Exercise 1: Basic Content-Based Routing
Exercise 1: Basic Content-Based Routing¶
Description of the Environment for the Exercise¶
For that use case, the application named cafeapp has been deployed
The application cafe is composed of 2 services: cofee-svc and tea-svc
The application has been deployed in the NameSpace lab2-cafeapp
For TLS, a certificate and keys have been deployed into the namespace lab2-cafeapp under the name of cafeapp-secret-tls
The Custom Resource Definitions (CRD) VirtualServer and VirtualServerRoute have been installed
Note
Objectives¶
- Use the new resource VirtualServer to deploy the setup below:
listens for hostname cafe.example.com
TLS activated and uses a specified cert and key from a K8S secret resource
request for /tea are sent to service tea
request for /coffee are sent to service coffee
Check the Environment is up and running¶
Step 1: Check namespace lab2-cafeapp has been deployed and is Active:
input:
kubectl get namespaces
output:
NAME STATUS AGE
debug Active 30d
default Active 39d
external-ingress-controller Active 39d
infra-kibana Active 39d
kube-node-lease Active 39d
kube-public Active 39d
kube-system Active 39d
lab1-arcadia Active 36d
lab2-cafeapp Active 12h
lab3-cafe Active 27d
lab4-sentence-api Active 26d
lab4-sentence-front Active 26d
Step2: You should have 4 running pods in the namespace lab2-cafeapp (2 pods for the service coffee and 2 Pods for service tea):
input:
kubectl get pods -n lab2-cafeapp | grep v1
output:
NAME READY STATUS RESTARTS AGE
coffee-v1-6f4b79b975-pxjxp 1/1 Running 0 21s
coffee-v1-6f4b79b975-xpfvr 1/1 Running 0 21s
tea-v1-6fb46d899f-j2mqs 1/1 Running 0 21s
tea-v1-6fb46d899f-df5ge 1/1 Running 0 21s
Step3: You should have the services tea-svc and coffee-svc deployed:
input:
kubectl get services -n lab2-cafeapp
output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coffee ClusterIP 10.200.0.91 <none> 80/TCP 16m
tea ClusterIP 10.200.0.88 <none> 80/TCP 16m
Step 4: Verify a certificate and keys have been deployed into the namespace lab2-cafeapp
input:
kubectl describe secret cafeapp-secret-tls -n lab2-cafeapp
output:
Name: cafeapp-secret-tls
Namespace: lab2-cafeapp
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 1164 bytes
tls.key: 1675 bytes
Deploy a Virtual Server for TLS with Content-Based Routing¶
Step 1: Copy/Paste the manifest below into a new file named cafe-virtual-server-lab2-ex1.yaml.
REPLACE {{SITE_ID}} in the field host by your allocated site ID before saving and applying the manifest below in cafe-virtual-server-lab2-ex1.yaml.
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: cafeapp
namespace: lab2-cafeapp
spec:
ingressClassName: nginx-external
host: cafeapp{{SITE_ID}}.f5app.dev
tls:
secret: cafeapp-secret-tls
redirect:
enable: true
code: 301
basedOn: scheme
upstreams:
- name: tea
service: tea
port: 80
- name: coffee
service: coffee
port: 80
routes:
- path: /tea
action:
pass: tea
- path: /coffee
action:
pass: coffee
step 2: Deploy the manifest:
input:
kubectl apply -f cafe-virtual-server-lab2-ex1.yaml
output:
virtualserver.k8s.nginx.org/cafeapp configured
step 3: Check the compilation status of the VirtualServer with the command below:
input:
kubectl describe virtualserver cafeapp -n lab2-cafeapp
Test the setup¶
Run the curl command below.
Replace {{SITE_ID}} by your allocated site ID.
input:
curl https://cafeapp{{SITE_ID}}.f5app.dev/coffee --insecure
output:
Server address: 10.22.1.55:8080
Server name: coffee-6f4b79b975-5vmrd
Date: 05/May/2021:14:01:43 +0000
URI: /coffee
Request ID: 197d3c08b40fea8ba4428ab7d53440de
input:
curl https://cafeapp{{SITE_ID}}.f5app.dev/tea --insecure
output:
Server address: 10.22.1.31:8080
Server name: tea-6fb46d899f-k2sfc
Date: 05/May/2021:14:01:57 +0000
URI: /tea
Request ID: a7874c6a4389b72e75f608ce9ed0075b
input:
curl https://cafeapp{{SITE_ID}}.f5app.dev/
output:
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.5</center>
</body>
</html>
Capture The Flag
1.1 What kind of K8S Resource Definition can be used with NGINX+ for simplicity and advanced configuration of load balancing? | Tips: Answer is an acronym in 3 letters
1.2 What is the name of the CRD used for Advanced load balancing configuration and used as an alternative to the Ingress resource? | Tips: here
1.3 What is the name of the field (in the specification of the VirtualServer CRD) which is used to implement SSL Offloading? | Tips: here
1.4 What is the name of the field (in the specification of the VirtualServer CRD) which is used to defines a rule of content-based load balancing? | Tips: here