kubernetes-hands-on/08-service/README.md

# Accessing my first application: `service`

## Introduction

In this section you will learn how to access your application from outside your cluster, and do service discovery.

## Prerequisites

If it's not already done install the `minikube` addon `ingress`:

```sh
$ minikube addons enable ingress
✅  ingress was successfully enabled
```

## First `service`

You are able to deploy an image with multiple replicas, but it is not very convenient to access it. You need to know the IP of a `pod` to be able to target your application. And it's not accessible from the outside of the cluster.

What we need is a `service`. It'll allow us to access our pods internally or externally.

First apply the `deployment`:

```sh
$ kubectl apply -f 08-service/01-simple-deployment.yml
deployment.apps "simple-deployment" created
```

Now start another container. We will use it to see what we can access internally inside Kubernetes:

Apply the pod:

```sh
$ kubectl apply -f 08-service/02-bash.yml
pod "bash" created
```

And connect to it:

```sh
$ kubectl exec -it bash -- /bin/bash
root@bash:/#
```

Install `dnsutils` & `curl` in the container, you will need them:

```sh
root@bash:/# apt update && apt install dnsutils curl
[...]
```

You now have a shell inside a Kubernetes pod running in your cluster. Let this console open so you can type commands.
Try to curl one of the pods created by the deployment above. How can you access the `deployment` **without** targeting a specific `pod`?

Ok, now let's create our first service [03-internal-service.yml](03-internal-service.yml):

```yml
apiVersion: v1
kind: Service
metadata:
  name: simple-internal-service
spec:
  ports:
  - port: 80
    targetPort: 9876
  selector:
    app: simple-deployment
```

Let's have a look at the manifest:

* `kind`: A `service` has the kind `Service`
* `spec`:
  * `ports`: the list of ports to expose. Here we export `port` `80`, but redirect internally all traffic to the `targetPort` `9876`
  * `selector`: which pods to give access to

The selector part

```yml
selector:
  app: simple-deployment
```

is central to Kubernetes. It is with those fields that you will tell Kubernetes which pods to give access through this `service`.

Apply the service:

```sh
$ kubectl apply -f 08-service/03-internal-service.yml
service "simple-service" created
```

Your service is now accessible internally, try this in your `bash` container:

```sh
root@bash:/# nslookup simple-internal-service
Server:   10.96.0.10
Address:  10.96.0.10#53

Name: simple-internal-service.default.svc.cluster.local
Address: 10.96.31.244
```

Try to curl the `/health` url, remember the `ports` we choose in the `service`.

Can you access this service from the outside of Kubernetes?

The answer is no, it's not possible. To do this you need an `ingress`. Ingress means "entering into".

## Ingress

You need to connect internet to the `ingress` that'll connect it to a service:

```txt
 internet
     |
[ ingress ]
--|-----|--
[ service ]
```

Let's create our ingress:

```yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: simple-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  backend:
    serviceName: simple-internal-service
    servicePort: 80
```

Let's have a look at the manifest:

* `kind`: Ingress
* `metadata`:
  * `annotations`: some annotations specific to the ingress
    * `nginx.ingress.kubernetes.io/ssl-redirect`: To fix a redirect, see [this](https://github.com/kubernetes/ingress-nginx/issues/1567). This is only used if you use the nginx ingress
* `spec`:
  * `backend`: the default backend to redirect all the requests to
    * `serviceName`: the name of the Kubernetes traffic to redirect to
    * `servicePort`: the port of the service

Apply the ingress:

```sh
$ kubectl apply -f 08-service/04-ingress.yml
ingress.extensions "simple-ingress" created
```

Get the IP of your minikube cluster:

```sh
$ minikube ip
192.168.99.100
```

Open a browser on `http://192.168.99.100/info`

With this manifest we have a `deployment` that manages pods. A `service` that gives access to the pods, and an `ingress` that gives access to the pod to the external world.

