v2.0
v1.0
  1. Release Notes
    1. Release Notes - 2.0.2Latest
    1. Release Notes - 2.0.1
    1. Release Notes - 2.0.0
  1. Introduction
    1. Introduction
    1. Features
    1. Architecture
    1. Advantages
    1. Glossary
  1. Installation
    1. Intruction
      1. Intro
      2. Port Requirements
    1. Install on Linux
      1. All-in-One Installation
      2. Multi-Node Installation
      3. Installing HA Master and Etcd Cluster
      4. Storage Configuration Instruction
    1. Install on Kubernetes
      1. Prerequisites
      2. Online Installation
      3. Offline Installation
    1. Related Tools
      1. Integrating Harbor Registry
    1. Cluster Operation
      1. Adding New Nodes
      2. High Risk Operation
      3. Uninstalling KubeSphere
  1. Quick Start
    1. Getting Started with Multitenancy
    1. Exposing your APP using Ingress
    1. Deploying a MySQL Application
    1. Deploying a Wordpress Website
    1. Job to compute π to 2000 places
    1. Deploying Grafana using APP Template
    1. Creating Horizontal Pod Autoscaler
    1. S2i: Publish your app without Dockerfile
    1. Canary Release of Microservice APP
    1. CI/CD based on Spring Boot Project
    1. Building a Pipeline in a Graphical Panel
    1. CI/CD based on GitLab and Harbor
    1. Ingress-Nginx for Grayscale Release
  1. Cluster Admin Guide
    1. Multi-tenant Management
      1. Overview of Multi-tenant Management
      2. Overview of Role Management
    1. Platform Management
      1. Account Management
      2. Platform Roles Management
    1. Infrastructure
      1. Service Components
      2. Nodes
      3. Storage Classes
    1. Monitoring Center
      1. Physical Resources
      2. Application Resources
    1. Application Repository
    1. Jenkins System Settings
  1. User Guide
    1. Application Template
    1. Workloads
      1. Deployments
      2. StatefulSets
      3. DaemonSets
      4. Jobs
      5. CronJobs
    1. Storage
      1. Volumes
    1. Network & Services
      1. Services
      2. Routes
    1. Configuration Center
      1. Secret
      2. ConfigMap
      3. Image Registry
    1. Project Settings
      1. Basic Information
      2. Member Roles
      3. Project Members
      4. Internet Access
    1. DevOps Project
      1. DevOps Project Management
      2. DevOps Project Management
      3. DevOps Project Management
      4. DevOps Project Management
      5. DevOps Project Management
  1. Development Guide
    1. Preparing the Development Environment
    1. Development Workflow
  1. API Documentation
    1. API Guide
    1. How to invoke KubeSphere API
KubeSphere®️ 2020 All Rights Reserved.

Exposing your App: Creating a Service and Ingress

KubeSphere has built a global load balancer into each project (namespace), Ingress Controller, which is responsible for fulfilling the Ingress. Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Kubernetes-ingress provides such an example: As for website https://cafe.example.com, if users access the URL https://cafe.example.com/coffee then it will return "Coffee Ordering System". Similarly, when access the URL https://cafe.example.com/tea then it will return "Tea Ordering System".

To elaborate this process, we will create a Deployment, Service and Ingress to expose an application in this tutorial.

Prerequisites

You've completed all steps in Getting Started with Multi-tenant Management.

Estimated Time

About 20 minutes.

Hands-on Lab

Create Deployments

To get started, we'll create a tea deployment and a coffee deployment respectively.

Step 1: Create a Tea

1.1. Sign in with project-regular, then enter into demo-project. Choose Workloads → Deployments and click Create Deployment.

1.2. Name it as tea, click Next.

1.3. Set the replicas to 2, and click Add Container. Then fill in the Pod Template according to the following hints.

  • Image: nginxdemos/hello:plain-text
  • Container Name: tea
  • Service Settings: Name it as port, fill in 80 with the TCP protocol.

1.4. Click Save and then click Next → Create to complete tea deployment creation.

Step 2: Create a Coffee

2.1. Similarly, click Create button to create a "Coffee Ordering System" deployment.

2.2. Name it as coffee and click Next, then set the replicas to 2, and click Add Container. Then fill in the Pod Template according to the following hints.

  • Image: nginxdemos/hello:plain-text

  • Container Name: coffee

  • Service Settings: Name it as port, fill in 80 with the TCP protocol.

    2.3. Click Save and then click Next → Create to complete coffee deployment creation.

Create Services

In this section, we'll create a tea service and a coffee service for their deployments respectively. Choose Network & Services → Services, then click Create Service.

Step 3: Create a tea-svc

3.1. Name it as tea-svc, click Next.

3.2. Choose the first item Virtual IP: Access the service through the internal IP of the cluster, then fill in the Service Settings page according to the following hints.

