kubernetes ingress for aws cost saving
TRANSCRIPT
![Page 1: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/1.jpg)
Kubernetes Ingress for AWS Cost SavingTrendMicro Consumer WSE AWSEEric C Huang2017/10/25
![Page 2: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/2.jpg)
goo.gl/VrjuSp
![Page 3: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/3.jpg)
AWS Elastic Load Balancer Is Too
EXPEN$IVE
70% cheaper Kubernetes cluster on AWS
![Page 4: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/4.jpg)
Service Types
● ClusterIP (Default Type)● NodePort● LoadBalancer
![Page 5: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/5.jpg)
ClusterIP
![Page 6: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/6.jpg)
Define a ClusterIP Service
![Page 7: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/7.jpg)
ClusterIP
● port● targetPort
![Page 8: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/8.jpg)
Create a ClusterIP Service via kubectl
● kubectl run echo-server-dev \--image=gcr.io/google_containers/echoserver:1.4 \--port=8080 \--replicas=2 \--namespace=awse
● kubectl expose deployment echo-server-dev-service \--port=80 \--target-port=8080 \--namespace=awse
![Page 9: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/9.jpg)
Verify a Service
● kubectl get services echo-server-dev --namespace=awse -o yaml
● kubectl get deployments echo-server-dev --namespace=awse -o yaml
● kubectl get endpoints echo-server-dev --namespace=awse -o yaml
![Page 10: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/10.jpg)
How to Connect a ClusterIP Service?
● kubectl run nettools \--image=jonlangemak/net_tools \--namespace=default
● kubectl exec nettools-xxx -it bash● curl http://echo-server-dev.awse
○ [service-name].[namespace]
![Page 11: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/11.jpg)
NodePort
![Page 12: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/12.jpg)
NodePort
● port● nodePort● targetPort
![Page 13: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/13.jpg)
How to Connect a NodePort Service?
● curl http://[node ip]:[node port]/
![Page 14: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/14.jpg)
LoadBalancer
![Page 15: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/15.jpg)
LoadBalancer
● port● nodePort● targetPort● CLB (provider: aws)
![Page 16: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/16.jpg)
LoadBalancer
![Page 17: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/17.jpg)
How to Connect a LoadBalancer Service?
● curl http://[CLB]/
![Page 18: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/18.jpg)
LoadBalancer with TLS
● CLB○ HTTPS / TCP + SSL○ Certificate (from ACM)○ TLS Protocol + Cipher
● Route 53 A Alias -> CLB
![Page 19: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/19.jpg)
How to Connect a LoadBalancer Service with TLS?
● curl https://[Route 53 A Alias]/
![Page 20: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/20.jpg)
Ingress
![Page 21: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/21.jpg)
Ingress
● An Ingress is a collection of rules that allow inbound connections to reach the cluster services.
● Ingress Types○ Simple Fanout○ Name Based Virtual Hosting○ TLS
![Page 22: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/22.jpg)
Simple Fanout
![Page 23: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/23.jpg)
Name Based Virtual Hosting
![Page 24: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/24.jpg)
Different Ingress Controllers
● Ingress Controller○ Nginx: https://github.com/kubernetes/ingress-nginx○ Voyager (HAProxy): https://github.com/appscode/voyager/tree/3.2.2○ Træfik: https://docs.traefik.io/user-guide/kubernetes/○ ...etc
![Page 25: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/25.jpg)
Nginx Ingress Controller
● Handle 404:○ nginx-default-backend deployment○ nginx-default-backend ClusterIP service
● Reverse Proxy:○ ingress-nginx deployment○ ingress-nginx LoadBalancer service
![Page 26: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/26.jpg)
Ingress
![Page 27: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/27.jpg)
Verify Ingress
● Simple Fanout○ curl -H “Host:foo.bar.com” http://ingress-nginx.kube-system/foo○ curl -H “Host:foo.bar.com” http://[node ip]:[nodeport]/bar○ curl -H “Host:foo.bar.com” http://[CLB]/foo
● Name Based Virtual Hosting○ curl -H “Host:foo.bar.com” http://ingress-nginx.kube-system○ curl -H “Host:bar.foo.com” http://[node ip]:[nodeport]○ curl -H “Host:foo.bar.com” http://[CLB]
![Page 28: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/28.jpg)
TLS
● AWS CLB Annotations:○ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http”○ service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
"arn:aws:acm:ap-northeast-1:xxx:certificate/xxxx"○ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"○ service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"○ ( service.beta.kubernetes.io/aws-load-balancer-internal: “false” )○ ( service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: “sg-xxx” )
● Route 53 A Alias -> AWS CLB
![Page 29: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/29.jpg)
Ingress + CLB + TLS
![Page 30: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/30.jpg)
Verify Name Based Virtual Hosting with TLS
● curl https://foo.bar.com● curl https://bar.foo.com
![Page 31: Kubernetes Ingress for AWS Cost Saving](https://reader034.vdocuments.mx/reader034/viewer/2022051710/5a647a897f8b9a4c568b47ad/html5/thumbnails/31.jpg)
Q & A