3

I have deployed kubernetes cluster (with only one Node as master) onto a ec2 instance. After this, I created a nginx deployment and exposed the service using "Type" as NodePort. The nginx service is available on ec2 privateIP:31336 and also able to access via ec2 publicIP:31336 from my computer.

At this stage , I am having follwing questions: 1) what to do in next step in order to access the http service from outside of the cluster i.e., a successful "curl ec2publicIP:80" operation? Any guide would be extremly helpful.

Note: - My ec2 security rule is configured to allow http traffic. - After logging into nginx pod, I'm able to ping google.com but the apt-get update gets timeout. - I have updated the IP forwading in my EC2 instance.

2) What would be the best and simple option among NodePort, ingress controller or ELB as type for kube services.

3) Also, where does the IPtables fits into it. Can it be avoided manually chnaging it's rule by using any of the above or other tools/pkgs which will take care of the networking ?

Your response would be highly appreciated.

nginx-deployment.yaml:

apiVersion: apps/v1 kind: Deployment metadata: name: demo-nginx spec: selector: matchLabels: run: demo-nginx replicas: 1 template: metadata: labels: run: demo-nginx spec: containers: - name: demo-nginx image: k8s.gcr.io/nginx:1.7.9 ports: - containerPort: 80

nginx-services.yaml:

apiVersion: v1 kind: Service metadata: name: demo-nginx labels: run: demo-nginx spec: ports: - port: 80 protocol: TCP selector: run: demo-nginx type: NodePort

rufus
  • 61
  • 6

1 Answers1

2

I guess you want to create a Kubernetes Service that will sit in front of your Pod. The Pods listen on random ports and the Services are the load balancers that translate the random ports to a known external ports (e.g. 80 or 443).

Also you don't want to run Pods on their own. Better run them as part of a Deployment that will take care of restarting them if they die.

Here is a very simple single-Pod Deployment with a Service implemented as AWS ELB. It all sits in its own namespace:

kind: Namespace
apiVersion: v1
metadata:
  name: demo
  labels:
    name: demo

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deployment
  namespace: demo
  labels:
    app: demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo
  template:
    metadata:
      labels:
        app: demo
    spec:
      containers:
      - name: demo
        image: 123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/demo:latest    # <<< Update
        ports:
        - containerPort: 80
          name: backend-http
        env:
        - name: SOME_API
          value: https://example.com/some-api


---
kind: Service
apiVersion: v1
metadata:
  name: demo
  namespace: demo
  annotations:
    # The backend talks over HTTP.
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
spec:
  type: LoadBalancer
  selector:
    app: demo
  ports:
  - name: elb-http
    protocol: TCP
    port: 80
    targetPort: backend-http

As you will notice it's referring to port 80 inside the template even though in reality it will be some random number assigned by k8s. But the Pod thinks it listens on port 80 so that's what we refer to in the template.

You can deploy it with kubectl apply and it will create the whole lot.

Hope that helps :)

MLu
  • 23,798
  • 5
  • 54
  • 81
  • I am using the deployment only. – rufus Dec 19 '18 at 14:41
  • elb is stucked at "pending state". Does the service type 'elb' requires any stipulation? – rufus Dec 19 '18 at 17:36
  • @tanmoy ELB may take some time to create. Has it finished yet? – MLu Dec 19 '18 at 19:05
  • No...forever it's in pending state. But this [post](https://stackoverflow.com/questions/53856939/k8s-service-type-elb-stuck-at-inprogress) suggest there are some stipulation to be met. – rufus Dec 19 '18 at 19:34
  • #MLu I'm still struggling to get the ingress controller up with ELB but it's [not working](https://stackoverflow.com/questions/53955683/ingress-nginx-controller-not-creating-the-elb). Do you have any code that I can follow? – rufus Dec 28 '18 at 14:00
  • @tanmoy so k8s has permissions to create the ELB but it doesn’t work? Is it some Security Group issue? What does the ELB detail show? – MLu Dec 28 '18 at 21:30
  • root cause is known now...it's because, no cloud-provider were provided in the k8s cluster. Now, I am trying to find a way to configure the cloud controller manager to set the cloud provider in all the resources. – rufus Dec 29 '18 at 02:06
  • @tanmoy also consider using [AWS EKS](https://aws.amazon.com/eks/) which is a managed Kubernetes service from Amazon. That may be easier to use as all the AWS related config has already been done for you. – MLu Dec 29 '18 at 02:43