We have deployed two applications. Explore the setup.
$ kubectl get namespaces
NAME STATUS AGE
**app-space Active 46s**
default Active 56m
kube-node-lease Active 56m
kube-public Active 56m
kube-system Active 56m
$ kubectl get deployments -n app-space -o wide
NAME READY CONTAINERS IMAGES SELECTOR
default-backend 1/1 simple-webapp ecommerce:404 app=default-backend
**webapp-video 1/1 simple-webapp ecommerce:video app=webapp-video**
**webapp-wear 1/1 simple-webapp ecommerce:apparels app=webapp-wear**
$ kubectl get svc -n app-space
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
default-http-backend ClusterIP 10.109.222.52 <none> 80/TCP
**video-service ClusterIP 10.105.181.123 <none> 8080/TCP**
**wear-service ClusterIP 10.98.57.217 <none> 8080/TCP**
Let us now deploy an Ingress Controller. First, create a namespace called ingress-space.
$ kubectl create namesapce ingress-space
The NGINX Ingress Controller requires a ConfigMap object. Create a ConfigMap object in the ingress-space.
No data needs to be configured in the ConfigMap.
$ kubectl create configmap nginx-configuration -n ingress-space
configmap/nginx-configuration created
The NGINX Ingress Controller requires a ServiceAccount. Create a ServiceAccount in the ingress-space namespace.
Name: ingress-serviceaccount
$ kubectl create serviceaccount ingress-serviceaccount -n ingress-space
serviceaccount/ingress-serviceaccount created
$ kubectl get sa -n ingress-space
NAME SECRETS AGE
default 1 2m20s
ingress-serviceaccount 1 6s
$ kubectl describe sa -n ingress-space ingress-serviceaccount
Name: ingress-serviceaccount
Namespace: ingress-space
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: ingress-serviceaccount-token-54htb
Tokens: ingress-serviceaccount-token-54htb
Events: <none>
We have created the Roles and RoleBindings for the ServiceAccount. Check it out!!
$ kubectl get roles -n ingress-space
NAME CREATED AT
ingress-role 2022-08-03T22:36:41Z
$ kubectl describe roles -n ingress-space ingress-role
Name: ingress-role
Labels: app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get create]
configmaps [] [ingress-controller-leader-nginx] [get update]
endpoints [] [] [get]
namespaces [] [] [get]
pods [] [] [get]
secrets [] [] [get]
$ kubectl get roles -n ingress-space ingress-role -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:rules: {}
manager: python-requests
operation: Update
time: "2022-08-03T22:36:41Z"
name: ingress-role
namespace: ingress-space
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resourceNames:
- ingress-controller-leader-nginx
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
$ kubectl get rolebindings -n ingress-space
NAME ROLE AGE
ingress-role-binding Role/ingress-role 6m35s
$ kubectl describe rolebindings -n ingress-space ingress-role-binding
Name: ingress-role-binding
Labels: app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
Annotations: <none>
Role:
Kind: Role
Name: ingress-role
Subjects:
Kind Name Namespace
---- ---- ---------
ServiceAccount ingress-serviceaccount
$ kubectl get rolebindings -n ingress-space ingress-role-binding -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: python-requests
operation: Update
time: "2022-08-03T22:36:41Z"
name: ingress-role-binding
namespace: ingress-space
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-role
subjects:
- kind: ServiceAccount
name: ingress-serviceaccount
Let us now deploy the Ingress Controller. Create a deployment using the file given. The Deployment configuration is given at /root/ingress-controller.yaml.
There are several issues with it. Try to fix them.
Deployed in the correct namespace.
Replicas: 1
Use the right image
Namespace: ingress-space
Deployment fornecido como exemplo, destaquei as linhas em amarelo para indicar erros encontrados. Apesar do exercício pedir para usar a “right image” o deployment funcionou OK com a imagem já declarada.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-controller
**namespace: ingress-**
spec:
**replicas: 1**
selector:
matchLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
serviceAccountName: ingress-serviceaccount
containers:
- name: nginx-ingress-controller
**image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0**
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --default-backend-service=app-space/default-http-backend
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
**containerPort: 80**
- name: https
containerPort: 443
Após ajustar e aplicar o deployment:
$ kubectl get pods -n ingress-space
NAME READY STATUS RESTARTS AGE
ingress-controller-5857685bf-7c89m 1/1 Running 0 114s
$ kubectl get deployments -n ingress-space -o wide
NAME READY UP-TO-DATE AVAILABLE CONTAINERS IMAGES SELECTOR
ingress-controller 1/1 1 1 nginx-ingress-controller quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 name=nginx-ingress
Let us now create a service to make Ingress available to external users. Create a service following the given specs.