Kubernetes Service in Managed Namespace
The Mayope Managed Namespace provides a full-fledged namespace experience.
#
ClusterIP ServicesClusterIp should be your standard service to create. This service is only reachable within your namespace. You can expose a http service through an Ingress.
# Create hello world deploymentapiVersion: apps/v1kind: Deploymentmetadata: name: nginxspec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginxdemos/hello ports: - name: http containerPort: 80---# Create service for hello-world deploymentapiVersion: v1kind: Servicemetadata: name: nginxspec: ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: ClusterIP
#
LoadBalancer ServicesLoadBalancer Services are supported through Ip-Port-Assignments. These Assignments represent a public ip with a chose Port.
#
Request- Go to the
Namespace
tab - Chose the namespace where you want to deploy your LoadBalancer Service
- Click on the
Ports
drawer at the bottom of the detail view - Click on
Request Port Assignment
, enter your desired port and click onRequest
:- You need to choose a port between 1025 and 60000
- Your chosen port might not be available in which case we suggest choosing another
- After successfully requesting, your Assignment should be displayed in the Table
- Create your service as below:
apiVersion: apps/v1kind: Deploymentmetadata: name: nginxspec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx # This deactivates the firewall for the given port mayope/web-allowed: allowed spec: containers: - name: nginx image: nginx:1 ports: - name: http containerPort: 80---apiVersion: v1kind: Servicemetadata: name: nginxspec: loadBalancerIP: <<IP>> # The ip from the first column of the table ports: - name: http port: {{PORT}} # The port from the second column of the table protocol: TCP targetPort: 80 selector: app: nginx type: LoadBalancer
The service should be available as soon as the container started.
The label mayope/web-allowed: allowed
is needed because every namespace has a firewall that blocks any incoming external traffic,
except for the clusters own Ingress-Controller.
This annotation deactivates the firewall for this specific pod, so be careful what you expose to the internet.
#
NodePort ServicesNodePort services are currently not supported and there are no plans to support them. You can however issue a ticket on Github where you lay out your use case: Github Issue