  • Click Specify Workload and select tea, click Save.

  • Ports:

    • Name it as port
    • Service Port: 80
    • Container Port: 80

3.3. Then click Next → Create to complete the creation.

Step 4: Create a coffee-svc

4.1. Similarly, click Create button to create a Service, name it as coffee-svc.

4.2. Then Specify the workload to coffee, the other options are the same with tea-svc. Finally, click Create after other blanks are filled. At this point, two services have been successfully created.

Step 5: Create a TLS Certificate

Since the domain name bound in the route is the HTTPS protocol, we need to create the TLS certificate as a Secret.

5.1. Choose Configuration Center → Secrets, then click Create.

5.2. Name it as cafe-secret, click Next. Select the TLS as the Type, then copy and paste Credential and Private Key as following, click Create when you've done.

#Credential

-----BEGIN CERTIFICATE-----
MIIDLjCCAhYCCQDAOF9tLsaXWjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCQ0ExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDEbMBkGA1UEAwwSY2FmZS5leGFtcGxlLmNvbSAgMB4XDTE4MDkxMjE2MTUzNVoX
DTIzMDkxMTE2MTUzNVowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYD
VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMMEGNhZmUuZXhh
bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp6Kn7sy81
p0juJ/cyk+vCAmlsfjtFM2muZNK0KtecqG2fjWQb55xQ1YFA2XOSwHAYvSdwI2jZ
ruW8qXXCL2rb4CZCFxwpVECrcxdjm3teViRXVsYImmJHPPSyQgpiobs9x7DlLc6I
BA0ZjUOyl0PqG9SJexMV73WIIa5rDVSF2r4kSkbAj4Dcj7LXeFlVXH2I5XwXCptC
n67JCg42f+k8wgzcRVp8XZkZWZVjwq9RUKDXmFB2YyN1XEWdZ0ewRuKYUJlsm692
skOrKQj0vkoPn41EE/+TaVEpqLTRoUY3rzg7DkdzfdBizFO2dsPNFx2CW0jXkNLv
Ko25CZrOhXAHAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKHFCcyOjZvoHswUBMdL
RdHIb383pWFynZq/LuUovsVA58B0Cg7BEfy5vWVVrq5RIkv4lZ81N29x21d1JH6r
jSnQx+DXCO/TJEV5lSCUpIGzEUYaUPgRyjsM/NUdCJ8uHVhZJ+S6FA+CnOD9rn2i
ZBePCI5rHwEXwnnl8ywij3vvQ5zHIuyBglWr/Qyui9fjPpwWUvUm4nv5SMG9zCV7
PpuwvuatqjO1208BjfE/cZHIg8Hw9mvW9x9C+IQMIMDE7b/g6OcK7LGTLwlFxvA8
7WjEequnayIphMhKRXVf1N349eN98Ez38fOTHTPbdJjFA/PcC+Gyme+iGt5OQdFh
yRE=
-----END CERTIFICATE-----