## Global overview

You have seen a lot different `kind` of Kubernetes, let's take a step back and see how each `kind` interact with each other:

```text
         +----------------------------------------------------------------------------------+
         |                                                                                  |
         |                                        +-----------------------------+           |
         |                                        |                             |           |
         |                                        |            +-------------+  |           |
         |                                        |            |             |  |           |
         |                                        |           ->     Pod     |  |           |
         |                                        |        --/ |             |  |           |
+-------------+    +-------------+                |    ---/    +-------------+  |           |
|        |    |    |             |                | --/                         |           |
|   Ingress   ----->   Service   ------------------\                            |           |
|        |    |    |             |                | --\        +-------------+  |           |
+-------------+    +-------------+                |    ---\    |             |  |           |
         |                                        |        --\ |     Pod     |  |           |
         |                                        |           ->             |  |           |
         |                                        |            +-------------+  |           |
         |                                        |                             |           |
         |                                        |                  Deployment |           |
         |                                        +-----------------------------+           |
         |                                                                                  |
         |                                                                                  |
         |                                                                                  |
         |                                                                       Kubernetes |
         +----------------------------------------------------------------------------------+
```

## Exercises

1. Deploy an nginx and expose it internally
2. Read [this](https://kubernetes.io/docs/concepts/services-networking/ingress/#simple-fanout) and modify the ingress to have:
    * `/simple` that goes to the `simple-service`
    * `/nginx` that goes to your nginx deployment
3. Change the `selector` in your `simple-service` look at what is happening

## Clean up

```sh
kubectl delete ingress,service,deployment,rs,pod --all
```

## Answers

For 2), you need to add the metadata `nginx.ingress.kubernetes.io/rewrite-target: /` to the ingress:

* Don't forget to create 2 deployments and 2 services.
* You can either change your `/etc/hosts` to add the name resolution for `foo.bar.com`, or use `curl http://YOUR-IP -H "Host: foo.bar.com"`

## Links

* https://kubernetes.io/docs/concepts/services-networking/service/
* https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
* https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
* https://kubernetes.io/docs/concepts/services-networking/ingress/
* https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
feat: add section on services 2019-05-09 19:40:37 +06:00			# Accessing my first application: `service`

			`## Introduction`

			`In this section you will learn how to access your application from outside your cluster, and do service discovery.`

			`## Prerequisites`

			If it's not already done install the `minikube` addon `ingress`:

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ minikube addons enable ingress`
			`✅ ingress was successfully enabled`
			```

			## First `service`

			You are able to deploy an image with multiple replicas, but it is not very convenient to access it. You need to know the IP of a `pod` to be able to target your application. And it's not accessible from the outside of the cluster.

			What we need is a `service`. It'll allow us to access our pods internally or externally.

			First apply the `deployment`:

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ kubectl apply -f 08-service/01-simple-deployment.yml`
			`deployment.apps "simple-deployment" created`
			```

chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			`Now start another container. We will use it to see what we can access internally inside Kubernetes:`
feat: add section on services 2019-05-09 19:40:37 +06:00
			`Apply the pod:`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ kubectl apply -f 08-service/02-bash.yml`
			`pod "bash" created`
			```

			`And connect to it:`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ kubectl exec -it bash -- /bin/bash`
			`root@bash:/#`
			```

			Install `dnsutils` & `curl` in the container, you will need them:

