github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-05-06 00:46:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

📃 Improve Ingress exercises

Browse Source
This commit is contained in:
Jérôme Petazzoni
2022-12-08 17:28:53 -08:00
parent 584dddd823
commit a2be63e4c4
2 changed files with 102 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
slides/exercises/ingress-brief.md
View File

@@ -2,7 +2,7 @@
- Add an ingress controller to a Kubernetes cluster
- Create an ingress resource for a web app on that cluster
- Create an ingress resource for a couple of web apps on that cluster
- Challenge: accessing/exposing port 80

120
slides/exercises/ingress-details.md
View File

@@ -1,49 +1,131 @@
# Exercise — Ingress
- We want to expose a web app through an ingress controller
- We want to expose a couple of web apps through an ingress controller
- This will require:
- the web app itself (dockercoins, NGINX, whatever we want)
- the web apps (e.g. two instances of `jpetazzo/color`)
- an ingress controller
- a domain name (`use \*.nip.io` or `\*.localdev.me`)
- an ingress resource
---
## Goal
## Different scenarios
- We want to be able to access the web app using a URL like:
We will use a different deployment mechanism depending on the cluster that we have:
http://webapp.localdev.me
- Managed cluster with working `LoadBalancer` Services
*or*
- Local development cluster
http://webapp.A.B.C.D.nip.io
- Cluster without `LoadBalancer` Services (e.g. deployed with `kubeadm`)
(where A.B.C.D is the IP address of one of our nodes)
---
## The apps
- The web apps will be deployed similarly, regardless of the scenario
- Let's start by deploying two web apps, e.g.:
a Deployment called `blue` and another called `green`, using image `jpetazzo/color`
- Expose them with two `ClusterIP` Services
---
## Scenario "classic cloud Kubernetes"
*Difficulty: easy*
For this scenario, we need a cluster with working `LoadBalancer` Services.
(For instance, a managed Kubernetes cluster from a cloud provider.)
We suggest to use "Ingress NGINX" with its default settings.
It can be installed with `kubectl apply` or with `helm`.
Both methods are described in [the documentation][ingress-nginx-deploy].
We want our apps to be available on e.g. http://X.X.X.X/blue and http://X.X.X.X/green
<br/>
(where X.X.X.X is the IP address of the `LoadBalancer` allocated by Ingress NGINX).
[ingress-nginx-deploy]: https://kubernetes.github.io/ingress-nginx/deploy/
---
## Scenario "local development cluster"
*Difficulty: easy-hard (depends on the type of cluster!)*
For this scenario, we want to use a local cluster like KinD, minikube, etc.
We suggest to use "Ingress NGINX" again, like for the previous scenario.
Furthermore, we want to use `localdev.me`.
We want our apps to be available on e.g. `blue.localdev.me` and `green.localdev.me`.
The difficulty is to ensure that `localhost:80` will map to the ingress controller.
(See next slide for hints!)
---
## Hints
- For the ingress controller, we can use:
- With clusters like Docker Desktop, the first `LoadBalancer` service uses `localhost`
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md)
(if the ingress controller is the first `LoadBalancer` service, we're all set!)
- the [Traefik Helm chart](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart)
- With clusters like K3D and KinD, it is possible to define extra port mappings
- the container.training [Traefik DaemonSet](https://raw.githubusercontent.com/jpetazzo/container.training/main/k8s/traefik-v2.yaml)
(and map e.g. `localhost:80` to port 30080 on the node; then use that as a `NodePort`)
- If our cluster supports LoadBalancer Services: easy
---
(nothing special to do)
## Scenario "on premises cluster", take 1
- For local clusters, things can be more difficult; two options:
*Difficulty: easy*
- map localhost:80 to e.g. a NodePort service, and use `\*.localdev.me`
For this scenario, we need a cluster with nodes that are publicly accessible.
- use hostNetwork, or ExternalIP, and use `\*.nip.io`
We want to deploy the ingress controller so that it listens on port 80 on all nodes.
This can be done e.g. with the manifests in @@LINK[k8s/traefik.yaml].
We want our apps to be available on e.g. http://X.X.X.X/blue and http://X.X.X.X/green
<br/>
(where X.X.X.X is the IP address of any of our nodes).
---
## Scenario "on premises cluster", take 2
*Difficulty: medium*
We want to deploy the ingress controller so that it listens on port 80 on all nodes.
But this time, we want to use a Helm chart to install the ingress controller.
We can use either the Ingress NGINX Helm chart, or the Traefik Helm chart.
Test with an untainted node first.
Feel free to make it work on tainted nodes (e.g. control plane nodes) later.
---
## Scenario "on premises cluster", take 3
*Difficulty: hard*
This is similar to the previous scenario, but with two significant changes:
1. We only want to run the ingress controller on nodes that have the role `ingress`.
2. We don't want to use `hostNetwork`, but a list of `externalIPs` instead.