Lab 02: Deploy and Expose an Application in OKS
Introduce annotations
In this lab, you will learn how to deploy a simple application on Kubernetes.
Lab Architecture
Section intitulée « Lab Architecture »In this section, you will learn how to:
- Deploy a simple application on the Kubernetes cluster.
- Deploy an Nginx application and expose it.
Verify Cluster Access
Section intitulée « Verify Cluster Access »Make sure you have the required permissions to access the target cluster. You must have a user or role that allows you to export or retrieve the cluster configuration.
Retrieve the kubeconfig file
Section intitulée « Retrieve the kubeconfig file »oks-cli cluster kubeconfig --cluster-name my-cluster --project-name my-project > kubeconfig.yamlexport KUBECONFIG=./kubeconfig.yamlTest the cluster
Section intitulée « Test the cluster »kubectl get nodesInstall and Configure NGINX Ingress in Kubernetes
Section intitulée « Install and Configure NGINX Ingress in Kubernetes »- Install the NGINX Ingress controller
Option 1: Installation via Helm
Section intitulée « Option 1: Installation via Helm »- Add the NGINX Ingress chart repository:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginxhelm repo update- Install the NGINX Ingress controller in the
ingress-nginxnamespace:
helm install nginx-ingress ingress-nginx/ingress-nginx --set controller.admissionWebhooks.enabled=true --create-namespace --namespace ingress-nginx- Verify the Ingress controller deployment
- Check that the Ingress controller pods are running:
Example output:
kubectl get pods -n ingress-nginxNAME READY STATUS RESTARTS AGEingress-nginx-controller-7bbfb99f87-s5cr6 1/1 Running 0 3m- Make sure the pods are in the
Runningstate. - Check the LoadBalancer Service
- Check the external IP address of the LoadBalancer for Ingress:
Example output:
kubectl get svc -n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEingress-nginx-controller LoadBalancer 10.96.0.1 203.0.113.10 80:30080/TCP,443:30443/TCP 5mingress-nginx-controller-admission ClusterIP 10.92.97.75 <none> 443/TCP 5m- Now, we can deploy a simple application and expose it via NGINX Ingress:
---apiVersion: v1kind: Servicemetadata: labels: app: echoheaders name: service-test namespace: ingress-nginxspec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: app: echoheaders type: ClusterIP---apiVersion: apps/v1kind: Deploymentmetadata: labels: app: echoheaders name: echoheaders namespace: ingress-nginxspec: replicas: 1 selector: matchLabels: app: echoheaders template: metadata: labels: app: echoheaders spec: containers: - image: gcr.io/google_containers/echoserver:1.10 imagePullPolicy: IfNotPresent name: echoheaders ports: - containerPort: 8080 protocol: TCP---apiVersion: networking.k8s.io/v1kind: Ingressmetadata: name: test-ingress namespace: ingress-nginx annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" stz-test: "2"spec: ingressClassName: nginx rules: - http: paths: - pathType: Prefix path: "/" backend: service: name: service-test port: number: 8080 host: 'service-test.eu-west-2.lbu.outscale.com'kubectl apply -f ingress.yaml- Verify that the Ingress is deployed and working
Example output:
kubectl get ingress -n ingress-nginxNAME CLASS HOSTS ADDRESS PORTS AGEtest-ingress internal-nginx service-test.eu-west-2.lbu.outscale.com 80.247.7.60 80 13m- Test access with
curl:
curl -H "Host: service-test.eu-west-2.lbu.outscale.com" 80.247.7.60If everything is working, you should see output like this in your terminal:
Hostname: echoheaders-65475f6b6-llqkw
Pod Information: -no pod information available-
Server values: server_version=nginx: 1.13.3 - lua: 10008
Request Information: client_address=X.X.X.X method=GET real path=/ query= request_version=1.1 request_scheme=http request_uri=http://service-test.eu-west-2.lbu.outscale.com:8080/
Request Headers: accept=*/* host=service-test.eu-west-2.lbu.outscale.com user-agent=curl/8.7.1 x-forwarded-for=X.X.X.X x-forwarded-host=service-test.eu-west-2.lbu.outscale.com x-forwarded-port=443 x-forwarded-proto=http x-forwarded-scheme=http x-real-ip=X.X.X.X x-request-id=897a8e2212b4db9c33e8c4e25bf50b85 x-scheme=http
Request Body: -no body in request-Now, let’s use SSL. First, install cert-manager:
helm repo add jetstack https://charts.jetstack.io --force-update
helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.19.1 \ --set crds.enabled=trueThen apply the required manifests:
apiVersion: cert-manager.io/v1kind: ClusterIssuermetadata: name: letsencrypt-prodspec: selfSigned: {}---apiVersion: cert-manager.io/v1kind: Issuermetadata: name: letsencrypt-ca namespace: ingress-nginxspec: ca: secretName: letsencrypt-ca---apiVersion: cert-manager.io/v1kind: Certificatemetadata: name: letsencrypt-ca namespace: ingress-nginxspec: isCA: true commonName: osm-system secretName: letsencrypt-ca issuerRef: name: letsencrypt-prod kind: ClusterIssuer group: cert-manager.ioNow we have a certificate (self-signed) provided by CertManager.
First, delete the previously created ingress:
kubectl delete -f ingress.yamlReplace the ingress with the one containing the TLS definition in a new file named ingress-tls.yaml:
---apiVersion: networking.k8s.io/v1kind: Ingressmetadata: name: test-ingress namespace: ingress-nginx annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" cert-manager.io/cluster-issuer: "letsencrypt-prod"spec: tls: - hosts: - '*.eu-west-2.lbu.outscale.com' secretName: letsencrypt-ca ingressClassName: nginx rules: - http: paths: - pathType: Prefix path: "/" backend: service: name: service-test port: number: 8080 host: 'service-test.eu-west-2.lbu.outscale.com'Apply it:
kubectl apply -f ingress-tls.yamlTest port 80:
curl -H "Host: service-test.eu-west-2.lbu.outscale.com" 80.247.7.60Test port 443 (HTTPS):
curl -H "Host: service-test.eu-west-2.lbu.outscale.com" https://80.247.7.60 -kConclusion
Section intitulée « Conclusion »Once these steps are completed, you will have installed the NGINX Ingress controller
and configured access to your application through a custom hostname
(my-nginx.example.com).