Difference between revisions of "Minikube: akses apps"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 73: | Line 73: | ||
kubectl get service <service-name> --output='jsonpath="{.spec.ports[0].nodePort}"' | kubectl get service <service-name> --output='jsonpath="{.spec.ports[0].nodePort}"' | ||
| − | === | + | ===Meningkatkan NodePort range=== |
| − | + | ||
| + | Secara default, minikube hanya membuka port 30000-32767. Jika ini tidak berhasil, kita dapat menyesuaikan range dengan menggunakan: | ||
minikube start --extra-config=apiserver.service-node-port-range=1-65535 | minikube start --extra-config=apiserver.service-node-port-range=1-65535 | ||
| − | + | Flag ini juga menerima daftar port dan range port yang dipisahkan koma. | |
==LoadBalancer access== | ==LoadBalancer access== | ||
Revision as of 06:03, 8 May 2023
Sumber: https://minikube.sigs.k8s.io/docs/handbook/accessing/
How to access applications running within minikube
There are two major categories of services in Kubernetes:
Berikut adalah cara mengakses aplikasi yang berjalan di dalam minikube. Ada dua kategori utama layanan di Kubernetes:
- NodePort
- LoadBalancer
minikube mendukung ke dua-nya.
NodePort access
NodePort service adalah cara paling dasar untuk mendapatkan lalu lintas eksternal langsung ke service tersebit. NodePort, seperti namanya, membuka port tertentu, dan lalu lintas apa pun yang dikirim ke port ini diteruskan ke service yang dimaksud.
Mendapatkan NodePort menggunakan perintah service
Kita memiliki jalan pintas untuk mengambil IP minikube dan NodePort service:
minikube service <service-name> --url
Menggunakan minikube service dengan tunnel
Jaringan terbatas jika menggunakan driver Docker di Darwin, Windows, atau WSL, dan IP Node tidak dapat dijangkau secara langsung. Menjalankan minikube di Linux dengan driver Docker tidak akan membuat tunnel. Service dari NodePort dapat di akses melalui perintah,
minikube service <service-name> --url
Itu harus dijalankan di window terminal yang terpisah agar tunnel tetap terbuka. Ctrl-C di terminal dapat digunakan untuk menghentikan proses saat rute jaringan akan clean up.
Contoh NodePort
Membuat Kubernetes deployment
kubectl create deployment hello-minikube1 --image=kicbase/echo-server:1.0
Membuat Kubernetes service type NodePort
kubectl expose deployment hello-minikube1 --type=NodePort --port=8080
Cek Node Port
$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube1 NodePort 10.100.238.34 <none> 8080:31389/TCP 3s
Run service tunnel
minikube service hello-minikube1 --url
minikube service hello-minikube1 --url run sebagai proses, membuat tunnel ke cluster. Perintah tersebut membuka service secara langsung ke program apapun yang jalan di sistem operasi host.
contoh service output
Cek ssh tunnel di terminal lain
$ ps -ef | grep docker@127.0.0.1 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -N docker@127.0.0.1 -p 55972 -i /Users/FOO/.minikube/machines/minikube/id_rsa -L TUNNEL_PORT:CLUSTER_IP:TARGET_PORT
Coba menggunakan browser. Buka di browser pastikan tidak ada proxy yang di set,
http://127.0.0.1:TUNNEL_PORT
Mendapatkan NodePort menggunakan kubectl
VM minikube diekspos ke sistem host melalui alamat IP host-only, yang dapat diperoleh dengan perintah ip minikube. Semua layanan bertipe NodePort dapat diakses melalui alamat IP tersebut, di NodePort. Untuk menentukan NodePort untuk layanan kita, kita dapat menggunakan perintah kubectl seperti ini (perhatikan bahwa nodePort dimulai dengan huruf kecil n di keluaran JSON):
kubectl get service <service-name> --output='jsonpath="{.spec.ports[0].nodePort}"'
Meningkatkan NodePort range
Secara default, minikube hanya membuka port 30000-32767. Jika ini tidak berhasil, kita dapat menyesuaikan range dengan menggunakan:
minikube start --extra-config=apiserver.service-node-port-range=1-65535
Flag ini juga menerima daftar port dan range port yang dipisahkan koma.
LoadBalancer access
A LoadBalancer service is the standard way to expose a service to the internet. With this method, each service gets its own IP address.
Using minikube tunnel
Services of type LoadBalancer can be exposed via the minikube tunnel command. It must be run in a separate terminal window to keep the LoadBalancer running. Ctrl-C in the terminal can be used to terminate the process at which time the network routes will be cleaned up.
Example of LoadBalancer
Run the tunnel in a separate terminal
It will ask for a password.
minikube tunnel
minikube tunnel runs as a process, creating a network route on the host to the service CIDR of the cluster using the cluster’s IP address as a gateway. The tunnel command exposes the external IP directly to any program running on the host operating system.
tunnel output example Create a Kubernetes deployment
kubectl create deployment hello-minikube1 --image=kicbase/echo-server:1.0
Create a Kubernetes service with type LoadBalancer
kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
Check the external IP
kubectl get svc $ kc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube1 LoadBalancer 10.96.184.178 10.96.184.178 8080:30791/TCP 40s
Note that without minikube tunnel, Kubernetes will show the external IP as “pending”.
Try in your browser
Open in your browser (ensure there is no proxy set)
http://REPLACE_WITH_EXTERNAL_IP:8080
Each service will get its own external IP.
DNS resolution (experimental)
If you are on macOS, the tunnel command also allows DNS resolution for Kubernetes services from the host.
NOTE: docker driver doesn’t support DNS resolution
Cleaning up orphaned routes
If the minikube tunnel shuts down in an abrupt manner, it may leave orphaned network routes on your system. If this happens, the ~/.minikube/tunnels.json file will contain an entry for that tunnel. To remove orphaned routes, run:
minikube tunnel --cleanup
NOTE: --cleanup flag’s default value is true.
Avoiding password prompts
Adding a route requires root privileges for the user, and thus there are differences in how to run minikube tunnel depending on the OS. If you want to avoid entering the root password, consider setting NOPASSWD for “ip” and “route” commands:
https://superuser.com/questions/1328452/sudoers-nopasswd-for-single-executable-but-allowing-others
Access to ports <1024 on Windows requires root permission
If you are using Docker driver on Windows, there is a chance that you have an old version of SSH client you might get an error like - Privileged ports can only be forwarded by root. or you might not be able to access the service even after minikube tunnel if the access port is less than 1024 but for ports greater than 1024 works fine.
In order to resolve this, ensure that you are running the latest version of SSH client. You can install the latest version of the SSH client on Windows by running the following in a Command Prompt with an Administrator Privileges (Requires chocolatey package manager)
choco install openssh
The latest version (OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5) which is available on Windows 10 by default doesn’t work. You can track the issue with this over here - https://github.com/PowerShell/Win32-OpenSSH/issues/1693