S&N - Services and Ingress

Question 1

How can you redirect users to use different service depending on what url they use?
for exmaple
my-online-store.com/product
my-online-store.com/list

Answer 1

You need another loadbalancer to redistribute requests according the the urls to the different services

Question 2

What does Ingress do?

Answer 2

• helps your users access your application using a single externally available url
• that can be configured to route to different services within your cluster based on the url pod
• at the same time implement ssl security
• still needs to be published as a NodePort or with a cloud native load balancer

Question 3

What is a layer-7 load balancer?

Answer 3

• supports host and path based load balancing
• ssl termination
• supports only http/https traffic and therefore only listens to port 80/443

Question 4

What can Ingress be thought of as?

Answer 4

• as a layer seven load balancer built in to Kubernetes cluster
• that can be configured using Kubernetes primitives just like any other object in kubernetes

Question 5

How is Ingress implemented?

Answer 5

1. deploy a supported solution, like Nginx, HAproxy, traefik -> Ingress Controller
2. specify a set of rules to configure Ingress -> Ingress Resources

Question 6

How are Ingress Resources created?

Answer 6

• using yaml definition files

Question 7

How can you deploy an Ingress controller?

Answer 7

Choose solution from: GCP / NGINX / …
First two are supported by Kubernetes
1. Deploy deployment for ingress controller (i.e. nginx deployment.yaml)
2. Create a configmap for the deployment to receive its config from
3. Create a service to expose the ingress controller to the outside world
4. Create a serviceAccount for the ingress controller with the right roles, clusterRoles and role bindings

Question 8

Describe an example for an ingress controller yaml

Answer 8

spec:
  replicas: 1
	selector: 
	 match-labels:
	  name: nginx-ingress
template:
 metadata:
  labels: 
	 name: nginx-ingress
	spec:
	 containers:
	  - name: nginx-ingress-controller
	    image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
		args:
		 - /nginx-ingress-controller
		 - --configmap=${POD_NAMESPACE)/nginx-configuration
		env: 
		 - name: POD_NAME
		   valueFrom:
			   fieldRef:
				   fieldPath: metadata.name
			- name: POD_NAMESPACE
			  valueFrom:
				 fieldRef:
				  fieldPath: metadata.namespace
		ports: 
		  - name: http
		    containerPort: 80
			- name: https
			  containerPort:443
		   

Question 9

What is a Ingress resource?

Answer 9

• a set of rules and configurations applied on the ingress controller
• rules like, simply forward all traffic to the certain node
• or forward traffic to different applications based on url
• or route based on the domain name itself

Question 10

How do you create a simple ingress resource?

Answer 10

yaml definition file, like ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-wear
spec:
  backend: (defines, where traffic will be routed to, single backend = no rules)
	  service:
	    name: wear-service
		  port:
			 number: 80

Question 11

What structure to Ingress resources use?

Answer 11

• different rules
• deal with different paths

rule 1: for www.my-online-store.com, deals with paths:
- www.my-online-store.com/watch
- www.my-online-store.com/wear
- www.my-online-store.com/listen

rule 2: www.wear.my-online-store.com, deals with paths, connecting to some backend services:
- www.wear.my-online-store.com/returns
- www.wear.my-online-store.com/support
…
one rule for everything else

Question 12

How do we create a more complex Ingress resource? (routing based on path, /wear and /watch)

Answer 12

spec:
 rules:
  - http:
    paths:
		  - path: /wear
		    backend:
          service:
			      name: wear-service
					  port:
						 number: 80
		  - path: /watch
		    backend:
		  	  service:
            name: watch-service
					  port:
						 number: 80
 

Question 13

How do we create a more complex Ingress resource? (routing based on domain name, .wear. and .watch.)

Answer 13

metadata:
  name: test-ingress
	namespace: critical-space
	annotations:
	  nginx.ingress.kubernetes.io/rewrite-target: / (-> rewrite whats under rules: ... path: to be the specified value)
spec:
 rules:
  - host: wear.my-online-store.com
   - http:
     paths:
		   - path: /wear
		     backend:
			     service:
					   name: wear-service
			   	  port: 
						  number: 80
		- host: watch.my-online-store.com
		  http:
			 - path: /watch
		     backend:
				  service:
				    name: watch-service
				  	port:
						  number: 80
 

Question 14

How can we imperatively create an ingress resource?

Answer 14

kubectl create ingress <ingress-name> --rule="host/path=service:port"</ingress-name>

Question 15

What use are the annotations and rewrite rules?

Answer 15

• with them you can specify, to what endpoint inside the application ingress redirects traffic to
• for instance, in ingress you redirect to /pay, but the application may not have a /pay endpoint
• for that you use the ‘rewrite-target’ option

Question 16

How many and what serviceAccounts does an ingress controller need?

Answer 16

• ingress-nginx-admission
• ingress-nginx