In Kubernetes Part I, we’ve discussd how to spin up a kubernetes cluster easily on Nectar. In this post, we will discuss how to host an application and access it externally.
To being, you should already have a working cluster. If you do not, head back to the previous post and follow the steps.
- Check that you cluster is working
kubectl get nodes
- Start a container image. We use nginx as an example
kubectl run nginx --image nginx
This command will start a pod with a container inside it running the nginx image. On Kubernetes, the smallest runnable unit is a pod, which holds one (or more) containers.
- Check that your pod has started up and is running.
kubectl get pods
Now that you have a pod working, we need a way of getting to it from the Internet. In Nectar Cloud, we can do this by creating a load balancer. A load balancer has a public (floating ip), and redirects traffic to this public IP to one or more private addresses. Use the following yaml to create your load balancer. Save it as
apiVersion: v1 kind: Service metadata: name: nginxservice labels: app: nginx annotations: loadbalancer.openstack.org/floating-network-id: 'e48bdd06-cc3e-46e1-b7ea-64af43c74ef8' spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: run: nginx type: LoadBalancer
Note that the uuid in the
loadbalancer.openstack.org/floating-network-idrefers to a network in
melbourne. If your cluster is in a different AZ, you might want to choose a floating IP network closer to where your cluster is for routing efficiency. However, without it, things still work though! That’s the beauty of Nectar Advanced Network - no matter which AZ the traffic ingress from, it still is able to make the way to your VM on Nectar Cloud.
- Run it as
kubectl create -f nginxservice.yaml
- Get the public IP of the load balancer
kubectl get services
You should be able to browse to
http://<ip>and see the nginx welcome page.
- If this doesn’t work, you might not have the correct security groups applied.
Find the port the IP is on:
openstack floating ip list --floating-ip-address 220.127.116.11 -c Port -f value
Apply a security group that has the HTTP security group rule to it, or, if do not already have one create it.
openstack security group create http openstack security group rule create --ingress --dst-port 80 http openstack port set --security-group http fe008711-7469-4c44-8489-46abbc8b1774
- This is an external load balancer (external to kubernetes), and is created in
Neutron. You can see the loadbalancer in Neutron by doing
More details on what we have just did.
We started an external
LoadBalancerservice in Kubernetes.
Kubernetes understands that it has to create this loadbalancer (externally) by calling out to the openstack neutron provider.
cloud-provider-openstackplugin in kubernetes then create the different pieces that makes it all work, namely floating ip, load balancer, pool, listener and members. These are all openstack resources. It mirrors this to the
LoadBalancerservice you see in kubernetes when you do a
kubectl get services.
The plugin configs all of them and get the floating IP to be displayed in
kubectl get services