![[HPE Dev] Mapping Kubernetes Services to HPE Ezmeral Runtime Enterprise Gateway](https://cdn.hashnode.com/res/hashnode/image/upload/v1643726745105/o52BIEwUn.png?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
This blog is posted along with Blog from HPE Dev
Imagine you have different Kubernetes services and different services that come with different IP addresses. Are there tools that unify different services into single domain name? A gateway can answer that question. There are several benefits of using a gateway. First, the gateway can act as a load-balancer for different services. Second, only a gateway host IP address is exposed to the public while the rest remains behind the firewall. Follow this blog post to learn more about how to map Kubernetes Services to HPE Ezmeral Runtime Enterprise Gateway.
HPE Ezmeral Runtime Enterprise (formerly known as HPE Ezmeral Container Platform) comes with one or more gateway hosts. A gateway host acts as a proxy server that carries client requests like HPE Ezmeral Runtime Enterprise UI, REST API calls, Kubernetes API, and containerized application service endpoints. The Gateway host maps both the IP address of the Controller host and the private IP endpoints of services running on the Kubernetes nodes inside the Kubernetes clusters to publicly-accessible IP addresses/ports.
Note: To learn more about the the Gateway Host, check out the online documentation here.
To set up this architecture properly, you'll want to first set up a new Kubernetes (K8s) tenant, as shown in the image below. Just check the box next to "Map Services To Gateway":
Create a Hello World Kubernetes Application
Let's create a hello-world application for Kubernetes. This is a simple webpage showing which pod are you using. To begin with, create a deployment called k8s-helloworld with the hello-world image. After that, run get deployment and describe deployment to view the detail of the deployment. If you see 1/1 under the READY column, it is good to go.
# Create deployment of the application k8s-helloworld using the specific image
kubectl create deployment k8s-helloworld --image=gcr.io/google-samples/kubernetes-bootcamp:v1
# Get the information of the deployment with label k8s-helloworld
kubectl get deployment -l app=k8s-helloworld
# Describe the detail information of the deployment named as k8s-helloworld
kubectl describe deployment k8s-helloworld
The deployment will spin up some pods. To view which pods are running, you can run the get pods command. It will return a list of pods. Copy the pod name starting with k8s-helloworld and run an exec command to check if the website is up or not. If you see the terminal reply with Hello Kubernetes bootcamp!, you have successfully deployed a website on Kubernetes.
# Get the information of pods labeled with k8s-helloworld
kubectl get pods -l app=k8s-helloworld # copy your pod id
kubectl describe pods k8s-helloworld-5f84bb5d68-l9vch
# exec curl command inside the pod
kubectl exec k8s-helloworld-5f84bb5d68-l9vch -- curl -s http://localhost:8080
Using a Service to Expose an Application in a Cluster
So, now you have a website running on Kubernetes, and you want to share this website to your friends. It turns out that your friends cannot open the website. The reason for this is that, in order to get a deployment exposed to the public, a service object is needed to tell Kubernetes which services port is mapped to the deployment.
To expose your deployment, just run the command expose deployment with the name of the deployment and the port number the pod used to create a service object. In this case, it will be port 8080. Run get services to view the services and the mapped services port. Now you can access the website externally using the Kubernetes nodes IP address together with the services port.
# Expose the deployment with Port number 8080
kubectl expose deployment/k8s-helloworld --type="NodePort" --port 8080
# Get the information on Services labeled with k8s-helloworld
kubectl get svc -l app=k8s-helloworld
# Check if the application can be accessed from Kubernetes Cluster
curl ez-vm01.hpeilab.com:31856
At this point, you are half way done. Now, move to the Kubernetes tenant management GUI (shown in the image below). In the Service endpoints tab, you can see that the access point is not yet mapped to HPE Ezmeral Runtime Enterprise Gateway.
Making the application available to users
One more step is needed to expose your containerized application to users outside your HPE Ezmeral Runtime Enterprise infrastructure. You can expose the Kubernetes NodePort service of your application via the HPE Ezmeral Runtime Enterprise Gateway by setting up a port mapping. You have to apply a label hpecp.hpe.com/hpecp-internal-gateway: "true" on your NodePort Service object. You can do that by adding one line in your YAML files or run label command. The label generates a service port on the gateway host.
Note:
This behavior will be done automatically within any namespace associated with an HPE Ezmeral Runtime Enterprise tenant and if that tenant has the "Map Services To Gateway" enabled. However, you can control this behavior by labelling the NodePort service, either to force or to prevent the port mapping on the gateway host.
# Label the service named k8s-helloworld with hpecp.hpe.com/hpecp-internal-gateway=true
kubectl label service k8s-helloworld hpecp.hpe.com/hpecp-internal-gateway=true
Go back to the Kubernetes tenant management GUI. Now, in the Service endpoints tab, you can see the access point is mapped to HPE Ezmeral Runtime Enterprise Gateway.
You can also find the port by running the command kubectl describe services. The access point will be shown under the key annotations.
Now, the services has mapped to the gateway and you can now access it though the gateway. A hello world message will appear when you curl the URL.
# check your port number on the GUI
curl http://ez-gateway.hpeilab.com:10022/
Deleting the services and deployment
After playing around with Kubernetes, if you would like to clean up the application, remember to delete both services and the deployment.
# delete everything
kubectl delete services/k8s-helloworld
kubectl delete deployment/k8s-helloworld
Take away
Mapping Kubernetes services to HPE Ezmeral Runtime Enterprise Gateway provides a single point of secure access to the platform, which also allows for load-balancing. As you can see from what we just went through, it really isn't that hard. Feel free to navigate to HPE DEV Hack Shack to register for a Workshop-on-Demand for Kubernetes 101. Here, you can try it for yourself. After playing around with this, if you would like to clean up the application, remember to delete both the services and the deployment. Stay tuned to the HPE DEV blog to learn more on other HPE Ezmeral Runtime Enterprise related topics.