstnginx   4\/4     4            4           2d1h\r\nnginxsvc     1\/1     1            1           54m\r\nwebserver    1\/1     1            1           7h50m\r\nwebshop      3\/3     3            3           3h19m\r\n\r\n[root@k8s cka]# kubectl  get svc webshop\r\nNAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE\r\nwebshop   NodePort   10.109.119.90   &lt;none&gt;        80:32064\/TCP   107m\r\n\r\n[root@k8s cka]# kubectl create ingress webshop-ingress --rule=\"\/=webshop:80\" --rule=\"\/hello=newdep:8080\"\r\ningress.networking.k8s.io\/webshop-ingress created\r\n\r\n[root@k8s cka]# vi \/etc\/hosts\r\n[root@k8s cka]# ping webshop.info\r\nPING host.minikube.internal (127.0.0.1) 56(84) bytes of data.\r\n64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.092 ms\r\n64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.041 ms\r\n^C\r\n--- host.minikube.internal ping statistics ---\r\n2 packets transmitted, 2 received, 0% packet loss, time 1021ms\r\nrtt min\/avg\/max\/mdev = 0.041\/0.066\/0.092\/0.026 ms\r\n\r\n[root@k8s cka]# kubectl get ingress\r\nNAME              CLASS   HOSTS           ADDRESS   PORTS   AGE\r\nnginxsvc          nginx   nginxsvc.info             80      45m\r\nwebshop-ingress   nginx   *                         80      67s\r\n\r\n[root@k8s cka]# kubectl describe ingress webshop-ingress\r\nName:             webshop-ingress\r\nLabels:           &lt;none&gt;\r\nNamespace:        default\r\nAddress:\r\nIngress Class:    nginx\r\nDefault backend:  &lt;default&gt;\r\nRules:\r\n  Host        Path  Backends\r\n  ----        ----  --------\r\n  *\r\n              \/        webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)\r\n              \/hello   newdep:8080 (&lt;error: endpoints \"newdep\" not found&gt;)\r\nAnnotations:  &lt;none&gt;\r\nEvents:\r\n  Type    Reason  Age   From                      Message\r\n  ----    ------  ----  ----                      -------\r\n  Normal  Sync    72s   nginx-ingress-controller  Scheduled for sync\r\n<\/pre>\n<p>As we see the endpoint &#8220;newdep&#8221; not fount and we must fix it:<\/p>\n<p><span style=\"color: #3366ff;\">Configuring Ingress Rules\u00a0 &#8211; part 2<\/span><\/p>\n<ul>\n<li><code>kubectl create deployment newdep --image=gcr.io\/google-samples\/hello-app:2.0<\/code><\/li>\n<li><code>kubectl expose deployment newdep --port=8080<\/code><\/li>\n<li><code>kubectl describe ingress webshop-ingress<\/code><\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl create deployment newdep --image=gcr.io\/google-samples\/hello-app:2.0\r\ndeployment.apps\/newdep created\r\n\r\n[root@k8s cka]# kubectl expose deployment newdep --port=8080\r\nservice\/newdep exposed\r\n\r\n[root@k8s cka]# kubectl describe ingress webshop-ingress\r\n\r\nName:             webshop-ingress\r\nLabels:           &lt;none&gt;\r\nNamespace:        default\r\nAddress:\r\nIngress Class:    nginx\r\nDefault backend:  &lt;default&gt;\r\nRules:\r\n  Host        Path  Backends\r\n  ----        ----  --------\r\n  *\r\n              \/        webshop:80 (10.244.0.23:80,10.244.0.24:80,10.244.0.25:80)\r\n              \/hello   newdep:8080 (10.244.0.30:8080)\r\nAnnotations:  &lt;none&gt;\r\nEvents:\r\n  Type    Reason  Age    From                      Message\r\n  ----    ------  ----   ----                      -------\r\n  Normal  Sync    9m21s  nginx-ingress-controller  Scheduled for sync\r\n<\/pre>\n<p>Now everything works. Thats how you can use rules.<\/p>\n<p>Lots of useful creating ingress examples you can see when you type:<\/p>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl  create ingress -h\r\nExamples:\r\n  # Create a single ingress called 'simple' that directs requests to foo.com\/bar to svc\r\n  # svc1:8080 with a TLS secret \"my-cert\"\r\n  kubectl create ingress simple --rule=\"foo.com\/bar=svc1:8080,tls=my-cert\"\r\n<\/pre>\n<p><span style=\"color: #3366ff;\">Using Port Forwarding<\/span><\/p>\n<ul>\n<li><code>kubectl port-forward<\/code> can be used to connect to applications for analyzing and troubleshooting<\/li>\n<li>It forwards traffic coming in to a local port on the kubectl client machine to a port that is available in a Pod<\/li>\n<li>Using port forwarding allows you to test application access without the need to configure Services and Ingress<\/li>\n<li>Use<code> kubectl port-forward mypod 1235:80<\/code> to forward local port 1235 to Pod port 80<\/li>\n<li>To run in the background, use<code> Ctrl-z<\/code> or start with a<code> &amp;<\/code> at the end of the<code> kubectl port-forward<\/code> command<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl get pods\r\nNAME                         READY   STATUS    RESTARTS         AGE\r\ndeploydaemon-zzllp           1\/1     Running   0                24h\r\nfirstnginx-d8679d567-249g9   