Ingress section in K8S 101

ingress/cola-nginx-configmap.yaml

@@ -0,0 +1,27 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: cola-nginx
+  name: cola-nginx
+  namespace: default
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cola-nginx
+    spec:
+      containers:
+      - image: nginx:1.11.5
+        name: cola-nginx
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/nginx/conf.d
+      volumes:
+       - name: config-volume
+         configMap:
+           name: cola-nginx

ingress/cola-nginx-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cola-nginx
+  labels:
+    app: cola-nginx
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    name: http
+  selector:
+    app: cola-nginx

ingress/conf-cola/default.conf

@@ -0,0 +1,8 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    location / {
+        return 200 'Taste The Feeling. Coca-Cola.\n';
+    }
+}

ingress/conf-pepsi/default.conf

@@ -0,0 +1,8 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    location / {
+        return 200 'Every Pepsi Refreshes The World.\n';
+    }
+}

ingress/drinks-ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: drinks-ingress
+  annotations:
+    ingress.kubernetes.io/rewrite-target: /
+    ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /cola
+        backend:
+          serviceName: cola-nginx
+          servicePort: 80
+      - path: /pepsi
+        backend:
+          serviceName: pepsi-nginx
+          servicePort: 80

ingress/pepsi-nginx-configmap.yaml

@@ -0,0 +1,27 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: pepsi-nginx
+  name: pepsi-nginx
+  namespace: default
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: pepsi-nginx
+    spec:
+      containers:
+      - image: nginx:1.11.5
+        name: pepsi-nginx
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/nginx/conf.d
+      volumes:
+       - name: config-volume
+         configMap:
+           name: pepsi-nginx

ingress/pepsi-nginx-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pepsi-nginx
+  labels:
+    app: pepsi-nginx
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    name: http
+  selector:
+    app: pepsi-nginx

k8s101.md

@@ -937,6 +937,111 @@ So on my computer I can now open mattermost app using one of the nodes IP:
 
 ![mattermost](img/mattermost.png)
 
+### Ingress
+
+*Preparation: ingress can be enabled on already running minikube using command:*
+
+```
+minikube addons enable ingress
+```
+
+An Ingress is a collection of rules that allow inbound connections to reach the cluster services.
+It can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+The difference between service and ingress (in K8S terminology) is that service allows you to provide access on OSI L3, and ingress
+works on L7. E.g. while accessing HTTP server service can provide only load-balancing and HA, unlike ingres which could be used to split
+traffic on HTTP location basis, etc.
+
+First, we need to create to 2 different nginx deployments, configmaps and services for them:
+
+```
+kubectl create configmap cola-nginx --from-file=ingress/conf-cola
+kubectl create configmap pepsi-nginx --from-file=ingress/conf-pepsi
+kubectl apply -f ingress/cola-nginx-configmap.yaml -f ingress/pepsi-nginx-configmap.yaml
+kubectl apply -f ingress/cola-nginx-service.yaml -f ingress/pepsi-nginx-service.yaml
+```
+
+Check if both deployments and services works:
+
+```
+$ curl $(minikube service cola-nginx --url)
+Taste The Feeling. Coca-Cola.
+$ curl $(minikube service pepsi-nginx --url)
+Every Pepsi Refreshes The World.
+```
+
+Example ingress usage pattern is to route HTTP traffic according to location.
+Now we have two different deployments and services, assume we need to route user
+requests from `/cola` to `cola-nginx` service (backed by `cola-nginx` deployment)
+and `/pepsi` to `pepsi-nginx` service.
+
+This can be acheived using following ingress resource:
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: drinks-ingress
+  annotations:
+    ingress.kubernetes.io/rewrite-target: /
+    ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /cola
+        backend:
+          serviceName: cola-nginx
+          servicePort: 80
+      - path: /pepsi
+        backend:
+          serviceName: pepsi-nginx
+          servicePort: 80
+```
+
+Create ingress:
+
+```
+kubectl apply -f ingress/drinks-ingress.yaml
+```
+
+Notice annotations:
+
+* `ingress.kubernetes.io/rewrite-target: /` -- sets request's location to `/` instead of specified in `path`.
+* `ingress.kubernetes.io/ssl-redirect: "false"` -- disables HTTP to HTTPS redirect, enabled by default.
+
+Ingress is implemented inside `kube-system` namespace using any kind of configurable proxy. E.g. in minikube
+ingress uses nginx. Simply speaking there's special server which reacts to ingress resource creation/deletion/alteration
+and updates configuration of neighboured nginx. This *ingress controller* application started using
+ReplicationController resource inside minikube, but could be run as usual K8S application (DS, Deployment, etc),
+on special set of "edge router" nodes for improved security.
+
+```
+$ kubectl --namespace=kube-system get pods -l app=nginx-ingress-lb
+NAME                             READY     STATUS    RESTARTS   AGE
+nginx-ingress-controller-1nzsp   1/1       Running   0          1h
+```
+
+Now we can make ingress reachable to outer world (e.g. our local host). It's not required, you're free of choice
+to make it reachable only internally or via some cloud-provider using LoadBalancer.
+
+```
+kubectl --namespace=kube-system expose rc nginx-ingress-controller --port=80 --type=LoadBalancer
+```
+
+Finally we can check location splitting via hitting ingress-controller service with
+proper location.
+
+```
+$ curl $(minikube service --namespace=kube-system nginx-ingress-controller --url)/cola
+Taste The Feeling. Coca-Cola.
+$ curl $(minikube service --namespace=kube-system nginx-ingress-controller --url)/pepsi
+Every Pepsi Refreshes The World.
+```
+
+As you see, we're hitting one service with different locations and have different responses due
+to ingress location routing.
+
+More details on ingress features and use cases [here](https://kubernetes.io/docs/user-guide/ingress/).
 
 ### Recap