kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update service doc

pull/13806/head
Jack Zhang 2022-03-24 20:49:25 +08:00
parent aaf7c5cfae
commit 2b16bfd76a
1 changed files with 126 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
site/content/en/docs/handbook/accessing.md
View File

@ -25,10 +25,77 @@ A NodePort service is the most basic way to get external traffic directly to you
We also have a shortcut for fetching the minikube IP and a service's `NodePort`:
```shell
minikube service --url <service-name>
minikube service <service-name> --url
```
## Getting the NodePort using kubectl
### Using `minikube service` with tunnel
The network is limited if you are using a Docker driver on darwin, Windows or WSL, and the Node IP is not reachable directly.
If minikube runs on Linux with Docker driver, no tunnel will be created.
Services of type `NodePort` can be exposed via the `minikube service <service-name> --url` command. It must be run in a separate terminal window to keep the [tunnel](https://en.wikipedia.org/wiki/Port_forwarding#Local_port_forwarding) open. Ctrl-C in the terminal can be used to terminate the process at which time the network routes will be cleaned up.
### Example of NodePort
1. Create a kubernetes deployment
```shell
kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
```
2. Create a kubernetes service type NodePort
```shell
kubectl expose deployment hello-minikube1 --type=NodePort --port=8080
```
3. Check Node Port
```shell
kubectl get svc
```
<pre>
$ kc get svc
AME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 NodePort 10.100.238.34 <none> 8080:31389/TCP 3s
</pre>
4. Run service tunnel
```shell
minikube service hello-minikube1 --url
```
`minikube service hello-minikube1 --url` runs as a process, creating a [tunnel](https://en.wikipedia.org/wiki/Port_forwarding#Local_port_forwarding) to cluster. The command exposes the service directly to any program running on the host operating system.
<details>
<summary>
service output example
</summary>
<pre>
$ minikube service hello-minikube1 --url
http://127.0.0.1:57123
❗ Because you are using a Docker driver on darwin, the terminal needs to be open to run it.
</pre>
</details>
check ssh tunnel in another terminal
```shell
$ ps -ef | grep docker@127.0.0.1
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -N docker@127.0.0.1 -p 55972 -i /Users/FOO/.minikube/machines/minikube/id_rsa -L TUNNEL_PORT:CLUSTER_IP:TARGET_PORT
```
5. Try in your browser
open in your browser (make sure there is no proxy set)
```shell
http://127.0.0.1:TUNNEL_PORT
```
### Getting the NodePort using kubectl
The minikube VM is exposed to the host system via a host-only IP address, that can be obtained with the `minikube ip` command. Any services of type `NodePort` can be accessed over that IP address, on the NodePort.
@ -54,77 +121,78 @@ This flag also accepts a comma separated list of ports and port ranges.
A LoadBalancer service is the standard way to expose a service to the internet. With this method, each service gets its own IP address.
## Using `minikube tunnel`
### Using `minikube tunnel`
Services of type `LoadBalancer` can be exposed via the `minikube tunnel` command. It must be run in a separate terminal window to keep the `LoadBalancer` running. Ctrl-C in the terminal can be used to terminate the process at which time the network routes will be cleaned up.
## Example
### Example of LoadBalancer
#### Run tunnel in a separate terminal
1. Run tunnel in a separate terminal
it will ask for password.
it will ask for password.
```shell
minikube tunnel
```
```shell
minikube tunnel
```
`minikube tunnel` runs as a process, creating a network route on the host to the service CIDR of the cluster using the cluster's IP address as a gateway. The tunnel command exposes the external IP directly to any program running on the host operating system.
`minikube tunnel` runs as a process, creating a network route on the host to the service CIDR of the cluster using the cluster's IP address as a gateway. The tunnel command exposes the external IP directly to any program running on the host operating system.
<details>
<summary>
tunnel output example
</summary>
<pre>
Password:
Status:
machine: minikube
pid: 39087
route: 10.96.0.0/12 -> 192.168.64.194
minikube: Running
services: [hello-minikube]
errors:
minikube: no errors
router: no errors
loadbalancer emulator: no errors
...
...
...
</pre>
</details>
<details>
<summary>
tunnel output example
</summary>
<pre>
Password:
Status:
machine: minikube
pid: 39087
route: 10.96.0.0/12 -> 192.168.64.194
minikube: Running
services: [hello-minikube]
errors:
minikube: no errors
router: no errors
loadbalancer emulator: no errors
...
...
...
</pre>
</details>
#### Create a kubernetes deployment
2. Create a kubernetes deployment
```shell
kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
```
```shell
kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
```
#### Create a kubernetes service type LoadBalancer
3. Create a kubernetes service type LoadBalancer
```shell
kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
```
```shell
kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
```
### Check external IP
4. Check external IP
```shell
kubectl get svc
```
<pre>
$ kc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 LoadBalancer 10.96.184.178 10.96.184.178 8080:30791/TCP 40s
</pre>
```shell
kubectl get svc
```
<pre>
$ kc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 LoadBalancer 10.96.184.178 10.96.184.178 8080:30791/TCP 40s
</pre>
note that without minikube tunnel, kubernetes would be showing external IP as "pending".
note that without minikube tunnel, kubernetes would be showing external IP as "pending".
### Try in your browser
5. Try in your browser
open in your browser (make sure there is no proxy set)
```
http://REPLACE_WITH_EXTERNAL_IP:8080
```
open in your browser (make sure there is no proxy set)
Each service will get its own external ip.
```shell
http://REPLACE_WITH_EXTERNAL_IP:8080
```
Each service will get its own external ip.
----
@ -150,12 +218,12 @@ Adding a route requires root privileges for the user, and thus there are differe
<https://superuser.com/questions/1328452/sudoers-nopasswd-for-single-executable-but-allowing-others>
### Access to ports <1024 on Windows requires root permission
If you are using Docker driver on Windows, there is a chance that you have an old version of SSH client you might get an error like - `Privileged ports can only be forwarded by root.` or you might not be able to access the service even after `minikube tunnel` if the access port is less than 1024 but for ports greater than 1024 works fine.
In order to resolve this, ensure that you are running the latest version of SSH client. You can install the latest version of the SSH client on Windows by running the following in a Command Prompt with an Administrator Privileges (Requires [chocolatey package manager](https://chocolatey.org/install))
```
```cmd
choco install openssh
```
The latest version (`OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5`) which is available on Windows 10 by default doesn't work. You can track the issue with this over here - https://github.com/PowerShell/Win32-OpenSSH/issues/1693
The latest version (`OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5`) which is available on Windows 10 by default doesn't work. You can track the issue with this over here - https://github.com/PowerShell/Win32-OpenSSH/issues/1693