Durée estimée : 15 minutes
Objective: Create a Deployment and expose it internally within the cluster using a ClusterIP Service. Test access to the Service using its DNS name from another Pod.
Context: You have a web application deployed and need to make it accessible to other applications running within the same Kubernetes cluster.
Instructions:
app-internal.kubectl create namespace app-internal
app-internal namespace, create a Deployment named webapp-deployment.
app=mywebapp.webapp-container, use the image nginx:1.27, and expose port 80./opt/cka_exercises/services/Ex1/deployment-webapp.yaml and apply it.webapp-service in the app-internal namespace.
ClusterIP (this is the default, but you can specify it).app=mywebapp./opt/cka_exercises/services/Ex1/service-webapp-clusterip.yaml and apply it.webapp-service has an assigned ClusterIP and lists endpoints corresponding to the webapp-deployment Pods.
kubectl get svc webapp-service -n app-internal in /opt/cka_exercises/services/Ex1/service_details.txt.kubectl get endpointslices -n app-internal -l kubernetes.io/service-name=webapp-service (or kubectl get endpoints webapp-service -n app-internal for older clusters) in /opt/cka_exercises/services/Ex1/service_endpoints.txt.busybox:1.36) in the app-internal namespace and use wget or curl to access the webapp-service via its DNS name (webapp-service or webapp-service.app-internal) on port 8080. Confirm you receive the Nginx welcome page.
/opt/cka_exercises/services/Ex1/test_command.txt.1. Création du Namespace :
kubectl create namespace app-internal
mkdir -p /opt/cka_exercises/services/Ex1
2. Création du Déploiement webapp-deployment:
Fichier /opt/cka_exercises/services/Ex1/deployment-webapp.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp-deployment
namespace: app-internal
spec:
replicas: 2
selector:
matchLabels:
app: mywebapp
template:
metadata:
labels:
app: mywebapp
spec:
containers:
- name: webapp-container
image: nginx:1.27
ports:
- containerPort: 80
Appliquez-le :
kubectl apply -f /opt/cka_exercises/services/Ex1/deployment-webapp.yaml
3. Création du Service webapp-service (ClusterIP) :
Fichier /opt/cka_exercises/services/Ex1/service-webapp-clusterip.yaml:
apiVersion: v1
kind: Service
metadata:
name: webapp-service
namespace: app-internal
spec:
type: ClusterIP
selector:
app: mywebapp
ports:
- protocol: TCP
port: 8080
targetPort: 80
Appliquez-le :
kubectl apply -f /opt/cka_exercises/services/Ex1/service-webapp-clusterip.yaml
4. Vérification du Service et des Endpoints :
Attendez que le déploiement soit prêt et le service configuré.
# kubectl get pods -n app-internal -w
kubectl get svc webapp-service -n app-internal > /opt/cka_exercises/services/Ex1/service_details.txt
# Pour les clusters récents utilisant EndpointSlice (par défaut)
kubectl get endpointslice -n app-internal -l kubernetes.io/service-name=webapp-service > /opt/cka_exercises/services/Ex1/service_endpoints.txt
# Alternative pour les anciens clusters ou pour voir l'objet Endpoints :
# kubectl get endpoints webapp-service -n app-internal > /opt/cka_exercises/services/Ex1/service_endpoints.txt
# service_details.txt devrait montrer un CLUSTER-IP et le port 8080.
# service_endpoints.txt devrait lister les IPs des 2 Pods Nginx sur le port 80.
5. Test de l'accès au Service via DNS :
echo "kubectl run dns-test --image=busybox:1.36 --rm -it -n app-internal -- sh -c 'wget -qO- webapp-service:8080'" > /opt/cka_exercises/services/Ex1/test_command.txt
# Pour exécuter le test :
# kubectl run dns-test --image=busybox:1.36 --rm -it -n app-internal -- sh
# Dans le shell du Pod dns-test:
# wget -qO- webapp-service:8080
# (ou wget -qO- webapp-service.app-internal:8080)
# (La sortie devrait être la page d'accueil Nginx)
# exit
Commandes de Nettoyage :
kubectl delete namespace app-internal
rm -rf /opt/cka_exercises/services/Ex1
Durée estimée : 15 minutes
Objective: Expose an existing application (Deployment) to external traffic using a NodePort Service.
Context: You have deployed an application and need to make it accessible from outside the Kubernetes cluster using a specific port on each node's IP address.
Instructions:
webapp-deployment from Exercise 1 in the app-internal namespace (or recreate it if cleaned up).webapp-nodeport-svc in the app-internal namespace.
NodePort.app=mywebapp (to target the webapp-deployment Pods).port: 80 (the port on which the Service is available internally via its ClusterIP).targetPort: 80 (the port the webapp-container is listening on).nodePort: 30007 (the static port on each node's IP where the service will be exposed. Ensure this port is not in use and is within the valid NodePort range for your cluster)./opt/cka_exercises/services/Ex2/service-webapp-nodeport.yaml and apply it.webapp-nodeport-svc is created and has the specified NodePort.
kubectl get svc webapp-nodeport-svc -n app-internal -o yaml in /opt/cka_exercises/services/Ex2/nodeport_service_details.yaml.nodePort.
