Tiếp nối phần trước sau khi CleanUp thì chúng ta có thể bắt đầu luôn với bài viết này.
Trước hết đa phần thông tin kind
của file .yaml khác như ServiceAccount, ConfigMap… đều thuộc diện nâng cao hơn, ở trong khuôn khổ bài viết này chỉ mang tính ăn sổi
và dùng thư viện hỗ trợ là kubernetes-ingress.
Chúng ta sẽ dùng kubernetes-ingress và phiên bản của của bài viết này là v1.6
nhé
ví dụ minh họa deploy air-viewer trên kubernetes sẽ được miêu tả chi tiết trong tương lai ở bài viết khác.
Thế nào là Ingress?
Ingress là resource Kubernetes cho phép định tuyến cấu hình Loadbalancer HTTP cho các ứng dụng chạy trên Kubernetes, được đại diện bởi một hoặc nhiều Dịch vụ. Một bộ loadbalancer như vậy là cần thiết để cung cấp các ứng dụng đó cho các máy khách như browser trình duyệt chúng ta truy cập bên ngoài cụm Kubernetes.
VÍ dụ
- service A: chúng ta muốn chạy trên domain example.com/svcA
- service B: chúng ta muốn chạy trên domain example.com/svcB
Bạn này xài traefik rồi chắc sẽ quen thuộc cái này, nhưng traefik hiện tại là 2.0 rất ít tài liệu và đang trong giai đoạn phát triển documents nên việc tích hợp với kubernetes thì mình nghĩ nên sử dụng traefik 1.7
Thế nào là Ingress Controller?
Ingress Controller là một ứng dụng chạy trong một cluster và sử dụng cấu hình LoadBalancer HTTP theo tài nguyên Ingress. Loadbalancer này có thể là chạy bằng phần mềm trong cluster, Loadbalancer phần cứng hoặc là Loadbalancer dịch vụ cloud bên ngoài. Với mỗi LoadBalancer khác nhau đòi hỏi phải thực hiện Ingress Controller khác nhau.
Trong trường hợp này, Ingress Controller được triển khai theo dạng phần mềm.
Create a Namespace, a SA, the Default Secret, the Customization Config Map, and Custom Resource Definitions
Tạo một namespace và một service account cho Ingress controller:
1 2 | kubectl apply -f ns-and-sa.yaml |
1 2 3 4 5 6 7 8 9 10 11 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Namespace <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token punctuation">---</span> <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> ServiceAccount <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress |
Đây sẽ tạo namespace nginx-ingress và ServiceAccout bên trong namespace nginx-ingress.
Tạo một secret với chứng chỉ TLS và key cho server mặc định NGINX:
1 2 | kubectl apply -f default-server-secret.yaml |
1 2 3 4 5 6 7 8 9 10 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Secret <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> default<span class="token punctuation">-</span>server<span class="token punctuation">-</span>secret <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">type</span><span class="token punctuation">:</span> Opaque <span class="token key atrule">data</span><span class="token punctuation">:</span> <span class="token key atrule">tls.crt</span><span class="token punctuation">:</span> LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= <span class="token key atrule">tls.key</span><span class="token punctuation">:</span> LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= |
mã tls.crt
và tls.key
nên được thay thế và tạo cho chính domain của bạn, cái này mình vẫn dùng chứng chỉ mặc định của Nginx
Ngoài ra server mặc định của Nginx sẽ return
nếu tất cả các requests đến domains ko tồn tại trong rule Ingress.
Tạo một config map cho tùy biến NGINX configuration
1 2 | kubectl apply -f nginx-config.yaml |
1 2 3 4 5 6 7 8 9 10 11 | <span class="token key atrule">kind</span><span class="token punctuation">:</span> ConfigMap <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>config <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">data</span><span class="token punctuation">:</span> <span class="token comment"># 3 cái config mình custom thêm, có thể bỏ cũng được</span> <span class="token key atrule">proxy-connect-timeout</span><span class="token punctuation">:</span> <span class="token string">"10s"</span> <span class="token key atrule">proxy-read-timeout</span><span class="token punctuation">:</span> <span class="token string">"10s"</span> <span class="token key atrule">client-max-body-size</span><span class="token punctuation">:</span> <span class="token string">"2m"</span> |
Customize config có thể đọc chi tiết ở đây . 3 cái trên mình config thêm 1 số quy tắc thôi, các bạn có thể có thể uncomment nó đi hoặc xóa.