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`root@bash:/# apt update && apt install dnsutils curl`
			`[...]`
			```

chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			`You now have a shell inside a Kubernetes pod running in your cluster. Let this console open so you can type commands.`
feat: add section on services 2019-05-09 19:40:37 +06:00			Try to curl one of the pods created by the deployment above. How can you access the `deployment` without targeting a specific `pod`?

chore: cleanup md, remove empty sections (#32) 2019-05-21 18:50:00 +06:00			`Ok, now let's create our first service [03-internal-service.yml](03-internal-service.yml):`
feat: add section on services 2019-05-09 19:40:37 +06:00
			```yml
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: simple-internal-service`
			`spec:`
			`ports:`
			`- port: 80`
			`targetPort: 9876`
			`selector:`
			`app: simple-deployment`
			```

			`Let's have a look at the manifest:`

			* `kind`: A `service` has the kind `Service`
			* `spec`:
			* `ports`: the list of ports to expose. Here we export `port` `80`, but redirect internally all traffic to the `targetPort` `9876`
			* `selector`: which pods to give access to

			`The selector part`

			```yml
			`selector:`
			`app: simple-deployment`
			```

chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			is central to Kubernetes. It is with those fields that you will tell Kubernetes which pods to give access through this `service`.
feat: add section on services 2019-05-09 19:40:37 +06:00
			`Apply the service:`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
Various fixes (#57) * fix: fix internal service filename in 08-service section * fix: typo * fix: fix markdownlint in CI * fix: typo * fix: typo * fix: `environment variables`, not `environmental` * fix: typo & missing punctuation * fix: `much` not `many` * fix: `lets` not `let's` * fix: typo * fix: typo * fix: phrasing * fix: typo * fix: typo * fix: mysql operator manifest api version got this error while trying to run it as is: error: unable to recognize "20-operators/01-mysql-operator.yml": no matches for kind "Deployment" in version "apps/v1beta1" * fix: spelling 2020-01-29 21:41:07 +06:00			`$ kubectl apply -f 08-service/03-internal-service.yml`
feat: add section on services 2019-05-09 19:40:37 +06:00			`service "simple-service" created`
			```

			Your service is now accessible internally, try this in your `bash` container:

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
fix: fix services names (#49) 2019-05-23 18:11:41 +06:00			`root@bash:/# nslookup simple-internal-service`
chore: add MD linter (#18) 2019-05-14 20:26:37 +06:00			`Server: 10.96.0.10`
			`Address: 10.96.0.10#53`
feat: add section on services 2019-05-09 19:40:37 +06:00
fix: fix services names (#49) 2019-05-23 18:11:41 +06:00			`Name: simple-internal-service.default.svc.cluster.local`
feat: add section on services 2019-05-09 19:40:37 +06:00			`Address: 10.96.31.244`
			```

Various fixes (#57) * fix: fix internal service filename in 08-service section * fix: typo * fix: fix markdownlint in CI * fix: typo * fix: typo * fix: `environment variables`, not `environmental` * fix: typo & missing punctuation * fix: `much` not `many` * fix: `lets` not `let's` * fix: typo * fix: typo * fix: phrasing * fix: typo * fix: typo * fix: mysql operator manifest api version got this error while trying to run it as is: error: unable to recognize "20-operators/01-mysql-operator.yml": no matches for kind "Deployment" in version "apps/v1beta1" * fix: spelling 2020-01-29 21:41:07 +06:00			Try to curl the `/health` url, remember the `ports` we choose in the `service`.
feat: add section on services 2019-05-09 19:40:37 +06:00
chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			`Can you access this service from the outside of Kubernetes?`
feat: add section on services 2019-05-09 19:40:37 +06:00
			The answer is no, it's not possible. To do this you need an `ingress`. Ingress means "entering into".

			`## Ingress`

			You need to connect internet to the `ingress` that'll connect it to a service:

			```txt
			`internet`
			`\|`
			`[ ingress ]`
			`--\|-----\|--`
			`[ service ]`
			```

			`Let's create our ingress:`

			```yml
			`apiVersion: extensions/v1beta1`
			`kind: Ingress`
			`metadata:`
			`name: simple-ingress`
			`annotations:`
			`nginx.ingress.kubernetes.io/ssl-redirect: "false"`
			`spec:`
			`backend:`
fix: fix services names (#49) 2019-05-23 18:11:41 +06:00			`serviceName: simple-internal-service`
feat: add section on services 2019-05-09 19:40:37 +06:00			`servicePort: 80`
			```

			`Let's have a look at the manifest:`

			* `kind`: Ingress
			* `metadata`:
			* `annotations`: some annotations specific to the ingress
			* `nginx.ingress.kubernetes.io/ssl-redirect`: To fix a redirect, see [this](https://github.com/kubernetes/ingress-nginx/issues/1567). This is only used if you use the nginx ingress
			* `spec`:
			* `backend`: the default backend to redirect all the requests to
chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			* `serviceName`: the name of the Kubernetes traffic to redirect to
feat: add section on services 2019-05-09 19:40:37 +06:00			* `servicePort`: the port of the service

			`Apply the ingress:`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ kubectl apply -f 08-service/04-ingress.yml`
			`ingress.extensions "simple-ingress" created`
			```

