wiki v1

User Tools

Site Tools

Trace: config_fedora yum dns_transfer_tsig initial_config_centos8 install_fcos huawei_route_static install_ubuntu libvirt_terraform dpkg services_kube
wikiv3:services_kube

Table of Contents

Gerenciar serviços no Kubernetes

Gerenciar Serviço NodePort

$ kubectl create deploy nginx --image=nginx
deployment.apps/nginx created
$ kubectl expose deploy nginx --type="NodePort" --port 80
service/nginx exposed
$ kubectl get service nginx
NAME    TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
nginx   NodePort   10.99.152.156   <none>        80:32285/TCP   59s
$ kubectl describe service nginx
Name:                     nginx
Namespace:                default
Labels:                   app=nginx
Annotations:              <none>
Selector:                 app=nginx
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.99.152.156
IPs:                      10.99.152.156
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  32285/TCP
Endpoints:                172.16.213.141:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
$ curl http://127.0.0.1:32285
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
 
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
 
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
$ kubectl delete svc nginx
service "nginx" deleted

Gerenciar Serviço Load Balancer

$ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
namespace/metallb-system created
$ kubectl get ns
NAME              STATUS   AGE
4labs             Active   2d4h
default           Active   5d20h
kube-node-lease   Active   5d20h
kube-public       Active   5d20h
kube-system       Active   5d20h
metallb-system    Active   9s
$ kubectl describe ns metallb-system
Name:         metallb-system
Labels:       app=metallb
              kubernetes.io/metadata.name=metallb-system
Annotations:  <none>
Status:       Active
 
No resource quota.
 
No LimitRange resource.
$ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/controller created
daemonset.apps/speaker created
deployment.apps/controller created
$ kubectl get all -n metallb-system
NAME                             READY   STATUS    RESTARTS   AGE
pod/controller-57fd9c5bb-twsxt   1/1     Running   0          52s
pod/speaker-2vxhj                1/1     Running   0          53s
pod/speaker-tjhck                0/1     Running   0          53s
pod/speaker-vx9dt                1/1     Running   0          53s
 
NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/speaker   3         3         2       3            2           kubernetes.io/os=linux   53s
 
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/controller   1/1     1            1           53s
 
NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/controller-57fd9c5bb   1         1         1       52s
metallb-config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 177.75.176.43-177.75.176.62
  • address-pools: Inicia a configuração de endereçamento;
  • name: Define o nome do pool de endereçamento.
  1. protocol: Define o protocolo que será utilizado. No modo layer2, uma máquina no cluster assume a propriedade do serviço e usa protocolos de descoberta de endereço padrão (ARP para IPv4, NDP para IPv6) para tornar esses IPs acessíveis na rede local. No modo BGP, todas as máquinas no cluster estabelecem sessões de emparelhamento BGP com roteadores próximos que você controla e informam a esses roteadores como encaminhar o tráfego para os IPs de serviço;
  2. addresses: Define o pool de endereços que será utilizado para acessar o load balancer para cada serviço.
$ kubectl apply -f metallb-config.yaml
configmap/config created
$ kubectl describe cm config -n metallb-system
Name:         config
Namespace:    metallb-system
Labels:       <none>
Annotations:  <none>
 
Data
====
config:
----
address-pools:
- name: default
  protocol: layer2
  addresses:
  - 177.75.176.43-177.75.176.62
 
 
BinaryData
====
 
Events:  <none>
$ kubectl get deploy
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   1/1     1            1           3h39m
$ kubectl create deploy apache --image=httpd
deployment.apps/apache created
$ kubectl get deploy
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
apache   1/1     1            1           71s
nginx    1/1     1            1           3h41m
$ kubectl scale deploy nginx --replicas=2
deployment.apps/nginx scaled
$ kubectl scale deploy apache --replicas=2
deployment.apps/apache scaled
$ kubectl get deploy
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
apache   2/2     2            2           3m9s
nginx    2/2     2            2           3h43m
$ kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP               NODE                                 NOMINATED NODE   READINESS GATES
apache-6d96f8c8d-rhmrs   1/1     Running   0          4m13s   172.16.101.76    kube-worker-01.juntotelecom.com.br   <none>           <none>
apache-6d96f8c8d-xqcnr   1/1     Running   0          108s    172.16.213.143   kube-worker-02.juntotelecom.com.br   <none>           <none>
nginx-85b98978db-5t5fr   1/1     Running   0          3h44m   172.16.213.141   kube-worker-02.juntotelecom.com.br   <none>           <none>
nginx-85b98978db-mtj4q   1/1     Running   0          114s    172.16.101.77    kube-worker-01.juntotelecom.com.br   <none>           <none>
$ kubectl expose deploy nginx --type="LoadBalancer" --port 80 --target-port=80
service/nginx exposed
$ kubectl get svc
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1       <none>          443/TCP        5d20h
nginx        LoadBalancer   10.108.43.217   177.75.176.43   80:31569/TCP   37s
$ kubectl expose deploy apache --type="LoadBalancer" --port 80 --target-port=80
service/apache exposed
$ kubectl get svc
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
apache       LoadBalancer   10.96.132.197   177.75.176.44   80:31241/TCP   18s
kubernetes   ClusterIP      10.96.0.1       <none>          443/TCP        5d20h
nginx        LoadBalancer   10.108.43.217   177.75.176.43   80:31569/TCP   115s
$ kubectl describe svc nginx
Name:                     nginx
Namespace:                default
Labels:                   app=nginx
Annotations:              <none>
Selector:                 app=nginx
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.108.43.217
IPs:                      10.108.43.217
LoadBalancer Ingress:     177.75.176.43
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31569/TCP
Endpoints:                172.16.101.77:80,172.16.213.141:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason        Age    From                Message
  ----    ------        ----   ----                -------
  Normal  IPAllocated   3m18s  metallb-controller  Assigned IP ["177.75.176.43"]
  Normal  nodeAssigned  3m17s  metallb-speaker     announcing from node "kube-worker-02.juntotelecom.com.br"
web-nginx.sh
#!/bin/bash
export POD1=$(kubectl get po -o wide | grep nginx | grep kube-worker-01 | awk -F" " '{print $1}')
export POD2=$(kubectl get po -o wide | grep nginx | grep kube-worker-02 | awk -F" " '{print $1}')
 
