diff --git a/tut/k8s/ing/nginx/README.md b/tut/k8s/ing/nginx/README.md new file mode 100644 index 0000000..6cb2cbf --- /dev/null +++ b/tut/k8s/ing/nginx/README.md @@ -0,0 +1,87 @@ +Check suitable version +```bash +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm search repo ingress-nginx --versions +``` + + +Install +```bash +CHART_VERSION="4.10.0" +APP_VERSION="1.10.0" + +helm template ingress-nginx ingress-nginx \ +--repo https://kubernetes.github.io/ingress-nginx \ +--version ${CHART_VERSION} \ +--namespace ingress-nginx \ +> ./nginx-ingress.${APP_VERSION}.yaml + +kubectl apply -f ./nginx-ingress.${APP_VERSION}.yaml + +kubectl -n ingress-nginx get pods + +``` + + +Should now see +```bash +kubectl -n ingress-nginx get pods + +NAME READY STATUS RESTARTS AGE +ingress-nginx-admission-create-47sz6 0/1 Completed 0 44s +ingress-nginx-admission-patch-5862j 0/1 Completed 1 44s +ingress-nginx-controller-55474d95c5-6w42r 0/1 ContainerCreating 0 44s +``` + + +deploy services + +```bash +k apply -f ing-svc-a.yaml + +# quick check by portforwarding +kubectl port-forward svc/service-a 8080:80 + +Forwarding from 127.0.0.1:8080 -> 80 +Forwarding from [::1]:8080 -> 80 +Handling connection for 8080 +``` + + + +update `/etc/hosts` to point to local - required sudo +```bash +127.0.0.1 kubernetes.docker.internal +127.0.0.1 public.service-a.com +127.0.0.1 public.service-b.com +``` + +test the ingress +```bash +curl -ik https://public.service-a.com/path-a.html + +HTTP/2 200 +date: Wed, 13 Mar 2024 17:28:46 GMT +content-type: text/html +content-length: 28 +last-modified: Wed, 13 Mar 2024 15:00:04 GMT +etag: "65f1bf74-1c" +accept-ranges: bytes +strict-transport-security: max-age=31536000; includeSubDomains + +"/path-a.html" on service-a +``` + + +Tailing ingress logs +```bash +k logs -f -n ingress-nginx ingress-nginx-controller-55474d95c5-6w42r + +192.168.65.3 - - [13/Mar/2024:15:14:16 +0000] "GET /path-a.html HTTP/2.0" 200 28 "-" "curl/8.4.0" 44 0.001 [default-service-a-80] [] 10.1.0.62:80 28 0.001 200 099a66ec2835412b7cbfebdf37282d4b +``` + + +- deploy more service +- route by domain +- SSL termination +- extra configs - via ConfigMap - https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap \ No newline at end of file diff --git a/tut/k8s/ing/nginx/ing-svc-a.yaml b/tut/k8s/ing/nginx/ing-svc-a.yaml new file mode 100644 index 0000000..5e07030 --- /dev/null +++ b/tut/k8s/ing/nginx/ing-svc-a.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: service-a +spec: + ingressClassName: nginx + rules: + - host: public.service-a.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: service-a + port: + number: 80 \ No newline at end of file diff --git a/tut/k8s/ing/nginx/ingress-nginx-controller-cfgmap.yaml b/tut/k8s/ing/nginx/ingress-nginx-controller-cfgmap.yaml new file mode 100644 index 0000000..11e8e96 --- /dev/null +++ b/tut/k8s/ing/nginx/ingress-nginx-controller-cfgmap.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +items: +- apiVersion: v1 + data: + allow-snippet-annotations: "false" + kind: ConfigMap + metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","data":{"allow-snippet-annotations":"false"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/part-of":"ingress-nginx","app.kubernetes.io/version":"1.10.0","helm.sh/chart":"ingress-nginx-4.10.0"},"name":"ingress-nginx-controller","namespace":"ingress-nginx"}} + creationTimestamp: "2024-03-13T14:44:33Z" + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.10.0 + helm.sh/chart: ingress-nginx-4.10.0 + name: ingress-nginx-controller + namespace: ingress-nginx + resourceVersion: "143334" + uid: f9cc1b58-8e25-4f57-8fc5-6b189b9e2f0e +- apiVersion: v1 + data: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIDBTCCAe2gAwIBAgIIe5ElpERcitIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE + AxMKa3ViZXJuZXRlczAeFw0yNDAyMDcyMTA5NDRaFw0zNDAyMDQyMTE0NDRaMBUx + EzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQCxeC3lFm5pGuejuf4qbNA97wGGYUhiJTCcK/gD1V0Vcala6A3pefa0CqQH + 4bx4bHbwnhCvDDlXBsorPCLyqU6aUSCDR4HiQEari2hfBQOgNSn/fMLt3JORaVKq + Ef1LVt/vgWPGL0uUQ4NfQMZNbMCQPnExJuDDd1ffJXnJ7JkrfH46wTBVb6npwxBT + oK6VeiI30zLjyHGrW7epO49NUQeGueaDm8J6vRol8SYfoxIP7mLKoGj+txKC78l1 + +Y1pJ+LGykpeq8jeyCNj1Y6GIe9npY+J3dR2aOdyws2gzYm/WdZbuhXinfDJTzt8 + Wi3xOyF47iiJtLjWW3XVkC2PumoLAgMBAAGjWTBXMA4GA1UdDwEB/wQEAwICpDAP + BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ5XHN0JzB0G9RI/9rSq4FvOX8GoTAV + BgNVHREEDjAMggprdWJlcm5ldGVzMA0GCSqGSIb3DQEBCwUAA4IBAQAJq7EqVbN6 + ItTITvZDo+7WvFjtPAdZ0j0snKtwoVwYCd5ks3fsh2+5L+6GLRLOOPhIzD6F7/18 + RTrY+qrSZiGk2PUVdfBECcAYHV+lvkq6OpLVZsrfPBD2wIPYGp2baeLLeIPXaLYe + BZ/+M7r94+XRTonpeJkMJyedUlHrfOtReokI7OgVkDEEHnbDUSu01zFagRG7Tcyc + VvYKrk9PTi/vD+QIPLpX3RnZ5OxvSkQ8u/PXgjfjvCxd4Vvh5UqeQLHPDQST/qyA + MQMo0pI+oQATtIP4KAAsv7Ub15hVFhcjnlyQs3zMchuqgLEOq3K/pkieIP5JINTr + xt1PafI3UBuB + -----END CERTIFICATE----- + kind: ConfigMap + metadata: + annotations: + kubernetes.io/description: Contains a CA bundle that can be used to verify the + kube-apiserver when using internal endpoints such as the internal service + IP or kubernetes.default.svc. No other usage is guaranteed across distributions + of Kubernetes clusters. + creationTimestamp: "2024-03-13T14:44:28Z" + name: kube-root-ca.crt + namespace: ingress-nginx + resourceVersion: "143327" + uid: 6eca69a8-3266-4486-a8c2-d30e100c0642 +kind: List +metadata: + resourceVersion: ""