From ef946dac38e4aa23b36289b2c494fecef7e63bc8 Mon Sep 17 00:00:00 2001 From: jayunit100 Date: Fri, 6 Mar 2015 15:59:43 -0500 Subject: [PATCH 1/2] Describe how to use publicIPs to access guestbook externally when not using external load balancers --- examples/guestbook/README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/examples/guestbook/README.md b/examples/guestbook/README.md index 4e8ef18ec705c..657388f589c74 100644 --- a/examples/guestbook/README.md +++ b/examples/guestbook/README.md @@ -368,6 +368,7 @@ The service is described in the file `examples/guestbook/frontend-service.json`: "apiVersion": "v1beta1", "port": 8000, "containerPort": "http-server", + "publicIPs":["10.11.22.33"], "selector": { "name": "frontend" }, @@ -378,6 +379,10 @@ The service is described in the file `examples/guestbook/frontend-service.json`: } ``` +If running a single node local setup, or single VM, you don't need `createExternalLoadBalancer`, nor do you need `publicIPs`. +Read the *Accessing the guestbook site externally* section below for details and set 10.11.22.33 accordingly (for now, you can +delete these parameters or run this - either way it won't hurt anything to have both parameters the way they are). + ```shell $ kubectl create -f examples/guestbook/frontend-service.json frontend @@ -412,7 +417,13 @@ For GCE details about limiting traffic to specific sources, see the [GCE firewal [cloud-console]: https://console.developer.google.com [gce-firewall-docs]: https://cloud.google.com/compute/docs/networking#firewalls -In other environments, you can get the service IP from looking at the output of `kubectl get pods,services`, and modify your firewall using standard tools and services (firewalld, iptables, selinux) which you are already familar with. +### Accessing the guestbook site externally. + +The pods that we have set up are reachable through the frontend service, but you'll notice that 10.0.93.211 (the IP of the frontend service is unavailable from outside of kubernetes, unless, of course, you are running kubernetes minions locally, in which case the host port binding will allow you to reach the guestbook website at localhost:8000. + +Unless you have access to the `createExternalLoadBalancer` feature (cloud provider specific), you will want to set up a publicIP on a minion, so that the service can be accessed from outside of the internal kubernetes network. This is quite easy. You simply look at you're list of kubelet IP addresses, and update the service file to include a `publicIPs` string, which is mapped to an IP address of any number of your existing kubelets. This will allow all you're kubelets to act as external entry points to the service (translation: this will allow you to browse the guestbook site at your kubelet IP address from your browser). + +If you are more advanced in the ops arena, note you can manually get the service IP from looking at the output of `kubectl get pods,services`, and modify your firewall using standard tools and services (firewalld, iptables, selinux) which you are already familar with. And of course, finally, if you are running Kubernetes locally, you can just visit http://localhost:8000. From fbeeaf8d302e3b4ee33d52cb1d37d2fcb7d32726 Mon Sep 17 00:00:00 2001 From: jayunit100 Date: Fri, 6 Mar 2015 16:04:46 -0500 Subject: [PATCH 2/2] Clarify publicIP on minion use case --- examples/guestbook/README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/guestbook/README.md b/examples/guestbook/README.md index 657388f589c74..ea07a2c2d38e5 100644 --- a/examples/guestbook/README.md +++ b/examples/guestbook/README.md @@ -361,6 +361,8 @@ if (isset($_GET['cmd']) === true) { Just like the others, you want a service to group your frontend pods. The service is described in the file `examples/guestbook/frontend-service.json`: +**NOTE** This json snippet has been modified, in that it adds the publicIPs field for illustration purposes only. + ```js { "id": "frontend", @@ -417,11 +419,12 @@ For GCE details about limiting traffic to specific sources, see the [GCE firewal [cloud-console]: https://console.developer.google.com [gce-firewall-docs]: https://cloud.google.com/compute/docs/networking#firewalls -### Accessing the guestbook site externally. +### Accessing the guestbook site externally -The pods that we have set up are reachable through the frontend service, but you'll notice that 10.0.93.211 (the IP of the frontend service is unavailable from outside of kubernetes, unless, of course, you are running kubernetes minions locally, in which case the host port binding will allow you to reach the guestbook website at localhost:8000. +The pods that we have set up are reachable through the frontend service, but you'll notice that 10.0.93.211 (the IP of the frontend service) is unavailable from outside of kubernetes. +Of course, if you are running kubernetes minions locally, this isn't such a big problem - the port binding will allow you to reach the guestbook website at localhost:8000... but the beloved **localhost** solution obviously doesn't work in any real world scenario. -Unless you have access to the `createExternalLoadBalancer` feature (cloud provider specific), you will want to set up a publicIP on a minion, so that the service can be accessed from outside of the internal kubernetes network. This is quite easy. You simply look at you're list of kubelet IP addresses, and update the service file to include a `publicIPs` string, which is mapped to an IP address of any number of your existing kubelets. This will allow all you're kubelets to act as external entry points to the service (translation: this will allow you to browse the guestbook site at your kubelet IP address from your browser). +Unless you have access to the `createExternalLoadBalancer` feature (cloud provider specific), you will want to set up a **publicIP on a minion**, so that the service can be accessed from outside of the internal kubernetes network. This is quite easy. You simply look at you're list of kubelet IP addresses, and update the service file to include a `publicIPs` string, which is mapped to an IP address of any number of your existing kubelets. This will allow all you're kubelets to act as external entry points to the service (translation: this will allow you to browse the guestbook site at your kubelet IP address from your browser). If you are more advanced in the ops arena, note you can manually get the service IP from looking at the output of `kubectl get pods,services`, and modify your firewall using standard tools and services (firewalld, iptables, selinux) which you are already familar with.