echo 'NGINX NODE 1 - LOAD BALANCER' > /tmp/index.html
kubectl cp /tmp/index.html $POD1:/usr/share/nginx/html/
 
echo 'NGINX NODE 2 - LOAD BALANCER' > /tmp/index.html
kubectl cp /tmp/index.html $POD2:/usr/share/nginx/html/
web-apache.sh
#!/bin/bash
export POD1=$(kubectl get po -o wide | grep apache | grep kube-worker-01 | awk -F" " '{print $1}')
export POD2=$(kubectl get po -o wide | grep apache | grep kube-worker-02 | awk -F" " '{print $1}')
 
echo 'APACHE NODE 1 - LOAD BALANCER' > /tmp/index.html
kubectl cp /tmp/index.html $POD1:/usr/local/apache2/htdocs/
 
echo 'APACHE NODE 2 - LOAD BALANCER' > /tmp/index.html
kubectl cp /tmp/index.html $POD2:/usr/local/apache2/htdocs/
$ bash web-nginx.sh
$ bash web-apache.sh
$ for cont in $(seq 1 10); do curl http://177.75.176.43;done
NGINX NODE 1 - LOAD BALANCER
NGINX NODE 2 - LOAD BALANCER
NGINX NODE 1 - LOAD BALANCER
NGINX NODE 1 - LOAD BALANCER
NGINX NODE 1 - LOAD BALANCER
NGINX NODE 2 - LOAD BALANCER
NGINX NODE 2 - LOAD BALANCER
NGINX NODE 1 - LOAD BALANCER
NGINX NODE 2 - LOAD BALANCER
NGINX NODE 2 - LOAD BALANCER
$ for cont in $(seq 1 10); do curl http://177.75.176.44;done
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
APACHE NODE 1 - LOAD BALANCER
$ kubectl get svc
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
apache       LoadBalancer   10.96.132.197   177.75.176.44   80:31241/TCP   19m
kubernetes   ClusterIP      10.96.0.1       <none>          443/TCP        5d21h
nginx        LoadBalancer   10.108.43.217   177.75.176.43   80:31569/TCP   21m
$ kubectl patch svc nginx -p '{"spec": {"ports": [{"port": 80}],"type": "NodePort"}}'
service/nginx patched
$ kubectl patch svc apache -p '{"spec": {"ports": [{"port": 80}],"type": "NodePort"}}'
service/apache patched
$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
apache       NodePort    10.96.132.197   <none>        80:31241/TCP   20m
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        5d21h
nginx        NodePort    10.108.43.217   <none>        80:31569/TCP   22m

Gerenciar Ingress no Kubernetes

Instalação e configuração do Nginx Ingress

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
$ kubectl get all -n ingress-nginx
NAME                                            READY   STATUS      RESTARTS   AGE
pod/ingress-nginx-admission-create-7fvl2        0/1     Completed   0          72s
pod/ingress-nginx-admission-patch-pl8j8         0/1     Completed   2          72s
pod/ingress-nginx-controller-5bf7467b67-j6blh   0/1     Running     0          72s
 
NAME                                         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/ingress-nginx-controller             NodePort    10.108.43.195    <none>        80:30007/TCP,443:30221/TCP   73s
service/ingress-nginx-controller-admission   ClusterIP   10.101.226.220   <none>        443/TCP                      73s
 
NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   0/1     1            0           73s
 
NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-5bf7467b67   1         1         0       73s
 
NAME                                       COMPLETIONS   DURATION   AGE
job.batch/ingress-nginx-admission-create   1/1           20s        73s
job.batch/ingress-nginx-admission-patch    1/1           33s        72s
$ kubectl edit svc ingress-nginx-controller -n ingress-nginx

Alterar de: 

50   sessionAffinity: None
51   type: NodePort
52 status:
53   loadBalancer: {}

Para: 

50   sessionAffinity: None
51   type: LoadBalancer
52 status:
53   loadBalancer: {}
$ kubectl get svc -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.108.43.195    177.75.176.43   80:30007/TCP,443:30221/TCP   9m38s
ingress-nginx-controller-admission   ClusterIP      10.101.226.220   <none>          443/TCP                      9m38s

Criar Ingress no Cluster Kubernetes

ingress-nginx.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-nginx
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx
            port:
              number: 80
    host: nginx.juntotelecom.com.br
$ kubectl apply -f ingress-nginx.yaml
ingress.networking.k8s.io/ingress-nginx created
$ kubectl get ingress ingress-nginx
NAME            CLASS    HOSTS                       ADDRESS   PORTS   AGE
ingress-nginx   <none>   nginx.juntotelecom.com.br             80      2m6s
$ kubectl describe ingress ingress-nginx
Name:             ingress-nginx
Labels:           <none>
Namespace:        default
Address:
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                       Path  Backends
  ----                       ----  --------
  nginx.juntotelecom.com.br
                             /   nginx:80 (172.16.101.77:80,172.16.213.141:80)
Annotations:                 <none>
Events:                      <none>
$ sudo cat /etc/hosts
[...]
177.75.176.43   nginx.juntotelecom.com.br
177.75.176.43   apache.juntotelecom.com.br
[...]
wikiv3/services_kube.txt · Last modified: by 127.0.0.1