			`Get the IP of your minikube cluster:`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`$ minikube ip`
			`192.168.99.100`
			```

			Open a browser on `http://192.168.99.100/info`

			With this manifest we have a `deployment` that manages pods. A `service` that gives access to the pods, and an `ingress` that gives access to the pod to the external world.

			`## Global overview`

chore: Kubernetes not k8s or kubernetes (#25) 2019-05-20 23:17:56 +06:00			You have seen a lot different `kind` of Kubernetes, let's take a step back and see how each `kind` interact with each other:
feat: add section on services 2019-05-09 19:40:37 +06:00
			```text
			`+----------------------------------------------------------------------------------+`
			`\| \|`
			`\| +-----------------------------+ \|`
			`\| \| \| \|`
			`\| \| +-------------+ \| \|`
			`\| \| \| \| \| \|`
			`\| \| -> Pod \| \| \|`
			`\| \| --/ \| \| \| \|`
			`+-------------+ +-------------+ \| ---/ +-------------+ \| \|`
			`\| \| \| \| \| \| --/ \| \|`
			`\| Ingress -----> Service ------------------\ \| \|`
			`\| \| \| \| \| \| --\ +-------------+ \| \|`
			`+-------------+ +-------------+ \| ---\ \| \| \| \|`
			`\| \| --\ \| Pod \| \| \|`
			`\| \| -> \| \| \|`
			`\| \| +-------------+ \| \|`
			`\| \| \| \|`
			`\| \| Deployment \| \|`
			`\| +-----------------------------+ \|`
			`\| \|`
			`\| \|`
			`\| \|`
			`\| Kubernetes \|`
			`+----------------------------------------------------------------------------------+`
			```

			`## Exercises`

			`1. Deploy an nginx and expose it internally`
chore: cleanup md, remove empty sections (#32) 2019-05-21 18:50:00 +06:00			`2. Read [this](https://kubernetes.io/docs/concepts/services-networking/ingress/#simple-fanout) and modify the ingress to have:`
chore: add MD linter (#18) 2019-05-14 20:26:37 +06:00			* `/simple` that goes to the `simple-service`
			* `/nginx` that goes to your nginx deployment
chore: cleanup md, remove empty sections (#32) 2019-05-21 18:50:00 +06:00			3. Change the `selector` in your `simple-service` look at what is happening
feat: add section on services 2019-05-09 19:40:37 +06:00
			`## Clean up`

fix: use sh in md (#28) 2019-05-21 15:10:59 +06:00			```sh
feat: add section on services 2019-05-09 19:40:37 +06:00			`kubectl delete ingress,service,deployment,rs,pod --all`
			```

			`## Answers`

chore: cleanup md, remove empty sections (#32) 2019-05-21 18:50:00 +06:00			For 2), you need to add the metadata `nginx.ingress.kubernetes.io/rewrite-target: /` to the ingress:
feat: add section on services 2019-05-09 19:40:37 +06:00
			`* Don't forget to create 2 deployments and 2 services.`
			* You can either change your `/etc/hosts` to add the name resolution for `foo.bar.com`, or use `curl http://YOUR-IP -H "Host: foo.bar.com"`

			`## Links`

			`* https://kubernetes.io/docs/concepts/services-networking/service/`
			`* https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/`
			`* https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/`
			`* https://kubernetes.io/docs/concepts/services-networking/ingress/`
			`* https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/`