Brak połączenia do servera ingress

Czesc,

utworzylem deployment i service do niego, a nastepnie ingress. Niestety przy testowaniu dostaje blad: "Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused." przy testowaniu K8S ingress? Czy cos mam poblokowane po stronie Ubuntu Server na VirtualBox?

$ sudo cat /etc/hosts
127.0.0.1 localhost
192.168.49.2 lesson9lab.example.com

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

$ minikube ssh
Last login: Tue Oct  3 15:55:24 2023 from 192.168.49.1
docker@minikube:~$ curl 10.109.165.185:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

kubectl get ingress
NAME         CLASS   HOSTS                    ADDRESS        PORTS   AGE
lesson9lab   nginx   lesson9lab.example.com   192.168.49.2   80      18m```

```kubectl describe ingress
Name:             lesson9lab
Labels:           <none>
Namespace:        default
Address:          192.168.49.2
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host                    Path  Backends
  ----                    ----  --------
  lesson9lab.example.com
                          /   lesson9lab:80 (10.0.0.156:80)
Annotations:              <none>
Events:
  Type    Reason  Age                From                      Message
  ----    ------  ----               ----                      -------
  Normal  Sync    18m (x2 over 19m)  nginx-ingress-controller  Scheduled for sync

$ curl lesson9lab.example.com
curl: (7) Failed to connect to lesson9lab.example.com port 80 after 1 ms: Connection refused

$ wget lesson9lab.example.com
--2023-10-03 16:40:59--  http://lesson9lab.example.com/
Resolving lesson9lab.example.com (lesson9lab.example.com)... 192.168.49.2
Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.10
Release:        22.10
Codename:       kinetic

$ cat lesson9lab.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lesson9lab
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 80
        path: /
        pathType: Prefix
status:
  loadBalancer: {}

Po zmianie portu service na 90:

$ cat lesson10lab_port_90.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lesson9lab
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  ports:
  - port: 90
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 90
        path: /
        pathType: Prefix
status:
  loadBalancer: {}  

Wykonaniu:

$ kubectl create -f lesson10lab_port_90.yaml

deployment.apps/lesson9lab created
service/lesson9lab created
ingress.networking.k8s.io/lesson9lab created

$ kubectl get all

NAME                             READY   STATUS    RESTARTS   AGE
pod/lesson9lab-6bf46bb49-xs7s2   1/1     Running   0          22m

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP   23m
service/lesson9lab   ClusterIP   10.107.166.85   <none>        90/TCP    22m

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/lesson9lab   1/1     1            1           22m

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/lesson9lab-6bf46bb49   1         1         1       22m

$ curl 10.107.166.85:90

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Dostaje taki sam komunikat:

$ curl lesson9lab.example.com

curl: (7) Failed to connect to lesson9lab.example.com port 80 after 1 ms: Connection refused

$ wget lesson9lab.example.com

--2023-10-03 20:28:00--  http://lesson9lab.example.com/
Resolving lesson9lab.example.com (lesson9lab.example.com)... 192.168.49.2
Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused.

Możesz pokazać yaml'e?

yarel napisał(a):

Możesz pokazać yaml'e?

$ cat lesson9lab.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lesson9lab
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 80
        path: /
        pathType: Prefix
status:
  loadBalancer: {}

Wykonanie:

$ kubectl create -f lesson9lab.yaml

deployment.apps/lesson9lab created
service/lesson9lab created
ingress.networking.k8s.io/lesson9lab created

Wynik:

$ curl lesson9lab.example.com

curl: (7) Failed to connect to lesson9lab.example.com port 80 after 1 ms: Connection refused

Zobacz, czy to nie wina firewalla na hoscie.

sudo ufw disable

albo

sudo iptables -F

yarel napisał(a):

Zobaczy czy to nie wina firewalla na hoscie sudo ufw disable albo sudo iptables -F

$ sudo ufw disable

Firewall stopped and disabled on system startup

Wykonalem obydwa polecenia, zrestartowalem Ubuntu na VirtualBox i dalej pojawia mi sie ten sam blad:

$ curl lesson9lab.example.com

