Public Access to Your Deployment
In this section, we show how to make your Flask API available on the public internet. This procedure assumes you have already created a Deployment and a Service (of type ClusterIP) for your Flask API.
There are two new Kubernetes objects you will be creating:
A second
Service
object of typeNodePort
which selects your deployment using the deployment label and exposes your Flask API on a public port.An
Ingress
object which specifies a subdomain to make your Flask API available on and maps this domain to the public port created in Step 1.
Create a NodePort Service
The first step is to create a NodePort Service object pointing at your Flask deployment.
Copy the following code into a new file called flasktest_nodeport_service.yml
or something
similar:
1---
2kind: Service
3apiVersion: v1
4metadata:
5 name: flasktest-service-nodeport
6spec:
7 type: NodePort
8 selector:
9 app: flasktestapp
10 ports:
11 - port: 5000
12 targetPort: 5000
Update the highlighted lines:
The
name
of the Service object can be anything you want, so long as it is unique among the Services you have defined in your namespace. In particular, it needs to be a different name from your ClusterIP service defined previously.The value of
app
in theselector
stanza needs to match theapp
label in your deployment. This should be exactly the same as what you did in Step 5 of the HomeWork 7 Lab. As mentioned there in Step 5, be sure the selector targets the label in your Flask deployment, not the deployment name.
As usual, create the NodePort using kubectl
:
[kube]$ kubectl apply -f flasktest_nodeport_service.yml
Change the command to reference the file name you used.
Check that the service was created successfully and determine the port that was created for it:
[kube]$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
flasktest-service-nodeport NodePort 10.233.15.48 <none> 5000:31587/TCP 45s
Here we see that port 31587
was created for my service. Your port will be different.
Note
You will use the port identified above when creating the Ingress object in the next section.
You can test that the NodePort service is working by using the special domain coe332.tacc.cloud
to exercise your Flask API from the kube-access VM:
[kube]$ curl coe332.tacc.cloud:31587/hello-service
Hello world
Change the port (31587
) to the port associated with your nodeport service, and the URL path
(/hello-service
) to a path your Flask API recognizes.
Note
The curl above only works from the kube-access VM. We will open the Flask API to the public internet in the next section.
Create an Ingress
Next we will create an Ingress object which will map the NodePort port defined previously
(in my example, 31587
) to a
specific domain on the public internet.
Copy the following code into a new file called flasktest_ingress.yml
or something
similar:
1---
2kind: Ingress
3apiVersion: networking.k8s.io/v1
4metadata:
5 name: flasktest-ingress
6 annotations:
7 kubernetes.io/ingress.class: "nginx"
8 nginx.ingress.kubernetes.io/ssl-redirect: "false"
9spec:
10 rules:
11 - host: "jstubbs.coe332.tacc.cloud"
12 http:
13 paths:
14 - pathType: Prefix
15 path: "/"
16 backend:
17 service:
18 name: flasktest-service-nodeport
19 port:
20 number: 31587
Be sure to update the highlighted lines:
Specify a meaningful
name
for the ingress. Keep in mind it should be unique among all Ingress obejcts within your namespace.Update the
host
value to include your username in the subdomain, i.e., use the format- host: "<username>.coe332.tacc.cloud"
.Update port number to match the NodePort port you created in step 1.
Create the Ingress object:
[kube]$ kubectl apply -f flasktest_ingress.yml
Double check that the object was successfully created:
[kube]$ kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
flasktest-ingress <none> jstubbs.coe332.tacc.cloud 80 102s
At this point our Flask API should be available on the public internet from the domain
we specified in the host
field. We can test by running the following curl command from
anywhere, including our laptops.
[local]$ curl jstubbs.coe332.tacc.cloud/hello-service
Hello world