====== Gerenciar serviços no Kubernetes ====== ===== Gerenciar Serviço NodePort ===== $ kubectl create deploy nginx --image=nginx deployment.apps/nginx created $ kubectl expose deploy nginx --type="NodePort" --port 80 service/nginx exposed $ kubectl get service nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx NodePort 10.99.152.156 80:32285/TCP 59s $ kubectl describe service nginx Name: nginx Namespace: default Labels: app=nginx Annotations: Selector: app=nginx Type: NodePort IP Family Policy: SingleStack IP Families: IPv4 IP: 10.99.152.156 IPs: 10.99.152.156 Port: 80/TCP TargetPort: 80/TCP NodePort: 32285/TCP Endpoints: 172.16.213.141:80 Session Affinity: None External Traffic Policy: Cluster Events: $ curl http://127.0.0.1:32285 Welcome to nginx!

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

 $ kubectl delete svc nginx service "nginx" deleted ===== Gerenciar Serviço Load Balancer ===== $ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml namespace/metallb-system created $ kubectl get ns NAME STATUS AGE 4labs Active 2d4h default Active 5d20h kube-node-lease Active 5d20h kube-public Active 5d20h kube-system Active 5d20h metallb-system Active 9s $ kubectl describe ns metallb-system Name: metallb-system Labels: app=metallb kubernetes.io/metadata.name=metallb-system Annotations: Status: Active No resource quota. No LimitRange resource. $ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ podsecuritypolicy.policy/controller created podsecuritypolicy.policy/speaker created serviceaccount/controller created serviceaccount/speaker created clusterrole.rbac.authorization.k8s.io/metallb-system:controller created clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created role.rbac.authorization.k8s.io/config-watcher created role.rbac.authorization.k8s.io/pod-lister created role.rbac.authorization.k8s.io/controller created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created rolebinding.rbac.authorization.k8s.io/config-watcher created rolebinding.rbac.authorization.k8s.io/pod-lister created rolebinding.rbac.authorization.k8s.io/controller created daemonset.apps/speaker created deployment.apps/controller created $ kubectl get all -n metallb-system NAME READY STATUS RESTARTS AGE pod/controller-57fd9c5bb-twsxt 1/1 Running 0 52s pod/speaker-2vxhj 1/1 Running 0 53s pod/speaker-tjhck 0/1 Running 0 53s pod/speaker-vx9dt 1/1 Running 0 53s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/speaker 3 3 2 3 2 kubernetes.io/os=linux 53s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/controller 1/1 1 1 53s NAME DESIRED CURRENT READY AGE replicaset.apps/controller-57fd9c5bb 1 1 1 52s --- apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 177.75.176.43-177.75.176.62 * **address-pools**: Inicia a configuração de endereçamento; * **name**: Define o nome do pool de endereçamento. - **protocol**: Define o protocolo que será utilizado. No modo **layer2**, uma máquina no cluster assume a propriedade do serviço e usa protocolos de descoberta de endereço padrão (ARP para IPv4, NDP para IPv6) para tornar esses IPs acessíveis na rede local. No modo **BGP**, todas as máquinas no cluster estabelecem sessões de emparelhamento BGP com roteadores próximos que você controla e informam a esses roteadores como encaminhar o tráfego para os IPs de serviço; - **addresses**: Define o pool de endereços que será utilizado para acessar o load balancer para cada serviço. $ kubectl apply -f metallb-config.yaml configmap/config created $ kubectl describe cm config -n metallb-system Name: config Namespace: metallb-system Labels: Annotations: Data ==== config: ---- address-pools: - name: default protocol: layer2 addresses: - 177.75.176.43-177.75.176.62 BinaryData ==== Events: $ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE nginx 1/1 1 1 3h39m $ kubectl create deploy apache --image=httpd deployment.apps/apache created $ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE apache 1/1 1 1 71s nginx 1/1 1 1 3h41m $ kubectl scale deploy nginx --replicas=2 deployment.apps/nginx scaled $ kubectl scale deploy apache --replicas=2 deployment.apps/apache scaled $ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE apache 2/2 2 2 3m9s nginx 2/2 2 2 3h43m $ kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES apache-6d96f8c8d-rhmrs 1/1 Running 0 4m13s 172.16.101.76 kube-worker-01.juntotelecom.com.br apache-6d96f8c8d-xqcnr 1/1 Running 0 108s 172.16.213.143 kube-worker-02.juntotelecom.com.br nginx-85b98978db-5t5fr 1/1 Running 0 3h44m 172.16.213.141 kube-worker-02.juntotelecom.com.br nginx-85b98978db-mtj4q 1/1 Running 0 114s 172.16.101.77 kube-worker-01.juntotelecom.com.br $ kubectl expose deploy nginx --type="LoadBalancer" --port 80 --target-port=80 service/nginx exposed $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 443/TCP 5d20h nginx LoadBalancer 10.108.43.217 177.75.176.43 80:31569/TCP 37s $ kubectl expose deploy apache --type="LoadBalancer" --port 80 --target-port=80 service/apache exposed $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apache LoadBalancer 10.96.132.197 177.75.176.44 80:31241/TCP 18s kubernetes ClusterIP 10.96.0.1 443/TCP 5d20h nginx LoadBalancer 10.108.43.217 177.75.176.43 80:31569/TCP 115s $ kubectl describe svc nginx Name: nginx Namespace: default Labels: app=nginx Annotations: Selector: app=nginx Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 10.108.43.217 IPs: 10.108.43.217 LoadBalancer Ingress: 177.75.176.43 Port: 80/TCP TargetPort: 80/TCP NodePort: 31569/TCP Endpoints: 172.16.101.77:80,172.16.213.141:80 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal IPAllocated 3m18s metallb-controller Assigned IP ["177.75.176.43"] Normal nodeAssigned 3m17s metallb-speaker announcing from node "kube-worker-02.juntotelecom.com.br" #!/bin/bash export POD1=$(kubectl get po -o wide | grep nginx | grep kube-worker-01 | awk -F" " '{print $1}') export POD2=$(kubectl get po -o wide | grep nginx | grep kube-worker-02 | awk -F" " '{print $1}') echo 'NGINX NODE 1 - LOAD BALANCER' > /tmp/index.html kubectl cp /tmp/index.html $POD1:/usr/share/nginx/html/ echo 'NGINX NODE 2 - LOAD BALANCER' > /tmp/index.html kubectl cp /tmp/index.html $POD2:/usr/share/nginx/html/ #!/bin/bash export POD1=$(kubectl get po -o wide | grep apache | grep kube-worker-01 | awk -F" " '{print $1}') export POD2=$(kubectl get po -o wide | grep apache | grep kube-worker-02 | awk -F" " '{print $1}') echo 'APACHE NODE 1 - LOAD BALANCER' > /tmp/index.html kubectl cp /tmp/index.html $POD1:/usr/local/apache2/htdocs/ echo 'APACHE NODE 2 - LOAD BALANCER' > /tmp/index.html kubectl cp /tmp/index.html $POD2:/usr/local/apache2/htdocs/ $ bash web-nginx.sh $ bash web-apache.sh $ for cont in $(seq 1 10); do curl http://177.75.176.43;done NGINX NODE 1 - LOAD BALANCER NGINX NODE 2 - LOAD BALANCER NGINX NODE 1 - LOAD BALANCER NGINX NODE 1 - LOAD BALANCER NGINX NODE 1 - LOAD BALANCER NGINX NODE 2 - LOAD BALANCER NGINX NODE 2 - LOAD BALANCER NGINX NODE 1 - LOAD BALANCER NGINX NODE 2 - LOAD BALANCER NGINX NODE 2 - LOAD BALANCER $ for cont in $(seq 1 10); do curl http://177.75.176.44;done APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER APACHE NODE 1 - LOAD BALANCER $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apache