curl: (7) Failed to connect to lesson9lab.example.com port 80 after 1 ms: Connection refused

$ wget lesson9lab.example.com

--2023-10-03 20:38:56--  http://lesson9lab.example.com/
Resolving lesson9lab.example.com (lesson9lab.example.com)... 192.168.49.2
Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused.

jak testuje na porcie 90 dla serwisu (lesson10lab_port_90.yaml):

$ kubectl get all

NAME                             READY   STATUS      RESTARTS   AGE
pod/lesson9lab-6bf46bb49-xs7s2   0/1     Completed   0          33m

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP   34m
service/lesson9lab   ClusterIP   10.107.166.85   <none>        90/TCP    33m

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/lesson9lab   0/1     1            0           33m

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/lesson9lab-6bf46bb49   1         1         0       33m

Obecnie Twój klaster service/lesson9lab nie ma EXTERNAL-IP i nasłuchuje na interfejsie 10.107.166.85. Więc jak łączysz się po interfejsie 192.168.49.2, to tam raczej nic nie słucha na porcie 80-tym. Możesz sprawdzić netstatem na hoście: netstat -an | grep ":80"

Dorzuć externalIP dla klastra i powinno śmigać.

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  type: ClusterIP
  externalIPs:
    - 192.168.49.2
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}

No serwis ma tylko ClusterIP ale na poziomie ingressu ma przypisany adres 192.168.49.2. Na szybko patrząc od strony klastra jak dla mnie routing powinien wyglądać ok, więc podejrzewam, że to coś z komunikacją host <-> klaster pomiędzy virtual boxem/minikubem.

@some_ONE: przenoszę dyskusję do posta, bo komentarz za krótki :)

1. Czy externalIP to zła praktyka? (Nie wiem, uczę się dopiero k8s)

2. Ja tę sytuację rozumiem tak:
   curl 192.168.49.2:80 - klient (curl) powinien widzieć adres 192.168.49.2 (zakładam, że test na poziomie hosta), dodatkowo:
   a) na porcie 80 coś powinno słuchać, albo..
   b) jeśli nie słucha, to powinien być jakiś port forwarding

Wymuszając externalIP dla klastra, sprawiamy, że coś słucha na interfejsie, ale... Może na środowisku @still.still powinien działać ingress controller, a nie działa? (Dlatego nie może się dobić na port 80).

3. Jak rozumiem, "ingress controller" to funkcja? A jej implementację może dostarczać ngixn, traefik, haproxy, istio, ... ? I żeby ten routing hostname -> ingress -> service -> pod działał (bez externalIP), to taki kontroler powinien być uruchomiony jako element infrastruktury?

yarel napisał(a):

Obecnie Twój klaster service/lesson9lab nie ma EXTERNAL-IP i nasłuchuje na interfejsie 10.107.166.85. Więc jak łączysz się po interfejsie 192.168.49.2, to tam raczej nic nie słucha na porcie 80-tym. Możesz sprawdzić netstatem na hoście: netstat -an | grep ":80"

Dorzuć externalIP dla klastra i powinno śmigać.

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  type: ClusterIP
  externalIPs:
    - 192.168.49.2
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}

Dodalem: "externalIPs:

• 192.168.49.2":

$ cat lesson9lab_extermalIps.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lesson9lab
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  type: ClusterIP
  externalIPs:
    - 192.168.49.2
  ports:
  - port: 90
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 90
        path: /
        pathType: Prefix
status:
  loadBalancer: {}

Uruchomilem:
$ kubectl create -f lesson9lab_extermalIps.yaml

deployment.apps/lesson9lab created
service/lesson9lab created
ingress.networking.k8s.io/lesson9lab created

$ kubectl get all

NAME                             READY   STATUS    RESTARTS   AGE
pod/lesson9lab-6bf46bb49-fn6kb   1/1     Running   0          40s

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP    PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1        <none>         443/TCP   4m28s
service/lesson9lab   ClusterIP   10.107.239.203   192.168.49.2   90/TCP    40s

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/lesson9lab   1/1     1            1           41s

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/lesson9lab-6bf46bb49   1         1         1       40s

$ kubectl get all -o yaml

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: "2023-10-04T09:19:09Z"
    generateName: lesson9lab-6bf46bb49-
    labels:
      app: lesson9lab
      pod-template-hash: 6bf46bb49
    name: lesson9lab-6bf46bb49-fn6kb
