0% found this document useful (0 votes)

5 views

Networking

Uploaded by

redhatlnxos

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views

Networking

Uploaded by

redhatlnxos

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 53

Netw

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
matchLabels:
role: db

Netw
Poli
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
matchLabels:
role: db

policyTypes:
- Ingress
dev
apiVersion: networking.k8s.io/v1 API
kind: NetworkPolicy Pod
metadata:
name: db-policy
spec:
podSelector: test
matchLabels:
role: db API
Pod
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
name: api-pod
ports:
- protocol: TCP
port: 3306
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: dev
name: db-policy
spec: API
Pod
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress test
ingress: API
Pod
- from:
- podSelector:
matchLabels:
name: api-pod
namespaceSelector:
matchLabels:
name: prod
ports:
- protocol: TCP
port: 3306
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: dev
name: db-policy
spec: API
Pod
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress test
ingress: API
Pod
- from:
- podSelector:
matchLabels:
name: api-pod
namespaceSelector:
matchLabels:
name: prod Backup
ports: 192.16
- protocol: TCP
port: 3306
spec:
podSelector:
matchLabels:
role: db dev
policyTypes: API
- Ingress Pod

ingress:
- from:
- podSelector:
matchLabels: test
name: api-pod
API
- namespaceSelector: Pod
matchLabels:
name: prod
- ipBlock:
cidr: 192.168.5.10/32

Backup
ports: 192.16
- protocol: TCP
port: 3306
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
name: api-pod
ports:
- protocol: TCP
port: 3306
egress:
- to:
- ipBlock:
cidr: 192.168.5.10/32 Backup
ports: 192.16
- protocol: TCP
port: 80 80
INGR
www.my-online-store.com
www.my-online-store.com
http://<node-ip>:38080
38080

wear-service (NodePort)

wear wear wear

mysql-service (ClusterIP)

MySQL
www.my-online-store.com <node-ip>

http://my-online-store.com:38080
http://<node-ip>:38080

38080

wear-service (NodePort)

wear wear wear

www.my-online-store.com <node-ip>
proxy-server

http://my-online-store.com:38080
http://my-online-store.com
http://<node-ip>:38080

proxy-server

38080

wear-service (NodePort)

wear wear wear

www.my-online-store.com <node-ip>

http://my-online-store.com:38080
http://<node-ip>:38080

38080

wear-service (NodePort)
(LoadBalancer)

wear wear wear

www.my-online-store.com gcp load-bala
<node-ip>

http://my-online-store.com:38080
http://my-online-store.com
http://<node-ip>:38080
80

gcp load-balancer

38080

wear-service (LoadBalancer)

wear wear wear

www.my-online-store.com/wear
www.my-online-store.com www.my-online-s
www.my-online-store.com gcp load-bala
<node-ip>

http://my-online-store.com:38080
http://my-online-store.com
http://<node-ip>:38080

gcp load-balancer gcp load-bal

38080

wear-service (LoadBalancer)

wear wear wear Video

www.my-online-store.com yet
gcpanother
load-bala
<node-ip> lo

https://my-online-store.com
http://my-online-store.com
http://my-online-store.com:38080
http://<node-ip>:38080
/apparel
yet another load-balancer
/video

gcp load-balancer gcp load-bal

38080

wear-service (LoadBalancer)

wear wear wear Video

www.my-online-store.com yet
gcpanother
load-bala
<node-ip> lo

/apparel
yet another load-balancer
/video

gcp load-balancer gcp load-bal

38080

wear-service (LoadBalancer)

wear wear wear Video

Ingress

yet another load-balancer /appa

/video

load-balancer load-balance

38080

wear-service (LoadBalancer)
Ingress

38080 INGRESS

wear-service

wear wear wear Vi

Ingress
38080

ing

INGRESS

wear-service

wear wear wear Vi

Ingress
INGRESS
1. Deploy

INGRESS CONTROLLER

2. Configure
INGRESS RESOURCES
INGRESS CONTROLLER

GCP HTTP(S)
Load Balancer (GCE)
Contour

Istio
INGRESS CONTROLLER
apiVersion: extensi
kind: Deployment
metadata:
name: nginx-ingre
spec:
replicas: 1
selector:
matchLabels:
name: nginx-i
template:
metadata:
labels:
name: nginx
spec:
ConfigMap containers:
nginx-configuration - name: ngi
image: qua
con
kind: ConfigMap
args:
apiVersion: v1
metadata: - /nginx-in
name: nginx-configuration - --config
name: nginx-ingre
spec:
INGRESS CONTROLLER replicas: 1
selector:
matchLabels:
name: nginx-i
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: ngi
image: qua
con
args:
- /nginx-in
ConfigMap - --config
nginx-configuration env:
- name: POD
valueFrom
kind: ConfigMap fieldRe
apiVersion: v1 field
metadata: - name: POD
name: nginx-configuration valueFrom
fieldRe
field
- name: ngi
image: qua
INGRESS CONTROLLER args:
con

- /nginx-in
- --config
env:
- name: POD
valueFrom
fieldRe
field
- name: POD
valueFrom
fieldRe
field

ports:
- name: htt
ConfigMap container
nginx-configuration
- name: htt
container
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
field

