We were discussing the ingress resource for Kubernetes cluster.
The ingress resource can fan out the traffic to different destinations based on service uri paths. This
helps with routing the api calls to independent service implementations. The ingress resource can be specified declaratively as yaml or programmatically. The routing may be determined by the host header. The ingress resource can also route traffic to different backends. An ingress with no rules sends to a traffic to a default backend. The default backend is typically a configuration option of the ingress controller. The ingress resource can also route traffic to different name based virtual hosts at the same ip address. This feature can work without a name based virtual host being required which translates to all traffic as pass-through. The ingress resource can be used to secure the ingress by specifying a tls private key and certificate.
The ingress resource can fan out the traffic to different destinations based on service uri paths. This
helps with routing the api calls to independent service implementations. The ingress resource can be specified declaratively as yaml or programmatically. The routing may be determined by the host header. The ingress resource can also route traffic to different backends. An ingress with no rules sends to a traffic to a default backend. The default backend is typically a configuration option of the ingress controller. The ingress resource can also route traffic to different name based virtual hosts at the same ip address. This feature can work without a name based virtual host being required which translates to all traffic as pass-through. The ingress resource can be used to secure the ingress by specifying a tls private key and certificate.
The deployment of services running on
the Kubernetes cluster can be checked using
kubectl cluster-info
This can also be checked
programmatically for automations with the help of K8s apis as shown below:
localhost:~ # kubectl proxy --port=8080
&
[1] 18455
localhost:~ # Starting to serve on
127.0.0.1:8080
localhost:~ # curl http://localhost:8080/api/
{
"kind":
"APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.245.129.228:8443"
}
]
}
localhost:~ # kubectl config view -o
jsonpath='{"Cluster name\tServer\n"}{range
.clusters[*]}{.name}{"\t"}{.cluster.server}{"\n"}{end}'
Cluster name Server
10.245.129.228
pixie
https://pixie.abc.com:8443
localhost:~ # export
CLUSTER_NAME="pixie"
localhost:~ # APISERVER=$(kubectl config
view -o
jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
localhost:~ # echo $APISERVER
https://pixie.abc.com:8443
localhost:~ # TOKEN=$(kubectl get
secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64
-d)
localhost:~ # echo $TOKEN
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tOWttMnIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQ1OGUzMTI1LTViOGQtMTFlOS05NDUxLTAwNTA1NmJkZThjZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.ruDYECIDICGosPh3sUwrPsIoEZlleENEqOy_9vWrANkkDxIVK659ROF2_jfVlUNPFAz9SgPbf3sYj2I7zgKxce-m_FukoWAoB6x68E8s1bIPaRaAq5jmQZ5TubLWS3Vfc7cEnWy1DujzabcGxF7s2tCfvjXVIjwyRTDojk9wYfmFDu61rfIohEkTnR09S43u6Py2iy3REzteTsksxK9eWjwPYeJJ-KX3VAa8ZM_nItKq_5tCvtFK8bSJe7E3qKpKquYA9-To0tAsqtQWWUCx4WF0gul_t65GWES0QOvdy6PLHLi1caGarfuzpOWPeUeXnNygQk1k_YzOZWBjx3efmQ
localhost:~ # curl -X GET $APISERVER/api
--header "Authorization: Bearer $TOKEN" --insecure
{
"kind":
"APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs":
[
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.245.129.228:8443"
}
]
}localhost:~ #
No comments:
Post a Comment