Public Access to Your Deployment

In this section, we show how to make your Flask API available on the public internet. This procedure assumes you have already created a Deployment and a Service (of type ClusterIP) for your Flask API.

There are two new Kubernetes objects you will be creating:

  1. A second Service object of type NodePort which selects your deployment using the deployment label and exposes your Flask API on a public port.

  2. An Ingress object which specifies a subdomain to make your Flask API available on and maps this domain to the public port created in Step 1.

Create a NodePort Service

The first step is to create a NodePort Service object pointing at your Flask deployment.

Copy the following code into a new file called flasktest_nodeport_service.yml or something similar:

 1---
 2kind: Service
 3apiVersion: v1
 4metadata:
 5    name: flasktest-service-nodeport
 6spec:
 7    type: NodePort
 8    selector:
 9        app: flasktestapp
10    ports:
11        - port: 5000
12          targetPort: 5000

Update the highlighted lines:

  1. The name of the Service object can be anything you want, so long as it is unique among the Services you have defined in your namespace. In particular, it needs to be a different name from your ClusterIP service defined previously.

  2. The value of app in the selector stanza needs to match the app label in your deployment. This should be exactly the same as what you did in Step 5 of the HomeWork 7 Lab. As mentioned there in Step 5, be sure the selector targets the label in your Flask deployment, not the deployment name.

As usual, create the NodePort using kubectl:

[kube]$ kubectl apply -f flasktest_nodeport_service.yml

Change the command to reference the file name you used.

Check that the service was created successfully and determine the port that was created for it:

[kube]$ kubectl get service
NAME                         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
flasktest-service-nodeport   NodePort    10.233.15.48   <none>        5000:31587/TCP   45s

Here we see that port 31587 was created for my service. Your port will be different.

Note

You will use the port identified above when creating the Ingress object in the next section.

You can test that the NodePort service is working by using the special domain coe332.tacc.cloud to exercise your Flask API from the kube-access VM:

[kube]$ curl coe332.tacc.cloud:31587/hello-service
Hello world

Change the port (31587) to the port associated with your nodeport service, and the URL path (/hello-service) to a path your Flask API recognizes.

Note

The curl above only works from the kube-access VM. We will open the Flask API to the public internet in the next section.

Create an Ingress

Next we will create an Ingress object which will map the NodePort port defined previously (in my example, 31587) to a specific domain on the public internet.

Copy the following code into a new file called flasktest_ingress.yml or something similar:

 1---
 2kind: Ingress
 3apiVersion: networking.k8s.io/v1
 4metadata:
 5  name: flasktest-ingress
 6  annotations:
 7    kubernetes.io/ingress.class: "nginx"
 8    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 9spec:
10  rules:
11  - host: "jstubbs.coe332.tacc.cloud"
12    http:
13        paths:
14        - pathType: Prefix
15          path: "/"
16          backend:
17            service:
18              name: flasktest-service-nodeport
19              port:
20                  number: 31587

Be sure to update the highlighted lines:

  1. Specify a meaningful name for the ingress. Keep in mind it should be unique among all Ingress obejcts within your namespace.

  2. Update the host value to include your username in the subdomain, i.e., use the format - host: "<username>.coe332.tacc.cloud".

  3. Update port number to match the NodePort port you created in step 1.

Create the Ingress object:

[kube]$ kubectl apply -f flasktest_ingress.yml

Double check that the object was successfully created:

[kube]$ kubectl get ingress
NAME                CLASS    HOSTS                       ADDRESS   PORTS   AGE
flasktest-ingress   <none>   jstubbs.coe332.tacc.cloud             80      102s

At this point our Flask API should be available on the public internet from the domain we specified in the host field. We can test by running the following curl command from anywhere, including our laptops.

[local]$ curl jstubbs.coe332.tacc.cloud/hello-service
Hello world