Hi I am trying to expose a containerized application using google kubernetes engine, I deployed my services ( backend and frontend) and I am able to access to them via
http://[external-Ip]:port
but every time I rexpose my service after modifcation the external Ip change.
My questions are:
-what is the next step after deploying the services ( get a staic adress)
how can I connect my backend and my frontend service?
-How to expose the services into static adress ( I do not want my adress changing every time I rebuild and rexpose my services)?
You can try the following config for your needs.
Publishing services - service types
https://kubernetes.io/docs/concepts/services-networking/service/
Are you using Ingress or LoadBalancer Service?
https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#step_5_optional_configuring_a_static_ip_address
After the update 1.1, kubernetes support externalIPs, you can setup a static IP . it already answered here:
After you Deployment, wait until you've an external IP, when you run kubectl get svc, and look up that IP in the list on that page and change it from Ephemeral to Static in that way you can promote your Ephemeral IP to a Static IP.
As well you can use a gcloud command to do :
gcloud compute addresses create [ADDRESS_NAME] \
--addresses [IP_ADDRESS] --region [REGION]
where:
[ADDRESS_NAME] is the name you want to call this address.
[IP_ADDRESS] is the IP address you want to promote.
[REGION] is the region the IP address belongs to.
Related
I am new to learning kubernetes, and I understand that pods have dynamic IP and require some other "service" resource to be attached to a pod to use the fixed IP address. What service do I require and what is the process of configuration & How does AWS-ECR fit into all this.
So if I have to communicate from a container of a pod to google.com, Can I assume my source as the IP address of the "service", if I have to establish a connection?
Well, for example on Azure, this feature [Feature Request] Pod Static IP is under request:
See https://github.com/Azure/AKS/issues/2189
Also, as I know, you can currently assign an existing IP adress to a load balancer service or an ingress controller
See https://learn.microsoft.com/en-us/azure/aks/static-ip
By default, the public IP address assigned to a load balancer resource
created by an AKS cluster is only valid for the lifespan of that
resource. If you delete the Kubernetes service, the associated load
balancer and IP address are also deleted. If you want to assign a
specific IP address or retain an IP address for redeployed Kubernetes
services, you can create and use a static public IP address
As you said we needs to define a service which selects all the required pods and then you would be sending requests to this service instead of the pods.
I would suggest you to go through this https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types.
The type of service you need basically depends on the use-case.
I will give a small overview so you get an idea.
Usually when pods only have internal requests ClusterIP is used
Node port allow external requests but is basically used for testing and not for production cases
If you also have requests coming from outside the cluster you would usually use load balancer
Then there is another option for ingress
As for AWS-ECR, its basically a container registry where you store your docker images and pull from it.
I would like to deploy a container image to Google Cloud Run (fully managed). I follow the instructions:
https://cloud.google.com/run/docs/quickstarts/build-and-deploy
I was wondering if I can fix static IP for the container or not. Please note that I am not using VM instance. I am new to use this service. I really appreciate it if you could help me on this issue.
You can get a static IP for your Cloud Run service (not individual containers, as many containers can be running the same app) by creating a "Cloud HTTP(S) Load Balancer" that serves on a static IP and putting your service behind it.
See the relevant section in documentation on how to create a LB and add a "serverless network endpoint group" behinding it that routes the traffic to Cloud Run.
There's also sample step-by-step guide on this with a load balancer with static IP at https://cloud.google.com/run/docs/multiple-regions.
If you mean "how do I get static IPs for outbound connections my Cloud Run app make", that's a different question with a different answer (it'll be possible soon).
Cloud Run is fully managed serverless containerised service. So you wont get access to IP address. You will get fix URL to the service (hash in the service name is unique to the project-service combination).
This feature is now available for Google Cloud Run services:
https://cloud.google.com/run/docs/configuring/static-outbound-ip
Inside of a Kubernetes Cluster I am running 1 node with 2 deployments. React front-end and a .NET Core app. I also have a Load Balancer service for the front end app. (All working: I can port-forward to see the backend deployment working.)
Question: I'm trying to get the front end and API to communicate. I know I can do that with an external facing load balancer but is there a way to do that using the clusterIPs and not have an external IP for the back end?
The reason we are interested in this, it simply adds one more layer of security. Keeping the API to vnet only, we are removing one more entry point.
