accessing kubernetes services from external world
TRANSCRIPT
Kubernetes External Access
Neependra Khare, CloudYuga @neependra
Load Balancing Basics
LB
Server2Server1 Server N
Load Balancing Basics
• Layer 7 LB - HTTP
• Layer 4 LB - TCP/UDP
Load Balancing in K8s• Internal
• Kube-proxy
• External • Cloud LoadBalancer • NodePort • External IP • Ingress • Service LBs
Kube-proxy
kube-proxy kube-proxy kube-proxy
PodA PodA
Request to access
service for PodA
Worker Worker Worker
External - Cloud LB
kube-proxy kube-proxy kube-proxy
Cloud LB
PodA PodB
PodA
PodB
Worker Worker Worker
External - NodePort
• ` kube-proxy kube-proxy kube-proxy
PodA PodB
PodA
PodB
NodePort-2 NodePort-2NodePort-2NodePort1 NodePort1 NodePort1
Worker Worker Worker
External - Cloud LB
kube-proxy kube-proxy kube-proxy
Cloud LB
PodA PodB
PodA
PodB
NodePort-2 NodePort-2NodePort-2NodePort1 NodePort1 NodePort1
WorkerWorkerWorker
external IPexternal IP
External - External IP
kube-proxy kube-proxy kube-proxy
PodA PodB
PodA
PodB
808080 808080
External IP
Worker Worker Worker
External - Ingress
Ingress Resources
LBIngress Controllerwatches updates
External - Ingress (GKE)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
/foo
/bar
/xyz
foo.bar.com bar.xyz.com
Worker Worker
NodePort1 NodePort-2 NodePort-3
External - Ingress (GKE)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
foo.bar.com
bar.foo.com
abc.xyz.com
Worker Worker
NodePort1 NodePort-2 NodePort-3
External - Ingress (Nginx)apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
LB1 LB2
PodA PodA
PodB
PodB
PodB
PodC PodC
/foo
/bar
/xyz
foo.bar.com bar.xyz.com
Worker Worker
Service LB
LBHAProxy
apiVersion: v1 kind: ReplicationController metadata: name: service-loadbalancer labels: app: service-loadbalancer version: v1 spec: replicas: 1 selector: app: service-loadbalancer version: v1 template: metadata: labels: app: service-loadbalancer version: v1 spec: nodeSelector: role: loadbalancer containers: - image: gcr.io/google_containers/servicelb:0.4 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 8081 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 name: haproxy ports: # All http services - containerPort: 80 hostPort: 80 protocol: TCP # mysql - containerPort: 3306 hostPort: 3306 protocol: TCP # haproxy stats - containerPort: 1936
https://github.com/kubernetes/contrib/blob/master/service-loadbalancer/rc.yaml
PodB
PodA
PodB
Worker Worker
Q & A
Thanks
@neependra, CloudYuga.guru