accessing kubernetes services from external world
TRANSCRIPT
![Page 1: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/1.jpg)
Kubernetes External Access
Neependra Khare, CloudYuga @neependra
![Page 2: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/2.jpg)
Load Balancing Basics
LB
Server2Server1 Server N
![Page 3: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/3.jpg)
Load Balancing Basics
• Layer 7 LB - HTTP
• Layer 4 LB - TCP/UDP
![Page 4: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/4.jpg)
Load Balancing in K8s• Internal
• Kube-proxy
• External • Cloud LoadBalancer • NodePort • External IP • Ingress • Service LBs
![Page 5: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/5.jpg)
Kube-proxy
kube-proxy kube-proxy kube-proxy
PodA PodA
Request to access
service for PodA
Worker Worker Worker
![Page 6: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/6.jpg)
External - Cloud LB
kube-proxy kube-proxy kube-proxy
Cloud LB
PodA PodB
PodA
PodB
Worker Worker Worker
![Page 7: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/7.jpg)
External - NodePort
• ` kube-proxy kube-proxy kube-proxy
PodA PodB
PodA
PodB
NodePort-2 NodePort-2NodePort-2NodePort1 NodePort1 NodePort1
Worker Worker Worker
![Page 8: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/8.jpg)
External - Cloud LB
kube-proxy kube-proxy kube-proxy
Cloud LB
PodA PodB
PodA
PodB
NodePort-2 NodePort-2NodePort-2NodePort1 NodePort1 NodePort1
WorkerWorkerWorker
external IPexternal IP
![Page 9: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/9.jpg)
External - External IP
kube-proxy kube-proxy kube-proxy
PodA PodB
PodA
PodB
808080 808080
External IP
Worker Worker Worker
![Page 10: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/10.jpg)
External - Ingress
Ingress Resources
LBIngress Controllerwatches updates
![Page 11: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/11.jpg)
External - Ingress (GKE)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
/foo
/bar
/xyz
foo.bar.com bar.xyz.com
Worker Worker
NodePort1 NodePort-2 NodePort-3
![Page 12: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/12.jpg)
External - Ingress (GKE)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
foo.bar.com
bar.foo.com
abc.xyz.com
Worker Worker
NodePort1 NodePort-2 NodePort-3
![Page 13: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/13.jpg)
External - Ingress (Nginx)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
/foo
/bar
/xyz
foo.bar.com bar.xyz.com
Worker Worker
![Page 14: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/14.jpg)
Service LB
LBHAProxy
apiVersion: v1 kind: ReplicationController metadata: name: service-loadbalancer labels: app: service-loadbalancer version: v1 spec: replicas: 1 selector: app: service-loadbalancer version: v1 template: metadata: labels: app: service-loadbalancer version: v1 spec: nodeSelector: role: loadbalancer containers: - image: gcr.io/google_containers/servicelb:0.4 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 name: haproxy ports: # All http services - containerPort: 80 hostPort: 80 protocol: TCP # mysql - containerPort: 3306 hostPort: 3306 protocol: TCP # haproxy stats - containerPort: 1936
https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/rc.yaml
PodB
PodA
PodB
Worker Worker
![Page 15: Accessing Kubernetes services from external world](https://reader031.vdocuments.mx/reader031/viewer/2022030306/586e8cb51a28aba0038b8571/html5/thumbnails/15.jpg)
Q & A
Thanks
@neependra, CloudYuga.guru