.Net core microservice with HTTPS on AWS EKS - https

We have lunched .Net microservice on container and published it on EKS Cluster.
It's working fine on http.
We follow the link to deploy .Net microservice as deploy as a container.
https://dotnet.microsoft.com/en-us/learn/aspnet/microservice-tutorial/docker-file
We used below deploy.yaml
**---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mymicroservice
spec:
replicas: 1
template:
metadata:
labels:
app: mymicroservice
spec:
containers:
- name: mymicroservice
image: [YOUR DOCKER ID]/mymicroservice:latest
ports:
- containerPort: 80
env:
- name: ASPNETCORE_URLS
value: http://*:80
selector:
matchLabels:
app: mymicroservice
apiVersion: v1
kind: Service
metadata:
name: mymicroservice
spec:
type: LoadBalancer
ports:
port: 80
selector:
app: mymicroservice**
This exposed our microservices behind classic load balancer. It's working fine on Http.
but we facing challenges on HTTPS. How can this be achieved? If we need to use Nginx Ingress Controller how that yaml we can tune according to our deployment.yaml

Related

Kubernetes: spring cloud gateway not working

I have a spring cloud gateway that works fine in the docker configuration, like this:
(all routes/services except ratings are removed for readability's sake)
#Value("${hosts.ratings}")
private String ratingsPath;
#Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
return builder.routes()
.route(r -> r.host("*").and().path("/api/ratings/**")
.uri(ratingsPath + ":2226/api/ratings/"))
...other routes...
.build();
}
This gets it values from the application.properties locally, and from an environment variable in docker, like so in the docker-compose:
apigw:
build: ./Api-Gateway
container_name: apigw
links:
- ratings
...
depends_on:
- ratings
...
ports:
- "80:8080"
environment:
- hosts_ratings=http://ratings
...
This configuration works just fine. However, when porting this to our kubernetes cluster, all routes get a 404.
The deployment of our api gateway is as follows:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: apigw
name: apigw-deployment
spec:
replicas: 1
selector:
matchLabels:
app: apigw
template:
metadata:
labels:
app: apigw
spec:
containers:
- name: apigw
image: redacted
ports:
- containerPort: 8080
env:
- name: hosts_ratings
value: "ratings-service.default.svc.cluster.local"
...
With ratings-service being our ratings service (that definitely works, because when exposing it directly from its service, it does work), defined like this:
apiVersion: v1
kind: Service
metadata:
name: ratings-service
labels:
app: ratings
spec:
selector:
app: ratings
ports:
- port: 2226
targetPort: 2226
The service of our api gateway is as follows, using bare metal with an external IP that does work:
apiVersion: v1
kind: Service
metadata:
name: apigw-service
labels:
app: apigw
spec:
selector:
app: apigw
ports:
- port: 80
targetPort: 8080
externalIPs:
- A.B.C.D
How I believe it should work is that ratings-service.default.svc.cluster.local would get translated to the correct ip, filled in to the ratingsPath variable, and the query would succeed, but this is not the case.
Our other services are able to communicate in the same way, but the api gateway does not seem to be able to do that.
What could be the problem?
Posting community wiki based on comment for better visibility. Feel free to expand it.
The issue was a faulty version of the image:
It seems like the service i was using just straight up didn't work. Must have been a faulty version of the image i was using.
Check also:
Access Services Running on Clusters | Kubernetes
Service | Kubernetes
Debug Services | Kubernetes
DNS for Services and Pods | Kubernetes

Kubernetes spring application in docker connect external service

I'm new in kubernetes and docker world :)
I try to deploy our application in docker in kubernetes, but i can't connect to external mysql database..
my steps:
1, Install kubernetes with kubeadm in our new server.
2, Create a docker image from our application with mvn spring-boot:build-image
3, I create a deployment and service yaml to use image.
Deployment YAML:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
app: demo-app
name: demo-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: demo-app
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: demo-app
spec:
containers:
- image: demo/demo-app:0.1.05-SNAPSHOT
imagePullPolicy: IfNotPresent
name: demo-app-service
env:
- name: SPRING_DATASOURCE_URL
value: jdbc:mysql://mysqldatabase/DBDEV?serverTimezone=Europe/Budapest&useLegacyDatetimeCode=false
ports:
- containerPort: 4000
volumeMounts:
- name: uploads
mountPath: /uploads
- name: ssl-dir
mountPath: /ssl
volumes:
- name: ssl-dir
hostPath:
path: /var/www/dev.hu/backend/ssl
- name: uploads
hostPath:
path: /var/www/dev.hu/backend/uploads
restartPolicy: Always
Service YAML:
apiVersion: v1
kind: Service
metadata:
labels:
app: demo-app
name: demo-app
namespace: default
spec:
ports:
- port: 4000
name: spring
protocol: TCP
targetPort: 4000
selector:
app: demo-app
sessionAffinity: None
type: LoadBalancer
4, Create an endpoints and Service YAML, to communicate to outside:
kind: Endpoints
apiVersion: v1
metadata:
name: mysqldatabase
subsets:
- addresses:
- ip: 10.10.0.42
ports:
- port: 3306
---
kind: Service
apiVersion: v1
metadata:
name: mysqldatabase
spec:
type: ClusterIP
ports:
- port: 3306
targetPort: 3306
But it's not working, when i going to see logs i see spring cant connect to database.
Caused by: java.net.UnknownHostException: mysqldatabase
at java.net.InetAddress.getAllByName0(InetAddress.java:1281)
at java.net.InetAddress.getAllByName(InetAddress.java:1193)
at java.net.InetAddress.getAllByName(InetAddress.java:1127)
at com.mysql.cj.protocol.StandardSocketFactory.connect(StandardSocketFactory.java:132)
at com.mysql.cj.protocol.a.NativeSocketConnection.connect(NativeSocketConnection.java:63)
thanks for any helps
hold on. you don't create endpoints yourself. endpoints are registered by kubernetes when a service has matching pods. right now, you have deployed your application and exposed it via a service.
if you want to connect to your mysql database via service it needs to be deployed and kubernetes as well. if it is not hosted on kubernetes you will need a hostname or the ip address of the database and adapt your SPRING_DATASOURCE_URL accordingly!