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: lesson9lab-6bf46bb49
      uid: 6dcef5ad-f72e-41c1-a93d-c1cd83197f45
    resourceVersion: "107895"
    uid: a9551291-50f3-4666-a216-789860fe102d
  spec:
    containers:
    - image: nginx
      imagePullPolicy: Always
      name: nginx
      resources: {}
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-n6d82
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: minikube
    preemptionPolicy: PreemptLowerPriority
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - name: kube-api-access-n6d82
      projected:
        defaultMode: 420
        sources:
        - serviceAccountToken:
            expirationSeconds: 3607
            path: token
        - configMap:
            items:
            - key: ca.crt
              path: ca.crt
            name: kube-root-ca.crt
        - downwardAPI:
            items:
            - fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              path: namespace
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T09:19:09Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T09:19:13Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T09:19:13Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T09:19:09Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: docker://a9ecce286f6dce6984234ab0cdfcd833094390de304081351baed1efa893f683
      image: nginx:latest
      imageID: docker-pullable://nginx@sha256:32da30332506740a2f7c34d5dc70467b7f14ec67d912703568daff790ab3f755
      lastState: {}
      name: nginx
      ready: true
      restartCount: 0
      started: true
      state:
        running:
          startedAt: "2023-10-04T09:19:13Z"
    hostIP: 192.168.49.2
    phase: Running
    podIP: 10.0.0.125
    podIPs:
    - ip: 10.0.0.125
    qosClass: BestEffort
    startTime: "2023-10-04T09:19:09Z"
- apiVersion: v1
  kind: Service
  metadata:
    creationTimestamp: "2023-10-04T09:15:21Z"
    labels:
      component: apiserver
      provider: kubernetes
    name: kubernetes
    namespace: default
    resourceVersion: "107536"
    uid: 3a6dd29a-dd92-47e2-88da-7f2ad210dd73
  spec:
    clusterIP: 10.96.0.1
    clusterIPs:
    - 10.96.0.1
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - name: https
      port: 443
      protocol: TCP
      targetPort: 8443
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: v1
  kind: Service
  metadata:
    creationTimestamp: "2023-10-04T09:19:09Z"
    labels:
      app: lesson9lab
    name: lesson9lab
    namespace: default
    resourceVersion: "107868"
    uid: 09da07fb-ad0e-47ce-a51b-6655936d42d6
  spec:
    clusterIP: 10.107.239.203
    clusterIPs:
    - 10.107.239.203
    externalIPs:
    - 192.168.49.2
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - port: 90
      protocol: TCP
      targetPort: 80
    selector:
      app: lesson9lab
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "1"
    creationTimestamp: "2023-10-04T09:19:08Z"
    generation: 1
    labels:
      app: lesson9lab
    name: lesson9lab
    namespace: default
    resourceVersion: "107898"
    uid: c31bea6f-dcc1-4fc2-90b7-3d5850ee7bc7
  spec:
    progressDeadlineSeconds: 600
    replicas: 1
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: lesson9lab
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: lesson9lab
      spec:
        containers:
        - image: nginx
          imagePullPolicy: Always
          name: nginx
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
  status:
    availableReplicas: 1
    conditions:
    - lastTransitionTime: "2023-10-04T09:19:13Z"
      lastUpdateTime: "2023-10-04T09:19:13Z"
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: "True"
      type: Available
    - lastTransitionTime: "2023-10-04T09:19:09Z"
      lastUpdateTime: "2023-10-04T09:19:13Z"
      message: ReplicaSet "lesson9lab-6bf46bb49" has successfully progressed.
      reason: NewReplicaSetAvailable
      status: "True"
      type: Progressing
    observedGeneration: 1
    readyReplicas: 1
    replicas: 1
    updatedReplicas: 1
- apiVersion: apps/v1
  kind: ReplicaSet
  metadata:
    annotations:
      deployment.kubernetes.io/desired-replicas: "1"
      deployment.kubernetes.io/max-replicas: "2"
      deployment.kubernetes.io/revision: "1"
    creationTimestamp: "2023-10-04T09:19:09Z"
    generation: 1
    labels:
      app: lesson9lab
      pod-template-hash: 6bf46bb49
    name: lesson9lab-6bf46bb49