INGRESS CONTROLLER ports:

- name: htt
container
- name: htt
container

apiVersion: v1
kind: Service
metadata:
name: nginx-ingre
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
ConfigMap targetPort: 443
nginx-configuration protocol: TCP
kind: ConfigMap name: https
apiVersion: v1 selector:
metadata: name: nginx-ing
name: nginx-configuration
protocol: TCP
name: http
INGRESS CONTROLLER - port: 443
targetPort: 443
protocol: TCP
name: https
selector:
name: nginx-ing

apiVersion: v1
kind: ServiceAccoun
metadata:
name: nginx-ingre

Clu
Roles

ConfigMap ServiceAccount
nginx-configuration nginx-ingress-serviceaccount

kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
INGRESS CONTROLLER
Deploymen
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
containers:
- name: nginx-ingress-controll
image: quay.io/kubernetes-ing
controller/nginx-ingre
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.nam
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.nam

ConfigMap ServiceAccount ports:

- name: http
containerPort: 80
nginx-configuration nginx-ingress-serviceaccount - name: https
containerPort: 443
INGRESS RESOURCE

www.my-online-store.com www.my-online-store.com

/wear /watch

wear wear VID

INGRESS RESOURCE

www.my-online-store.com
Ingress-wear.ya
apiVersio
kind: Ingr
metadata:
name: i
spec:

wear
INGRESS RESOURCE

www.my-online-store.com
Ingress-wear.ya
apiVersio
kind: Ingr
metadata:
name: i
spec:
backend:
serv
serv

wear-service
kubectl cre

wear
ingress.exten

kubectl get
NAME
ingress-wear
INGRESS RESOURCE - RULES

www.my-online-store.com www.wear.my-online-store.com www.wat

Rule 1 Rule 2
INGRESS RESOURCE - RULES
DNS Name Forwa
www.my-online-store.com 10.12
SERVI
www.wear.my-online- 10.12
store.com
www.watch.my- 10.12
online.store.com
www.my-wear-store.com 10.12

www.my-watch-store.com
www.my-online-store.com www.wear.my-online-store.com 10.12
www.wat

Rule 1 Rule 2
INGRESS RESOURCE - RULES
www.my-online-store.com www.wear.my-online-store.com www.wat

http://www.my-online-store.com/wear

http://www.my-online-store.com/watch

http://www.my-online-store.com/listen

Rule 1 Rule 2

Path /wear

Path /watch

Path /
INGRESS RESOURCE - RULES
www.my-online-store.com www.wear.my-online-store.com www.wat

ttp://www.my-online-store.com/wear http://www.wear.my-online-store.com/

ttp://www.my-online-store.com/watch http://www.wear.my-online-store.com/returns

ttp://www.my-online-store.com/listen http://www.wear.my-online-store.com/support

Rule 1 Rule 2

Path /wear Path /

Path /watch Path /returns

Path / Path /support

INGRESS RESOURCE - RULES
www.my-online-store.com www.wear.my-online-store.com www.wat

http://www.wear.my-online-store.com/
http://www.my-online-store.com/wear http://www

http://www.wear.my-online-store.com/returns
http://www.my-online-store.com/watch http://www
http://www.wear.my-online-store.com/support
http://www.my-online-store.com/listen http://www

Rule 1 Rule 2

Path /wear Path / P

Path /watch Path /returns P

Path / Path /support P

INGRESS RESOURCE - RULES
www.my-online-store.com www.wear.my-online-store.com www.wat

http://www.my-online-store.com/wear http://www.wear.my-online-store.com/ http://www.watch.my-o

http://www.my-online-store.com/watch http://www.wear.my-online-store.com/returns http://www.watch.my-o

http://www.my-online-store.com/listen http://www.wear.my-online-store.com/support http://www.watch.my-o

Rule 1 Rule 2

Path /wear Path / P

Path /watch Path /returns P

Path / Path /support P

INGRESS RESOURCE
Ingress-wear.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
www.my-online-store.com
name: ingress-wear
spec:
/wear /watch backend:
serviceName: wear-service
wear-service
servicePort: 80
80

wear VID
INGRESS RESOURCE
kubectl describe ingress ingress-wear-watch
Name: ingress-wear-watch
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:80 (<none>)
/watch watch-service:80 (<none>)
Annotations:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 14s nginx-ingress-controller Ingress default/i
INGRESS RESOURCE
www.my-online-store.com/wear
www.my-online-store.com www.my-online-store
INGRESS RESOURCE
Ingress-
apiVe
kind:
metad
nam
wear.my-online-store.com watch.my-online-store.com spec:
rule
- ho
ht

- ho
ht
WEAR VIDEO
INGRESS RESOURCE
Ingress-
Ingress-wear-watch.yaml
apiVe
apiVersion: extensions/v1beta1
kind:
kind: Ingress
metad
metadata:
nam
name: ingress-wear-watch
spec:
spec:
rules: rule
- http: - ho
paths: ht
- path: /wear
backend:
serviceName: wear-service
servicePort: 80
- path: /watch - ho
backend: ht
serviceName: watch-service
servicePort: 80
ServiceAccount Dep
ingress-serviceaccount ingres