Tạo custom resource definitions cho VirtualServer và VirtualServerRoute
1 2 | kubectl apply -f custom-resource-definitions.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apiextensions.k8s.io/v1beta1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> CustomResourceDefinition <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> virtualservers.k8s.nginx.org <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">group</span><span class="token punctuation">:</span> k8s.nginx.org <span class="token key atrule">versions</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> v1 <span class="token key atrule">served</span><span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">storage</span><span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">scope</span><span class="token punctuation">:</span> Namespaced <span class="token key atrule">names</span><span class="token punctuation">:</span> <span class="token key atrule">plural</span><span class="token punctuation">:</span> virtualservers <span class="token key atrule">singular</span><span class="token punctuation">:</span> virtualserver <span class="token key atrule">kind</span><span class="token punctuation">:</span> VirtualServer <span class="token key atrule">shortNames</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> vs <span class="token punctuation">---</span> <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apiextensions.k8s.io/v1beta1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> CustomResourceDefinition <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> virtualserverroutes.k8s.nginx.org <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">group</span><span class="token punctuation">:</span> k8s.nginx.org <span class="token key atrule">versions</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> v1 <span class="token key atrule">served</span><span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">storage</span><span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">scope</span><span class="token punctuation">:</span> Namespaced <span class="token key atrule">names</span><span class="token punctuation">:</span> <span class="token key atrule">plural</span><span class="token punctuation">:</span> virtualserverroutes <span class="token key atrule">singular</span><span class="token punctuation">:</span> virtualserverroute <span class="token key atrule">kind</span><span class="token punctuation">:</span> VirtualServerRoute <span class="token key atrule">shortNames</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> vsr |
Configure RBAC
RBAC chúng ta có thể thấy luôn ở file yaml dưới đây chính là cấp quyền nginx-ingress nó kiểm soát đối với kurbenetes
Nếu RBAC được bật trong cluster, hãy tạo vai trò cluster và liên kết nó với ServiceAccount, được tạo ở Bước 1 của phần trên
1 2 | kubectl apply -f rbac.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 | <span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRole <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> rbac.authorization.k8s.io/v1beta1 <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">rules</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> services <span class="token punctuation">-</span> endpoints <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> get <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> secrets <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> get <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> configmaps <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> get <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> update <span class="token punctuation">-</span> create <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> pods <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> events <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> create <span class="token punctuation">-</span> patch <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> extensions <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> ingresses <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> get <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">"extensions"</span> <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> ingresses/status <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> update <span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> k8s.nginx.org <span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> virtualservers <span class="token punctuation">-</span> virtualserverroutes <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> list <span class="token punctuation">-</span> watch <span class="token punctuation">-</span> get <span class="token punctuation">---</span> <span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRoleBinding <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> rbac.authorization.k8s.io/v1beta1 <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">subjects</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">kind</span><span class="token punctuation">:</span> ServiceAccount <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">roleRef</span><span class="token punctuation">:</span> <span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRole <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">apiGroup</span><span class="token punctuation">:</span> rbac.authorization.k8s.io |
Deploy the Ingress Controller
Chúng ta có 2 lựa chọn để triển khai Ingress Controller
- Deployment: Nếu bạn có kế hoạch thay đổi số lượng Ingress controller replicas
- DaemonSet: Triển khai Ingress controller trên mỗi Node hoặc các node con (mình sẽ dùng cái này)
1 2 | kubectl apply -f nginx-ingress.yaml |
Cách Deamon-Set
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apps/v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> DaemonSet <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">matchLabels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">template</span><span class="token punctuation">:</span> <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">labels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token comment">#annotations:</span> <span class="token comment">#prometheus.io/scrape: "true"</span> <span class="token comment">#prometheus.io/port: "9113"</span> <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">serviceAccountName</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">containers</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">image</span><span class="token punctuation">:</span> nginx/nginx<span class="token punctuation">-</span>ingress<span class="token punctuation">:</span>edge <span class="token key atrule">imagePullPolicy</span><span class="token punctuation">:</span> Always <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> http <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">hostPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> https <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">443</span> <span class="token key atrule">hostPort</span><span class="token punctuation">:</span> <span class="token number">443</span> <span class="token comment">#- name: prometheus</span> <span class="token comment">#containerPort: 9113</span> <span class="token key