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: Deployment
      name: lesson9lab
      uid: c31bea6f-dcc1-4fc2-90b7-3d5850ee7bc7
    resourceVersion: "107896"
    uid: 6dcef5ad-f72e-41c1-a93d-c1cd83197f45
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: lesson9lab
        pod-template-hash: 6bf46bb49
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: lesson9lab
          pod-template-hash: 6bf46bb49
      spec:
        containers:
        - image: nginx
          imagePullPolicy: Always
          name: nginx
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
  status:
    availableReplicas: 1
    fullyLabeledReplicas: 1
    observedGeneration: 1
    readyReplicas: 1
    replicas: 1
kind: List
metadata:
  resourceVersion: ""

Dalej ten sam blad:
$ curl lesson9lab.example.com
curl: (7) Failed to connect to lesson9lab.example.com port 80 after 1 ms: Connection refused

$ wget lesson9lab.example.com

--2023-10-04 09:25:26--  http://lesson9lab.example.com/
Resolving lesson9lab.example.com (lesson9lab.example.com)... 192.168.49.2
Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused.

No tak, ale uruchomiłeś na porcie 90 (service/lesson9lab ClusterIP 10.107.239.203 192.168.49.2 90/TCP 40s), a testujesz na 80... Użyj curl lesson9lab.example.com:90, a po drugie ten externalIP może nie być dobrym rozwiązaniem i wypadałoby sprawdzić czy masz jakiś ingress-controller dla klastra. https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/

@yarel: uruchomilem na porcie 80 pierwszy skrypt lesson9lab.yaml, ktory byl na porcie 80. Chcesz, zebym sprobowal tez ClusterIP 10.107.239.203 192.168.49.2 na lesson10lab_port_90.yaml?

ExternalIP ustawiłeś na 192.169.49.2:90, a curlem łączysz się na 192.169.49.2:80. ``` ports:

• port: 90
  protocol: TCP
  targetPort: 80```.

yarel napisał(a):

i wypadałoby sprawdzić czy masz jakiś ingress-controller dla klastra.

$ kubectl get pods -n ingress-nginx

NAME                                        READY   STATUS      RESTARTS      AGE
ingress-nginx-admission-create-5wb97        0/1     Completed   0             2d18h
ingress-nginx-admission-patch-bn8gk         0/1     Completed   0             2d18h
ingress-nginx-controller-6cc5ccb977-j9c98   1/1     Running     5 (43m ago)   2d18h

yarel napisał(a):

Użyj curl lesson9lab.example.com:90

Prosze bardzo:

$ cat lesson10lab_port_90_external_ip.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lesson9lab
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: lesson9lab
  name: lesson9lab
spec:
  type: ClusterIP
  externalIPs:
    - 192.168.49.2
  ports:
  - port: 90
    protocol: TCP
    targetPort: 80
  selector:
    app: lesson9lab
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 90
        path: /
        pathType: Prefix
status:
  loadBalancer: {}

$ kubectl create -f lesson10lab_port_90_external_ip.yaml

deployment.apps/lesson9lab created
service/lesson9lab created
ingress.networking.k8s.io/lesson9lab created

$ kubectl get pods -n ingress-nginx

NAME                                        READY   STATUS      RESTARTS      AGE
ingress-nginx-admission-create-5wb97        0/1     Completed   0             2d18h
ingress-nginx-admission-patch-bn8gk         0/1     Completed   0             2d18h
ingress-nginx-controller-6cc5ccb977-j9c98   1/1     Running     5 (50m ago)   2d18h

$ kubectl get all -o yaml

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: "2023-10-04T10:00:52Z"
    generateName: lesson9lab-6bf46bb49-
    labels:
      app: lesson9lab
      pod-template-hash: 6bf46bb49
    name: lesson9lab-6bf46bb49-mhcjk
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: lesson9lab-6bf46bb49
      uid: 8438ff64-449c-4794-9caa-3efda1c8de38
    resourceVersion: "111127"
    uid: a284c690-0e7c-4331-bfd7-11ccbc74a42a
  spec:
    containers:
    - image: nginx
      imagePullPolicy: Always
      name: nginx
      resources: {}
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-kk2t6
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: minikube
    preemptionPolicy: PreemptLowerPriority
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - name: kube-api-access-kk2t6
      projected:
        defaultMode: 420
        sources:
        - serviceAccountToken:
            expirationSeconds: 3607
            path: token
        - configMap:
            items:
            - key: ca.crt
              path: ca.crt
            name: kube-root-ca.crt
