We have deployed Ingress Controller, resources and applications. Explore the setup.
kubectl get all -n ingress-nginx
# pods
NAME READY STATUS RESTARTS
ingress-nginx-admission-create-7jllc 0/1 Completed 0
ingress-nginx-admission-patch-5fhdq 0/1 Completed 1
ingress-nginx-controller-6b79d8694c-tpgzg 1/1 Running 0
# service
# EXTERNAL-IP <none>
NAME TYPE CLUSTER-IP PORT(S)
ingress-nginx-controller NodePort 10.107.78.203 80:30080/TCP,
443:32103/TCP
ingress-nginx-controller-admission ClusterIP 10.103.19.57 443/TCP
# deployment
NAME READY UP-TO-DATE AVAILABLE
ingress-nginx-controller 1/1 1 1
# replicaset
NAME DESIRED CURRENT READY
ingress-nginx-controller-6b79d8694c 1 1 1
# job
NAME COMPLETIONS DURATION
ingress-nginx-admission-create 1/1 22s
ingress-nginx-admission-patch 1/1 22s
Which namespace is the Ingress Controller deployed in? ingress-nginx
kubectl get deployments.apps -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 101s
What is the name of the Ingress Controller Deployment?
kubectl get deployments.apps -n ingress-nginx **ingress-nginx-controller** -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.1.2
helm.sh/chart: ingress-nginx-4.0.18
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v1.1.2
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --watch-ingress-without-class=true
- --default-backend-service=app-space/default-backend-service
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
**- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace**
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
**nodeSelector:
kubernetes.io/os: linux**
restartPolicy: Always
serviceAccount: ingress-nginx
serviceAccountName: ingress-nginx
volumes:
- name: webhook-cert
secret:
defaultMode: 420
secretName: ingress-nginx-admission
<aside>
💡 env.valueFrom.fieldRef (ObjectFieldSelector): Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['\\<KEY>'], metadata.annotations['\\<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
</aside>
Which namespace are the applications deployed in? app-space
kubectl get namespaces
NAME STATUS AGE
app-space Active 2m31s
default Active 7m9s
ingress-nginx Active 2m28s
kube-node-lease Active 7m11s
kube-public Active 7m11s
kube-system Active 7m12s
How many applications are deployed in the app-space namespace? 3
kubectl get deployments.apps -n app-space -o wide
NAME CONTAINERS IMAGES SELECTOR
default-backend simple-webapp ecommerce:404 app=default-backend
webapp-video simple-webapp ecommerce:video app=webapp-video
webapp-wear simple-webapp ecommerce:apparels app=webapp-wear
Which namespace is the Ingress Resource deployed in? app-space
kubectl get ingress --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.98.146.11 80 6m6s
Ingress precisa estar no mesmo namespace que o Service?
Ingress configuration for k8s in different namespaces
What is the name of the Ingress Resource? ingress-wear-watch
kubectl get ingress --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.98.146.11 80 6m6s
What is the Host configured on the Ingress Resource? (*) all hosts
kubectl get ingress -n app-space ingress-wear-watch -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
name: ingress-wear-watch
namespace: app-space
spec:
rules:
- http:
paths:
- backend:
service:
name: wear-service
port:
number: 8080
path: /wear
pathType: Prefix
- backend:
service:
name: video-service
port:
number: 8080
path: /watch
pathType: Prefix
status:
loadBalancer:
ingress:
- ip: 10.98.146.11
<aside>
💡 spec.rules[*].host
Host is the fully qualified domain name of a network host, as defined by RFC 3986.
: delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https.
fonte</aside>
What backend is the /wear path on the Ingress configured with? wear-service
kubectl describe ingress -n app-space ingress-wear-watch
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.98.146.11
Default backend: default-http-backend:80
(<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
**/wear wear-service:8080 (10.244.0.5:8080)**
/watch video-service:8080 (10.244.0.6:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 19m nginx-ingress-controller Scheduled for sync
At what path is the video streaming application made available on the Ingress? /watch
kubectl get ingress -n app-space ingress-wear-watch -o yaml
(...)
spec:
rules:
- http:
paths:
- backend:
service:
name: wear-service
port:
number: 8080
path: /wear
pathType: Prefix
**- backend:
service:
name: video-service
port:
number: 8080
path: /watch
pathType: Prefix**
(...)
If the requirement does not match any of the configured paths what service are the requests forwarded to? default-http-backend
kubectl describe ingress -n app-space ingress-wear-watch
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.98.146.11
**Default backend: default-http-backend:80
(<error: endpoints "default-http-backend" not found>)**
(...)
kubectl get services -n app-space
NAME TYPE CLUSTER-IP PORT(S) AGE
default-backend-service ClusterIP 10.105.16.69 80/TCP 25m
video-service ClusterIP 10.110.75.92 8080/TCP 25m
wear-service ClusterIP 10.107.84.88 8080/TCP 25m
<aside>
💡 dúvida, ta certo isso? no describe do Ingress o default backend chama-se default-http-backend enquanto o Service que tem o nome mais parecido no namespace app-space se chama default-backend-service. Inclusive uma mensagem de erro é exibida no describe do Ingress.
</aside>
kubectl get pods -n ingress-nginx ingress-nginx-controller -o yaml
apiVersion: v1
kind: Pod
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
name: ingress-nginx-controller-6b79d8694c-2j2w4
namespace: ingress-nginx
spec:
containers:
- args:
- (...)
**- --default-backend-service=app-space/default-backend-service**
- (...)
(...)