Configuring Ingress with a GraphQL Gateway + gRPC Microservices

I am looking to deploy a SaaS platform I have built on kubernetes but I have hit a barrier when it comes to setting up the deployment correctly. You can find the setup I am going for
here. I have tried setting up the ingress controller, and it is, in fact forwarding requests to the GraphQL gateway, the problem is that the GraphQL Gateway itself is uncapable of connecting to the other services due to gRPC connection errors. Below you will find my Deployment.yml which contains the graphql gateway, an ingress controller and one service called general
What I am asking basically is how can I connect my gRPC based services to the main GraphQL gateway
apiVersion: v1
kind: Service
metadata:
name: graphql-gateway
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
selector:
app: gateway
---
apiVersion: v1
kind: Service
metadata:
name: general-service
spec:
ports:
- protocol: TCP
port: 443
targetPort: 600
selector:
app: general
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
spec:
replicas: 2
selector:
matchLabels:
app: gateway
template:
metadata:
labels:
app: gateway
spec:
containers:
- name: gateway
image: myregistry/gateway:latest
imagePullPolicy: "Always"
ports:
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: general
spec:
replicas: 2
selector:
matchLabels:
app: general
template:
metadata:
labels:
app: general
spec:
containers:
- name: general
image: myregistry/general:latest
imagePullPolicy: "Always"
ports:
- containerPort: 600
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/grpc-backend: "true"
spec:
rules:
- host: "playground.mydomain.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: graphql-gateway
port:
number: 80

Access kubernetes service externally

I'm following the spring and kubernetes integration tutorial:
https://spring.io/guides/gs/spring-boot-kubernetes/
In my current scenario, I have 1 master and 2 workers servers.
When I deploy the file below using the command kubectl apply -f deployment.yaml, I can make a request from within the master server using kubectl port-forward svc/demo 8080:8080 and curl localhost:8080/actuator/health.
What I want to do is an external request (a public computer - my computer) to access the service that I created (kubernetes_master_ip:8080/actuator), but when I try this, I get "connection refused".
What is missing?
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
replicas: 1
selector:
matchLabels:
app: demo
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: demo
spec:
containers:
- image: springguides/demo
name: demo
resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demo
type: ClusterIP
status:
loadBalancer: {}
You need to change the type of service to expose the application. There are two ways:
- LoadBalancer type: (Only on cloud providers)
- NodePort type: Can be done on-premise or minikube.
Change your service yaml to below:
apiVersion: v1
kind: Service
metadata:
labels:
app: demo
name: demo
spec:
ports:
- name: 8080-8080
port: 8080
nodePort: 31234
protocol: TCP
targetPort: 8080
selector:
app: demo
type: NodePort
Once the service is executed. check the application Node IP on which container is created.
kubectl get pods -o wide
then try to access the application at:
http://node_ip:31234/actuator
you can change your service type to load balancer. Which will expose your service via IP address to the external internet. Service type load balancer will only work with Cloud providers.
For more details you can visit : https://kubernetes.io/docs/concepts/services-networking/
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demo
type: LoadBalancer
save as yaml and execute it. it will provide the IP address.
You can access service via IP
Kubectl get svc

How to expose deployment as a service in 2.1-ee?

I created a service and use nodeport etc but couldn't access the service.
I created a web-service.yaml file with the following content and used kubectl to create the Service:
apiVersion: v1
kind: Service
metadata:
name: web-service
labels:
app: web-service
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
selector:
app: webserver
and the webserver.yaml file with the following Deployment details
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: webserver
spec:
replicas: 3
template:
metadata:
labels:
run: webserver
spec:
containers:
- name: webserver
image: nginx:alpine
ports:
- containerPort: 80
In your deployment, label is run=webserver, but in your service, label is app=webserver. The service uses app=webserver as a Selector, through which it selects three pods that have the label "app" set to "webserver". In this case none of the pods has the label "app" so the deployment is not successfully exposed as a service. The label names and values in the deployment and service should match.

Resources