        - downwardAPI:
            items:
            - fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              path: namespace
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T10:00:54Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T10:01:18Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T10:01:18Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2023-10-04T10:00:52Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: docker://521f3049d1ac0e48a920b883bc088759304206290d2dfd251655bb711b27075c
      image: nginx:latest
      imageID: docker-pullable://nginx@sha256:32da30332506740a2f7c34d5dc70467b7f14ec67d912703568daff790ab3f755
      lastState: {}
      name: nginx
      ready: true
      restartCount: 0
      started: true
      state:
        running:
          startedAt: "2023-10-04T10:01:18Z"
    hostIP: 192.168.49.2
    phase: Running
    podIP: 10.0.0.243
    podIPs:
    - ip: 10.0.0.243
    qosClass: BestEffort
    startTime: "2023-10-04T10:00:54Z"
- apiVersion: v1
  kind: Service
  metadata:
    creationTimestamp: "2023-10-04T09:59:41Z"
    labels:
      component: apiserver
      provider: kubernetes
    name: kubernetes
    namespace: default
    resourceVersion: "110961"
    uid: 8a333b1b-b8b4-4d29-a3c2-4aa881a3b771
  spec:
    clusterIP: 10.96.0.1
    clusterIPs:
    - 10.96.0.1
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - name: https
      port: 443
      protocol: TCP
      targetPort: 8443
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: v1
  kind: Service
  metadata:
    creationTimestamp: "2023-10-04T10:00:51Z"
    labels:
      app: lesson9lab
    name: lesson9lab
    namespace: default
    resourceVersion: "111076"
    uid: 8b5e6404-c809-4e5d-b70f-afc3f9d25b2e
  spec:
    clusterIP: 10.106.71.85
    clusterIPs:
    - 10.106.71.85
    externalIPs:
    - 192.168.49.2
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - port: 90
      protocol: TCP
      targetPort: 80
    selector:
      app: lesson9lab
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "1"
    creationTimestamp: "2023-10-04T10:00:48Z"
    generation: 1
    labels:
      app: lesson9lab
    name: lesson9lab
    namespace: default
    resourceVersion: "111131"
    uid: 82549939-99e5-4d86-b8e1-fcd70e029013
  spec:
    progressDeadlineSeconds: 600
    replicas: 1
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: lesson9lab
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: lesson9lab
      spec:
        containers:
        - image: nginx
          imagePullPolicy: Always
          name: nginx
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
  status:
    availableReplicas: 1
    conditions:
    - lastTransitionTime: "2023-10-04T10:01:18Z"
      lastUpdateTime: "2023-10-04T10:01:18Z"
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: "True"
      type: Available
    - lastTransitionTime: "2023-10-04T10:00:52Z"
      lastUpdateTime: "2023-10-04T10:01:18Z"
      message: ReplicaSet "lesson9lab-6bf46bb49" has successfully progressed.
      reason: NewReplicaSetAvailable
      status: "True"
      type: Progressing
    observedGeneration: 1
    readyReplicas: 1
    replicas: 1
    updatedReplicas: 1
- apiVersion: apps/v1
  kind: ReplicaSet
  metadata:
    annotations:
      deployment.kubernetes.io/desired-replicas: "1"
      deployment.kubernetes.io/max-replicas: "2"
      deployment.kubernetes.io/revision: "1"
    creationTimestamp: "2023-10-04T10:00:52Z"
    generation: 1
    labels:
      app: lesson9lab
      pod-template-hash: 6bf46bb49
    name: lesson9lab-6bf46bb49
    namespace: default
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: Deployment
      name: lesson9lab
      uid: 82549939-99e5-4d86-b8e1-fcd70e029013
    resourceVersion: "111128"
    uid: 8438ff64-449c-4794-9caa-3efda1c8de38
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: lesson9lab
        pod-template-hash: 6bf46bb49
    template:
      metadata:
```        creationTimestamp: null
        labels:
          app: lesson9lab
          pod-template-hash: 6bf46bb49
      spec:
        containers:
        - image: nginx
          imagePullPolicy: Always
          name: nginx
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
  status:
    availableReplicas: 1
    fullyLabeledReplicas: 1
    observedGeneration: 1
    readyReplicas: 1
    replicas: 1
kind: List
metadata:
  resourceVersion: ""