If it helps, we are deploying in Azure with AKS. I know they have some weird deployment things sometimes.
Pods running on the cluster can talk to each other using a ClusterIP service, which is the default service type. You don't need a LoadBalancer service to make two pods talk to each other. According to the docs on this topic
ClusterIP exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. This is the default ServiceType.
As explained in the Discovery documentation, if both Pods (frontend and API) are running on the same namespace, the frontend just needs to send requests to the name of the backend service.
If they are running on different namespaces, the frontend API needs to use a fully qualified domain name to be able to talk with the backend.
For example, if you have a Service called "my-service" in Kubernetes Namespace "my-ns" a DNS record for "my-service.my-ns" is created. Pods which exist in the "my-ns" Namespace should be able to find it by simply doing a name lookup for "my-service". Pods which exist in other Namespaces must qualify the name as "my-service.my-ns". The result of these name lookups is the cluster IP.
You can find more info about how DNS works on kubernetes in the docs.
The problem with this configuration is the idea that the Frontend app will be trying to reach out to the API via the internal cluster. But it will not. My app, on the client's browser can not reach services and pods in my Kluster.
My cluster will need something like nginx or another external Load Balancer to allow my client side api calls to reach my API.
You can alternatively used your front end app, as your proxy, but that is highly not advised!
I'm trying to get the front end and api to communicate
By api, if you mean the Kubernetes API server, first setup a service account and token for the front-end pod to communicate with the Kubernetes API server by following the steps here, here and here.
is there a way to do that using the clusterIPs and not have an external IP for the back end
Yes, this is possible and more secure if external access is not needed for the service. Service type ClusterIP will not have an ExternalIP and the pods can talk to each other using ClusterIP:Port within the cluster.
I am using Kubernetes Engine on the Google Cloud Platform. I have a pod running a process in a Docker scratch container. I also have a load balancer service that gives me access to the pod from the outside world.
The process running in the pod needs to know what its external IP address is. How can I get this?
Prior to using Kubernetes Engine I was using Compute Engine and could find the external IP address by the following:
curl -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip
Are there any internal tools I can use that would be available to my process? Or would I need the process to call an external site that can mirror back the IP address?
Every Pod (unless configured not to do so) has valid kubernetes credentials in /var/run/secrets/kubernetes.io/serviceaccount/token as described here so the answer is to use the kubernetes API to ask the Service in front of the Pod(s) for its status:loadBalancer:ingress:ip: as described here which I have every reason to believe GKE will keep up-to-date with any changes to the load balancer. The kubernetes API is always(?) located at https://kubernetes (that's normally enough, or https://kubernetes.default.svc.cluster.local is its full name), so there should be very little configuration the Pod would need in order to carry out the lookup.
The asterisk to that response is that one must provide the name of the Service to the Pod(s) of the Service sitting in front of it, because (for the most part) there is no way for the Pod to know how many Services point to it.
Like to know if there is a way to identify Master IP address (API server Host & port) from the application that I run in POD?. ( say I create a kubernetes cluster A, with Master public IP address x.x.x.x; and I create a pod with my app (say a golang or J2ee) on a kubernetes minion belonging to that cluster A. From the App process that is running on cluster A minion , we like to know the public IP address of that Master (x.x.x.x) )
I do not find any Environmental variables for the same.
Can any one help?.
The api service is exposed via a k8s service. You would need to use the API to access the service config. You can get access to the API through the service endpoint (the address is in an env variable) but you'll have to have the necessary creds to do anything useful. They're in a subdirectory of /var/run/secrets/kubernetes.io depending on which service account your pod is running under. You can either access the endpoint directly, over https or you can run a proxy in your pod. See http://kubernetes.io/docs/user-guide/accessing-the-cluster/#accessing-the-api-from-a-pod.
An example of using curl to hit the API server is given in https://stackoverflow.com/a/30739416/191215.
The api endpoint you want is /api/v1/endpoints. Look for the item with a metadata.name of kubernetes. The external endpoint should be one of the subsets addresses.
I believe this is true for all k8s implementations but have only tested it on GKE and from docker-machine.
The DNS name kubernetes should resolve to a virtual IP address that will route to the master so that you can hit the apiserver.