atrule">securityContext</span><span class="token punctuation">:</span> <span class="token key atrule">allowPrivilegeEscalation</span><span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">runAsUser</span><span class="token punctuation">:</span> <span class="token number">101 </span><span class="token comment">#nginx</span> <span class="token key atrule">capabilities</span><span class="token punctuation">:</span> <span class="token key atrule">drop</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> ALL <span class="token key atrule">add</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> NET_BIND_SERVICE <span class="token key atrule">env</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> POD_NAMESPACE <span class="token key atrule">valueFrom</span><span class="token punctuation">:</span> <span class="token key atrule">fieldRef</span><span class="token punctuation">:</span> <span class="token key atrule">fieldPath</span><span class="token punctuation">:</span> metadata.namespace <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> POD_NAME <span class="token key atrule">valueFrom</span><span class="token punctuation">:</span> <span class="token key atrule">fieldRef</span><span class="token punctuation">:</span> <span class="token key atrule">fieldPath</span><span class="token punctuation">:</span> metadata.name <span class="token key atrule">args</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span>nginx<span class="token punctuation">-</span>configmaps=$(POD_NAMESPACE)/nginx<span class="token punctuation">-</span>config <span class="token punctuation">-</span> <span class="token punctuation">-</span>default<span class="token punctuation">-</span>server<span class="token punctuation">-</span>tls<span class="token punctuation">-</span>secret=$(POD_NAMESPACE)/default<span class="token punctuation">-</span>server<span class="token punctuation">-</span>secret <span class="token comment">#- -v=3 # Enables extensive logging. Useful for troubleshooting.</span> <span class="token comment">#- -report-ingress-status</span> <span class="token comment">#- -external-service=nginx-ingress</span> <span class="token comment">#- -enable-leader-election</span> <span class="token comment">#- -enable-prometheus-metrics</span> |
để enable báo cáo trạng thái của ingress thì chúng ta uncomment 5 dòng cuối.
Truy cập được vào Ingress Controller
Sẽ có 2 cách browser client truy cập. Cách thứ nhất có thể dùng kiểu NodePort sẽ để Nginx-Ingress chạy cùng với các Worker-Node (không dùng loadbalancer của các service như AWS, Gcloud, Azure… ). Cách dùng NodePort này không nên dùng trực tiếp đối với các serivces ngoài ingress này nhé vì an toàn bảo mật ở trong bài viết trước đã đề cập.
1 2 | kubectl create -f nodeport.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Service <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">namespace</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">type</span><span class="token punctuation">:</span> NodePort <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP <span class="token key atrule">name</span><span class="token punctuation">:</span> http <span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">443</span> <span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">443</span> <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP <span class="token key atrule">name</span><span class="token punctuation">:</span> https <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>ingress |
Cách thứ 2 dùng kiểu LoadBalancer của AWS và Googe Cloud kết hợp Nginx Ingress. Cách này mình sẽ nghiên cứu tiếp, do tài khoản mastercard của mình hết tiền nên ko có cách nào thực hành lại được, khi nào có kinh phí thì sẽ thực hiện ví dụ này.
Example Deploy Nginx after install Ingress
1 2 | kubectl create -f cafe.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apps/v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Deployment <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> coffee <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">replicas</span><span class="token punctuation">:</span> <span class="token number">2</span> <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">matchLabels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> coffee <span class="token key atrule">template</span><span class="token punctuation">:</span> <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">labels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> coffee <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">containers</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> coffee <span class="token key atrule">image</span><span class="token punctuation">:</span> nginxdemos/hello<span class="token punctuation">:</span>plain<span class="token punctuation">-</span>text <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token punctuation">---</span> <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Service <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> coffee<span class="token punctuation">-</span>svc <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP <span class="token key atrule">name</span><span class="token punctuation">:</span> http <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> coffee <span class="token punctuation">---</span> <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apps/v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Deployment <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> tea <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">replicas</span><span class="token punctuation">:</span> <span class="token number">3</span> <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">matchLabels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> tea <span class="token key atrule">template</span><span class="token punctuation">:</span> <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">labels</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> tea <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">containers</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> tea <span class="token key atrule">image</span><span class="token punctuation">:</span> nginxdemos/hello<span class="token punctuation">:</span>plain<span class="token punctuation">-</span>text <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token punctuation">---</span> <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Service <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> tea<span class="token punctuation">-</span>svc <span class="token key atrule">labels</span><span class="token punctuation">:</span> <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">ports</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP <span class="token key atrule">name</span><span class="token punctuation">:</span> http <span class="token key atrule">selector</span><span class="token punctuation">:</span> <span class="token key atrule">app</span><span class="token punctuation">:</span> tea |
2 web service coffee và tea và ta sẽ cho chúng nó dùng chung 1 Host là framgia2c.mylabserver.com
của worker Node 1
tiếp theo tạo chứng chỉ secret SSL dùng chung với chứng SSL đã tạo cho server nginx default để return 404 not found.