/opt/cka_exercises/services/Ex2/testing_notes.txt.1. Prérequis : Déploiement webapp-deployment
Assurez-vous que le déploiement de l'exercice 1 (webapp-deployment dans app-internal) existe. Sinon, recréez-le :
# Si non fait ou nettoyé de l'Ex1 :
# kubectl create namespace app-internal
# kubectl apply -f /path/to/your/Ex1/deployment-webapp.yaml # ou le contenu ci-dessous
# Contenu de deployment-webapp.yaml (pour référence) :
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: webapp-deployment
# namespace: app-internal
# spec:
# replicas: 2
# selector:
# matchLabels:
# app: mywebapp
# template:
# metadata:
# labels:
# app: mywebapp
# spec:
# containers:
# - name: webapp-container
# image: nginx:1.27
# ports:
# - containerPort: 80
mkdir -p /opt/cka_exercises/services/Ex2
2. Création du Service webapp-nodeport-svc (NodePort) :
Fichier /opt/cka_exercises/services/Ex2/service-webapp-nodeport.yaml:
apiVersion: v1
kind: Service
metadata:
name: webapp-nodeport-svc
namespace: app-internal
spec:
type: NodePort
selector:
app: mywebapp
ports:
- port: 80
targetPort: 80
nodePort: 30007
protocol: TCP
Appliquez-le :
kubectl apply -f /opt/cka_exercises/services/Ex2/service-webapp-nodeport.yaml
3. Vérification du Service NodePort :
kubectl get svc webapp-nodeport-svc -n app-internal -o yaml > /opt/cka_exercises/services/Ex2/nodeport_service_details.yaml
# Dans nodeport_service_details.yaml, vous devriez voir type: NodePort et le nodePort: 30007.
# Exemple de sortie (partielle) :
# spec:
# clusterIP: <some-ip>
# ports:
# - nodePort: 30007
# port: 80
# protocol: TCP
# targetPort: 80
# selector:
# app: mywebapp
# type: NodePort
4. Description du Test Externe :
Fichier /opt/cka_exercises/services/Ex2/testing_notes.txt:
To test the NodePort service from outside the Kubernetes cluster:
1. Identify the IP address of any of your Kubernetes worker nodes. This can be done using:
`kubectl get nodes -o wide`
Look for the EXTERNAL-IP or INTERNAL-IP (depending on your network setup and where you are testing from).
2. Once you have a Node IP (e.g., <NodeIP>), you can access the Nginx service using a web browser or curl:
`curl http://<NodeIP>:30007`
or open `http://<NodeIP>:30007` in a browser.
3. This should return the Nginx welcome page.
Note: Ensure that your firewall rules (on the node, cloud provider security groups, etc.) allow incoming traffic on port 30007 to the worker nodes.
Durée estimée : 30 minutes
Objective: Expose a web application using an Ingress resource, routing traffic based on a path.
Context: You have a web application (Service) and want to expose it via HTTP at a specific path (e.g., http://<ingress-ip-or-host>/app) using an Ingress controller.
Note: This exercise assumes an Ingress controller (like Nginx Ingress) is installed and configured in your cluster. The ingressClassName should match your controller.
Instructions:
webapp-deployment and webapp-service (ClusterIP) from Exercise 1 are running in the app-internal namespace. If not, recreate them. The webapp-service should be listening on port 8080 and targeting port 80 of the Pods.webapp-ingress in the app-internal namespace.
ingressClassName that matches an Ingress controller in your cluster (e.g., nginx). If unsure, you can check available classes with kubectl get ingressclass or omit it if your cluster has a default Ingress controller that picks up Ingress resources without a class./app (and its sub-paths, type Prefix) to the webapp-service on its port 8080./opt/cka_exercises/services/Ex3/ingress-webapp.yaml and apply it.kubectl get ingress webapp-ingress -n app-internal -o yaml in /opt/cka_exercises/services/Ex3/ingress_details.yaml./opt/cka_exercises/services/Ex3/ingress_status_command.txt.1. Prérequis : Déploiement et Service ClusterIP
Assurez-vous que webapp-deployment et webapp-service (ClusterIP, exposant port 8080, targetPort 80) de l'Exercice 1 existent dans app-internal. Sinon, recréez-les.
# kubectl create namespace app-internal # Si pas déjà fait
# kubectl apply -f /path/to/your/Ex1/deployment-webapp.yaml
# kubectl apply -f /path/to/your/Ex1/service-webapp-clusterip.yaml
mkdir -p /opt/cka_exercises/services/Ex3
2. Création de l'Ingress webapp-ingress:
Fichier /opt/cka_exercises/services/Ex3/ingress-webapp.yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webapp-ingress
namespace: app-internal
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx # Remplacez par votre classe d'Ingress ou omettez si un défaut est configuré.
rules:
- http:
paths:
- path: /app
pathType: Prefix
backend:
service:
name: webapp-service
port:
number: 8080
Appliquez-le :
kubectl apply -f /opt/cka_exercises/services/Ex3/ingress-webapp.yaml
3. Vérification des détails de l'Ingress :
# Attendre que l'Ingress Controller attribue une adresse
# kubectl get ingress webapp-ingress -n app-internal -w
kubectl get ingress webapp-ingress -n app-internal -o yaml > /opt/cka_exercises/services/Ex3/ingress_details.yaml
echo "kubectl get ingress webapp-ingress -n app-internal" > /opt/cka_exercises/services/Ex3/ingress_status_command.txt
# Dans ingress_details.yaml ou la sortie de la commande get, cherchez la section status.loadBalancer.ingress.
# Elle contiendra une IP ou un hostname. Exemple:
# status:
# loadBalancer:
# ingress:
# - ip: 192.0.2.123
# # ou hostname: a1b2c3d4.elb.amazonaws.com
Notes:
ingressClassName specified in the Ingress manifest must match the class handled by your Ingress controller.nginx.ingress.kubernetes.io/rewrite-target) might be necessary depending on whether the backend service expects the path prefix or not.Commandes de Nettoyage :
kubectl delete ingress webapp-ingress -n app-internal
# kubectl delete service webapp-service -n app-internal # Optionnel
# kubectl delete deployment webapp-deployment -n app-internal # Optionnel
# kubectl delete namespace app-internal # Optionnel
rm -rf /opt/cka_exercises/services/Ex3