LoadBalancer 10.96.132.197 177.75.176.44 80:31241/TCP 19m kubernetes ClusterIP 10.96.0.1 443/TCP 5d21h nginx LoadBalancer 10.108.43.217 177.75.176.43 80:31569/TCP 21m $ kubectl patch svc nginx -p '{"spec": {"ports": [{"port": 80}],"type": "NodePort"}}' service/nginx patched $ kubectl patch svc apache -p '{"spec": {"ports": [{"port": 80}],"type": "NodePort"}}' service/apache patched $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apache NodePort 10.96.132.197 80:31241/TCP 20m kubernetes ClusterIP 10.96.0.1 443/TCP 5d21h nginx NodePort 10.108.43.217 80:31569/TCP 22m ===== Gerenciar Ingress no Kubernetes ===== ==== Instalação e configuração do Nginx Ingress ==== $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml namespace/ingress-nginx created serviceaccount/ingress-nginx created serviceaccount/ingress-nginx-admission created role.rbac.authorization.k8s.io/ingress-nginx created role.rbac.authorization.k8s.io/ingress-nginx-admission created clusterrole.rbac.authorization.k8s.io/ingress-nginx created clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created rolebinding.rbac.authorization.k8s.io/ingress-nginx created rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created configmap/ingress-nginx-controller created service/ingress-nginx-controller created service/ingress-nginx-controller-admission created deployment.apps/ingress-nginx-controller created job.batch/ingress-nginx-admission-create created job.batch/ingress-nginx-admission-patch created ingressclass.networking.k8s.io/nginx created validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created $ kubectl get all -n ingress-nginx NAME READY STATUS RESTARTS AGE pod/ingress-nginx-admission-create-7fvl2 0/1 Completed 0 72s pod/ingress-nginx-admission-patch-pl8j8 0/1 Completed 2 72s pod/ingress-nginx-controller-5bf7467b67-j6blh 0/1 Running 0 72s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/ingress-nginx-controller NodePort 10.108.43.195 80:30007/TCP,443:30221/TCP 73s service/ingress-nginx-controller-admission ClusterIP 10.101.226.220 443/TCP 73s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/ingress-nginx-controller 0/1 1 0 73s NAME DESIRED CURRENT READY AGE replicaset.apps/ingress-nginx-controller-5bf7467b67 1 1 0 73s NAME COMPLETIONS DURATION AGE job.batch/ingress-nginx-admission-create 1/1 20s 73s job.batch/ingress-nginx-admission-patch 1/1 33s 72s $ kubectl edit svc ingress-nginx-controller -n ingress-nginx Alterar de: 50 sessionAffinity: None 51 type: NodePort 52 status: 53 loadBalancer: {} Para: 50 sessionAffinity: None 51 type: LoadBalancer 52 status: 53 loadBalancer: {} $ kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller LoadBalancer 10.108.43.195 177.75.176.43 80:30007/TCP,443:30221/TCP 9m38s ingress-nginx-controller-admission ClusterIP 10.101.226.220 443/TCP 9m38s ==== Criar Ingress no Cluster Kubernetes ==== --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-nginx spec: rules: - http: paths: - path: / pathType: Prefix backend: service: name: nginx port: number: 80 host: nginx.juntotelecom.com.br $ kubectl apply -f ingress-nginx.yaml ingress.networking.k8s.io/ingress-nginx created $ kubectl get ingress ingress-nginx NAME CLASS HOSTS ADDRESS PORTS AGE ingress-nginx nginx.juntotelecom.com.br 80 2m6s $ kubectl describe ingress ingress-nginx Name: ingress-nginx Labels: Namespace: default Address: Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- nginx.juntotelecom.com.br / nginx:80 (172.16.101.77:80,172.16.213.141:80) Annotations: Events: $ sudo cat /etc/hosts [...] 177.75.176.43 nginx.juntotelecom.com.br 177.75.176.43 apache.juntotelecom.com.br [...]