$ curl lesson9lab.example.com

curl: (7) Failed to connect to lesson9lab.example.com port 80 after 0 ms: Connection refused

$ wget lesson9lab.example.com

--2023-10-04 10:03:59--  http://lesson9lab.example.com/
Resolving lesson9lab.example.com (lesson9lab.example.com)... 192.168.49.2
Connecting to lesson9lab.example.com (lesson9lab.example.com)|192.168.49.2|:80... failed: Connection refused.

$ curl lesson9lab.example.com:90

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

@yarel: ok, curl lesson9lab.example.com:90 dziala, tylko dlaczego trzeba podawac port? Nie powinno bez portu dzialac? Przeciez podaje port w skrypcie dla ingress?

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  creationTimestamp: null
  name: lesson9lab
spec:
  rules:
  - host: lesson9lab.example.com
    http:
      paths:
      - backend:
          service:
            name: lesson9lab
            port:
              number: 90
        path: /
        pathType: Prefix
status:
  loadBalancer: {}

To jak to powinno dzialac bez externalIPs, tylko z samym ingress-em?

@still.still: curl lesson9lab.example.com:90 działa, dlatego że w service powiedziałeś "weź ustaw externalIP klastra na 192.168.49.2 a ruch przychodzący na port 90 (na tym interfejsie), przekieruj na port 80 (targetPort) poda realizującego usługę.

spec:
  type: ClusterIP
  externalIPs:
    - 192.168.49.2
  ports:
  - port: 90 # port uslugi 
    protocol: TCP
    targetPort: 80 # port poda

W tym scenariuszu usługa wystawione jest jako "ClusterIP", a do tego ma przypisany "externalIP". W Twoim oryginalnym deskryptorze usługi nie było określonego type (więc domyślnie został przyjęty ClutserIP, a do tego nie było ustawionego externalIP, więc domyślnie usługa była wystawiona z widocznością wewnątrz klastra).

Teraz, żeby ingress-controller przekierował ruch do usługi, to trzeba najpierw ten ruch wpuścić do ingress-controllera.
a) Wymusić, żeby ingress-controller nasłuchiwał na interfejsie hosta
b) Przekierować "chciany" ruch tam, gdzie ingress-controller nasłuchuje

Gdzie nasłuchuje ingress-controller? kubectl describe svc ingress-nginx-controller -n ingress-nginx

Opcja#b) sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -d 192.168.49.2 -j DNAT --to-destination <IP kontrolera>:<port>
Opcja#a) Wyedytować deployment ingress-controllera i ustawić mu hostNetwork: true

Inna opcja, to wystawienie usługi inaczej (type: NodePort)

spec:
  type: NodePort
  ports:
  - port: 80 # port uslugi 
    protocol: TCP
    targetPort: 80 # port poda
    nodePort: 80 # port node klastra (jest szansa, że obskoczy ten 192.168....)

Opcja 2 to edycja konfigu nginx ingress controllera, i wymuszenie żeby działał na porcie 80 jako hostPort + hostNetwork: true. Jeśli masz jedną instancję, to to jest najprostsze rozwiązanie, u mnie działa od zawsze bez problemu. Wiadomo nie ma HA i odpalisz tylko 1 instancję, ale jest gites. Obczaj https://github.com/AleksanderGrzybowski/kelog.pl/blob/master/kubernetes/system/ingress-with-hostport.yaml

@yarel: EDIT: teraz widzę że w sumie dokładnie to zaproponowałeś :P muszę czytać przed napisaniem

@yarel: & @kelog: ok, zaczelo dzialac, a wystarczylo, zebym dodal hostNetwork: true do
opcja 1: deployment lesson9lab
opcja 2: deployment ingress-nginx-controller.
Tylko w tutorialu do CKAD nic o tej opcji (hostNetwork: true) nie wspominali i u nich dzialalo bez problemu (po wykonaniu: minikube addons enable ingress).