1\/1     Running   0                2d1h\r\nfirstnginx-d8679d567-66c4s   1\/1     Running   0                2d1h\r\nfirstnginx-d8679d567-72qbd   1\/1     Running   0                2d1h\r\nfirstnginx-d8679d567-rhhlz   1\/1     Running   0                32h\r\ninit-demo                    1\/1     Running   0                34h\r\nlab4-pod                     1\/1     Running   0                6h57m\r\nmorevol                      2\/2     Running   40 (3m53s ago)   20h\r\nmydaemon-d4dcd               1\/1     Running   0                24h\r\nnewdep-749c9b5675-2x9mb      1\/1     Running   0                10m\r\nnginxsvc-5f8b7d4f4d-dtrs7    1\/1     Running   0                74m\r\npv-pod                       1\/1     Running   0                19h\r\nsleepy                       1\/1     Running   24 (31m ago)     35h\r\ntestpod                      1\/1     Running   0                2d1h\r\ntwo-containers               2\/2     Running   143 (70s ago)    32h\r\nweb-0                        1\/1     Running   0                37h\r\nweb-1                        1\/1     Running   0                24h\r\nweb-2                        1\/1     Running   0                24h\r\nwebserver-76d44586d-8gqhf    1\/1     Running   0                7h57m\r\nwebshop-7f9fd49d4c-92nj2     1\/1     Running   0                3h40m\r\nwebshop-7f9fd49d4c-kqllw     1\/1     Running   0                3h40m\r\nwebshop-7f9fd49d4c-x2czc     1\/1     Running   0                3h40m\r\n\r\n[root@k8s cka]# kubectl port-forward pods\/webserver-76d44586d-8gqhf 1235:80 &amp;\r\n[3] 307824\r\n[root@k8s cka]# Forwarding from 127.0.0.1:1235 -&gt; 80\r\nForwarding from [::1]:1235 -&gt; 80\r\n\r\n[root@k8s cka]# curl localhost:1235\r\nHandling connection for 1235\r\nhello world\r\n<\/pre>\n<p>It was a siple example of port-forwarding.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Lab: Managing Networking<\/span><\/p>\n<ul>\n<li>Run a deployment with the name apples, using 3 replicas and the Nginx image<\/li>\n<li>Expose this deployment in such a way that it is accessible on my.fruit<\/li>\n<li>Use port fowarding to test<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">[root@k8s cka]# kubectl create deployment apples --image=nginx --replicas=3\r\ndeployment.apps\/apples created\r\n\r\n[root@k8s cka]# kubectl expose deployment apples --port=80\r\nservice\/apples exposed\r\n\r\n[root@k8s cka]# kubectl  create ingress apples --rule=\"my.fruit\/*=apples:80\"\r\ningress.networking.k8s.io\/apples created\r\n[root@k8s cka]# vim \/etc\/hosts\r\n[root@k8s cka]# cat \/etc\/hosts\r\n127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4\r\n::1         localhost localhost.localdomain localhost6 localhost6.localdomain6\r\n127.0.0.1       host.minikube.internal nginxsvc.info webshop.info my.fruit\r\n172.30.9.24     control-plane.minikube.internal\r\n\r\n[root@k8s cka]# curl my.fruit:8080\r\nHandling connection for 8080\r\n&lt;!DOCTYPE html&gt;\r\n&lt;html&gt;\r\n&lt;head&gt;\r\n&lt;title&gt;Welcome to nginx!&lt;\/title&gt;\r\n&lt;style&gt;\r\nhtml { color-scheme: light dark; }\r\nbody { width: 35em; margin: 0 auto;\r\nfont-family: Tahoma, Verdana, Arial, sans-serif; }\r\n&lt;\/style&gt;\r\n&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;h1&gt;Welcome to nginx!&lt;\/h1&gt;\r\n&lt;p&gt;If you see this page, the nginx web server is successfully installed and\r\nworking. Further configuration is required.&lt;\/p&gt;\r\n\r\n&lt;p&gt;For online documentation and support please refer to\r\n&lt;a href=\"http:\/\/nginx.org\/\"&gt;nginx.org&lt;\/a&gt;.&lt;br\/&gt;\r\nCommercial support is available at\r\n&lt;a href=\"http:\/\/nginx.com\/\"&gt;nginx.com&lt;\/a&gt;.&lt;\/p&gt;\r\n\r\n&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;\/em&gt;&lt;\/p&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;\r\n<\/pre>\n<p>We get Welcome to nginx because we do have a default ingressClass. If you don&#8217;t have a default IngressClass this doesn&#8217;t work.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>.<\/p>\n","protected":false},"author":2,"featured_media":5956,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[99],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/5271"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=5271"}],"version-history":[{"count":24,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/5271\/revisions"}],"predecessor-version":[{"id":5473,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/5271\/revisions\/5473"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/5956"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=5271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=5271"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=5271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}