#Private Key

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqeip+7MvNadI7if3MpPrwgJpbH47RTNprmTStCrXnKhtn41k
G+ecUNWBQNlzksBwGL0ncCNo2a7lvKl1wi9q2+AmQhccKVRAq3MXY5t7XlYkV1bG
CJpiRzz0skIKYqG7Pcew5S3OiAQNGY1DspdD6hvUiXsTFe91iCGuaw1Uhdq+JEpG
wI+A3I+y13hZVVx9iOV8FwqbQp+uyQoONn/pPMIM3EVafF2ZGVmVY8KvUVCg15hQ
dmMjdVxFnWdHsEbimFCZbJuvdrJDqykI9L5KD5+NRBP/k2lRKai00aFGN684Ow5H
c33QYsxTtnbDzRcdgltI15DS7yqNuQmazoVwBwIDAQABAoIBAQCPSdSYnQtSPyql
FfVFpTOsoOYRhf8sI+ibFxIOuRauWehhJxdm5RORpAzmCLyL5VhjtJme223gLrw2
N99EjUKb/VOmZuDsBc6oCF6QNR58dz8cnORTewcotsJR1pn1hhlnR5HqJJBJask1
ZEnUQfcXZrL94lo9JH3E+Uqjo1FFs8xxE8woPBqjZsV7pRUZgC3LhxnwLSExyFo4
cxb9SOG5OmAJozStFoQ2GJOes8rJ5qfdvytgg9xbLaQL/x0kpQ62BoFMBDdqOePW
KfP5zZ6/07/vpj48yA1Q32PzobubsBLd3Kcn32jfm1E7prtWl+JeOFiOznBQFJbN
4qPVRz5hAoGBANtWyxhNCSLu4P+XgKyckljJ6F5668fNj5CzgFRqJ09zn0TlsNro
FTLZcxDqnR3HPYM42JERh2J/qDFZynRQo3cg3oeivUdBVGY8+FI1W0qdub/L9+yu
edOZTQ5XmGGp6r6jexymcJim/OsB3ZnYOpOrlD7SPmBvzNLk4MF6gxbXAoGBAMZO
0p6HbBmcP0tjFXfcKE77ImLm0sAG4uHoUx0ePj/2qrnTnOBBNE4MvgDuTJzy+caU
k8RqmdHCbHzTe6fzYq/9it8sZ77KVN1qkbIcuc+RTxA9nNh1TjsRne74Z0j1FCLk
hHcqH0ri7PYSKHTE8FvFCxZYdbuB84CmZihvxbpRAoGAIbjqaMYPTYuklCda5S79
YSFJ1JzZe1Kja//tDw1zFcgVCKa31jAwciz0f/lSRq3HS1GGGmezhPVTiqLfeZqc
R0iKbhgbOcVVkJJ3K0yAyKwPTumxKHZ6zImZS0c0am+RY9YGq5T7YrzpzcfvpiOU
ffe3RyFT7cfCmfoOhDCtzukCgYB30oLC1RLFOrqn43vCS51zc5zoY44uBzspwwYN
TwvP/ExWMf3VJrDjBCH+T/6sysePbJEImlzM+IwytFpANfiIXEt/48Xf60Nx8gWM
uHyxZZx/NKtDw0V8vX1POnq2A5eiKa+8jRARYKJLYNdfDuwolxvG6bZhkPi/4EtT
3Y18sQKBgHtKbk+7lNJVeswXE5cUG6EDUsDe/2Ua7fXp7FcjqBEoap1LSw+6TXp0
ZgrmKE8ARzM47+EJHUviiq/nupE15g0kJW3syhpU9zZLO7ltB0KIkO9ZRcmUjo8Q
cpLlHMAqbLJ8WYGJCkhiWxyal6hYTyWY4cVkC0xtTl/hUE9IeNKo
-----END RSA PRIVATE KEY-----

Step 6: Create a cafe-ingress

6.1. Choose Network & Services → Routes, and click Create Route button.

6.2. Name it as cafe-ingress, then click Add Route Rule.

6.3. Choose Specify Domain and fill in the table as following:

  • HostName: cafe.example.com

  • Protocol: Choose https

  • Secret Name: Choose cafe-secret

  • Paths:

    • Input /coffee, then choose coffee-svc as the service and select 80 as the port
    • Click Add Path, input /tea, then choose tea-svc as the service and select 80 as the port

6.4. Click Save after you've done, then skip to the final step to click Create, we can see the cafe-ingress has been created successfully.

Step 7: Access the Application via Route

So far, we have exposed two different application via route and its rules. We can access the tea and coffee application through different path.

For example, when we visit https://cafe.example.com:{$HTTPS_PORT}/coffee, any one of the coffee Pod should respond to the request. As following demo, the Server name and Server address is corresponding to the Pod coffee-5db79467d6-ghm95.

$ curl --resolve cafe.example.com:30972:192.168.0.88 https://cafe.example.com:30972/coffee --insecure
Server address: 10.233.87.215:80
Server name: coffee-5db79467d6-ghm95
Date: 16/Jul/2019:09:24:33 +0000
URI: /coffee
Request ID: d396d300af9df6d31e0c1edd50d5da54

$ kubectl get pod -n demo-project -o wide
NAME                      READY   STATUS    RESTARTS   AGE    IP       NODE          NOMINATED NODE   READINESS GATES
coffee-5db79467d6-ghm95   1/1     Running   0          93m    10.233.87.215   ks-allinone   <none>           <none>

Similarly, when we visit https://cafe.example.com:{$HTTPS_PORT}/tea, any one of the tea Pod should respond to the request. As following demo, the Server name and Server address is corresponding to the Pod tea-5bf6c889c4-vlv69.

$ curl --resolve cafe.example.com:30972:192.168.0.88 https://cafe.example.com:30972/tea --insecure
Server address: 10.233.87.174:80
Server name: tea-5bf6c889c4-vlv69
Date: 16/Jul/2019:09:31:01 +0000
URI: /tea
Request ID: 3f047c0461640da52c6d152039d016e1

$ kubectl get pod -n demo-project -o wide
NAME                      READY   STATUS    RESTARTS   AGE    IP     NODE          NOMINATED NODE   READINESS GATES
tea-5bf6c889c4-vlv69      1/1     Running   0          106m   10.233.87.174   ks-allinone   <none>           <none>

Conclusion

According to above instruction, it indicates that the route has successfully forwarded different requests to the corresponding back-end service, and the service redirects that traffic to one of the Service’s backend Pods.