Opcja 1:

$ kubectl get deploy lesson9lab -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
  creationTimestamp: "2023-10-04T10:00:48Z"
  generation: 4
  labels:
    app: lesson9lab
  name: lesson9lab
  namespace: default
  resourceVersion: "113596"
  uid: 82549939-99e5-4d86-b8e1-fcd70e029013
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: lesson9lab
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: lesson9lab
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      hostNetwork: true
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2023-10-04T21:12:35Z"
    lastUpdateTime: "2023-10-04T21:12:35Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2023-10-04T10:00:52Z"
    lastUpdateTime: "2023-10-04T21:17:14Z"
    message: ReplicaSet "lesson9lab-5cb458bdd" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 4
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

$ curl lesson9lab.example.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Opcja 2:

$ kubectl get deploy ingress-nginx-controller -n ingress-nginx -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx"},"name":"ingress-nginx-controller","namespace":"ingress-nginx"},"spec":{"minReadySeconds":0,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx"}},"strategy":{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","gcp-auth-skip-secret":"true"}},"spec":{"containers":[{"args":["/nginx-ingress-controller","--election-id=ingress-nginx-leader","--controller-class=k8s.io/ingress-nginx","--watch-ingress-without-class=true","--configmap=$(POD_NAMESPACE)/ingress-nginx-controller","--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services","--udp-services-configmap=$(POD_NAMESPACE)/udp-services","--validating-webhook=:8443","--validating-webhook-certificate=/usr/local/certificates/cert","--validating-webhook-key=/usr/local/certificates/key"],"env":[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"LD_PRELOAD","value":"/usr/local/lib/libmimalloc.so"}],"image":"registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7","imagePullPolicy":"IfNotPresent","lifecycle":{"preStop":{"exec":{"command":["/wait-shutdown"]}}},"livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1},"name":"controller","ports":[{"containerPort":80,"hostPort":80,"name":"http","protocol":"TCP"},{"containerPort":443,"hostPort":443,"name":"https","protocol":"TCP"},{"containerPort":8443,"name":"webhook","protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1},"resources":{"requests":{"cpu":"100m","memory":"90Mi"}},"securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["NET_BIND_SERVICE"],"drop":["ALL"]},"runAsUser":101},"volumeMounts":[{"mountPath":"/usr/local/certificates/","name":"webhook-cert","readOnly":true}]}],"dnsPolicy":"ClusterFirst","nodeSelector":{"kubernetes.io/os":"linux","minikube.k8s.io/primary":"true"},"serviceAccountName":"ingress-nginx","terminationGracePeriodSeconds":0,"tolerations":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Equal"}],"volumes":[{"name":"webhook-cert","secret":{"secretName":"ingress-nginx-admission"}}]}}}}
  creationTimestamp: "2023-10-01T15:26:04Z"
  generation: 2
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx-controller
  namespace: ingress-nginx
  resourceVersion: "114123"
  uid: ffa002f7-f222-42b1-8bb6-0c360ea35fff
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        gcp-auth-skip-secret: "true"
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --election-id=ingress-nginx-leader
        - --controller-class=k8s.io/ingress-nginx
        - --watch-ingress-without-class=true
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
        - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          hostPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          hostPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          hostPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      hostNetwork: true
      nodeSelector:
        kubernetes.io/os: linux
        minikube.k8s.io/primary: "true"
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: ingress-nginx
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 0
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Equal
      volumes:
      - name: webhook-cert
        secret:
          defaultMode: 420
          secretName: ingress-nginx-admission
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2023-10-01T15:26:05Z"
    lastUpdateTime: "2023-10-01T15:26:05Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2023-10-03T15:45:51Z"
    lastUpdateTime: "2023-10-04T21:35:16Z"
    message: ReplicaSet "ingress-nginx-controller-669f495f89" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

$ curl lesson9lab.example.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>