Exercise 2: Advanced Content-Based Routing

Exercise 2: Advanced Content-Based Routing

Objectives


  • Deploying the setup belowUsing by using more features available in the resource VirtualServer compared to exercise 1
    • if path is /redirect then the action is redirect to http://www.nginx.com.

    • if path is /proxy then the action is proxy to add/rewrite/ignore some headers.

    • if path is /return_page then the action is return to reply with a custom web page.

    • in each action, some variables could be used like: $request_uri, $request_method, $request_body, $scheme, $host, etc (cf here for a complete list of available variables).


Step 1: Create a new manifest for the deployment

  • Copy and Paste the manifest below into a new file named cafe-virtual-server-lab2-ex2.yaml.

  • REPLACE {{SITE_ID}} in the field host by your allocated site ID before saving and applying cafe-virtual-server-lab2-ex1.yaml.

apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: cafeapp
  namespace: lab2-cafeapp
spec:
  ingressClassName: nginx-external
  host: cafeapp{{SITE_ID}}.f5app.dev
  tls:
    secret: cafeapp-secret-tls
    redirect:
      enable: true
      code: 301
      basedOn: scheme
  upstreams:
  - name: tea
    service: tea
    port: 80
  - name: coffee
    service: coffee
    port: 80
  routes:
  - path: /tea
    action:
      pass: tea
  - path: /coffee
    action:
      pass: coffee
  - path: /redirect
    action:
      redirect:
        url: http://www.nginx.com
        code: 301
  - path: /proxy
    action:
      proxy:
        upstream: coffee
        requestHeaders:
          pass: true
          set:
          - name: My-Header
            value: Value
          - name: Client-Cert
            value: ${ssl_client_escaped_cert}
        responseHeaders:
          add:
          - name: My-Header
            value: Hello_this_your_value
          - name: IC-Nginx-Version
            value: ${nginx_version}
            always: true
          hide:
          - x-internal-version
          ignore:
          - Expires
          - Set-Cookie
          pass:
          - Server
  - path: /return_page
    action:
      return:
        code: 200
        type: text/plain
        body: "Hello World\n\n\n\nRequest is ${request_uri}\nRequest Method is ${request_method}\nRequest Scheme is ${scheme}\nRequest Host is ${host}\nRequest Lengthis ${request_length}\nNGINX Version is ${nginx_version}\nClient IP address is ${remote_addr}\nClient Port is : ${remote_port}\nLocal Time is ${time_local}\nServer IP Address is ${server_addr}\nServer Port is ${server_port}\nProtocol is ${server_protocol}\n"

Step 2: Deploy the manifest

input:

kubectl apply -f cafe-virtual-server-lab2-ex2.yaml

output:

virtualserver.k8s.nginx.org/cafeapp configured

Step 3: Check the compilation status of the VirtualServer

kubectl describe virtualserver cafeapp -n lab2-cafeapp

Step 4: Test the setup

  • Test with the curl command below.

  • REPLACE {{SITE_ID}} in the field host by your allocated site ID.

  • Replace {{PATH}} with:
    • https://cafeapp{{SITE_ID}}.f5app.dev/coffee -> request is sent to the service coffee

    • https://cafeapp{{SITE_ID}}.f5app.dev/tea -> request is sent to the service tea

    • https://cafeapp{{SITE_ID}}.f5app.dev/redirect -> client is redirected to www.nginx.com

    • https://cafeapp{{SITE_ID}}.f5app.dev/return_page -> custom page Hello World is returned

    • https://cafeapp{{SITE_ID}}.f5app.dev/proxy -> requests go to coffee you should see custom headers in the responses

curl {{PATH}}


Capture The Flag

2.1 What is the name of the action which forwards requests to an upstream? | Tips: here

2.2 What is the name of the action which replies a preconfigured response? | Tips: here

2.3 What is the name of the action which passes requests to an upstream with the ability to modify the request/response (for example, rewrite the URI or modify the headers)? | Tips: here

2.4 What is the name of the action which redirects requests to a provided URL? | Tips: here