1 2 | kubectl create -f cafe-secret.yaml |
1 2 3 4 5 6 7 8 9 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Secret <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> cafe<span class="token punctuation">-</span>secret <span class="token key atrule">type</span><span class="token punctuation">:</span> Opaque <span class="token key atrule">data</span><span class="token punctuation">:</span> <span class="token key atrule">tls.crt</span><span class="token punctuation">:</span> LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K <span class="token key atrule">tls.key</span><span class="token punctuation">:</span> LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== |
Ingress resource
1 2 | kubectl create -f cafe-ingress.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> extensions/v1beta1 <span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress <span class="token key atrule">metadata</span><span class="token punctuation">:</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> cafe<span class="token punctuation">-</span>ingress <span class="token key atrule">spec</span><span class="token punctuation">:</span> <span class="token key atrule">tls</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">hosts</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> framgia2c.mylabserver.com <span class="token key atrule">secretName</span><span class="token punctuation">:</span> cafe<span class="token punctuation">-</span>secret <span class="token key atrule">rules</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> framgia2c.mylabserver.com <span class="token key atrule">http</span><span class="token punctuation">:</span> <span class="token key atrule">paths</span><span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /tea <span class="token key atrule">backend</span><span class="token punctuation">:</span> <span class="token key atrule">serviceName</span><span class="token punctuation">:</span> tea<span class="token punctuation">-</span>svc <span class="token key atrule">servicePort</span><span class="token punctuation">:</span> <span class="token number">80</span> <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /coffee <span class="token key atrule">backend</span><span class="token punctuation">:</span> <span class="token key atrule">serviceName</span><span class="token punctuation">:</span> coffee<span class="token punctuation">-</span>svc <span class="token key atrule">servicePort</span><span class="token punctuation">:</span> <span class="token number">80</span> |
Các quy tắc đường dẫn /tea
sẽ đi vào service của tea, /coffee
sẽ đi vào service của coffee. còn /
sẽ đi vào server nginx default 404 not found
Bây giờ chúng ta có thể truy cập vào địa chỉ https://framgia2c.mylabserver.com/tea, https://framgia2c.mylabserver.com/coffee để thấy thông tin truy cập từ private IP đến tên của server private
1 2 3 4 5 6 7 | // địa chỉ server address này là private khi bạn reload trang liên tục nó sẽ nhảy 3 server address khác nhau tương ứng với số lượng replicas = 3 mà mình đã tạo cho deployment của tea Server address: 10.244.2.11:80 Server name: tea-658d56f6cc-4xghs Date: 07/Jan/2020:18:04:41 +0000 URI: /tea Request ID: ab680457ce5205bfeb01175eab305138 |
1 2 3 4 5 6 7 | // địa chỉ server address này là private khi bạn reload trang liên tục nó sẽ nhảy 2 server address khác nhau tương ứng với số lượng replicas = 2 mà mình đã tạo cho deployment của coffee Server address: 10.244.2.14:80 Server name: coffee-8c8ff9b4f-xz6vq Date: 07/Jan/2020:18:05:35 +0000 URI: /coffee Request ID: 200c5bba88c2102aadf28bde8fa5bf1f |
Kết luận
Các Doimain trên kia và cả server là account công ty cấp nhưng chỉ phục vụ mục đích học tập, nghiên cứu nên server sẽ tự động auto shutdown khoảng 6 tiếng nếu không dùng