Skip to content

Expose a mock mission app using istio ingress gateway Lab💣

Intro💣

In this lab an nginx pod will repesent a mock mission app that you’ll need to expose via the istio ingress gateway.

Experience Gained💣

Understanding how virtual services work and route traffic to backend service/pod

  1. Create a new directory for istio
[admin@Laptop:~]
mkdir -p ~/Desktop/residency/labs/istio-nginx-lab
cd ~/Desktop/residency/labs/istio-nginx-lab
  1. Create directories for manifests, manifests/app, manifests/istio
[admin@Laptop:~/Desktop/residency/labs/istio-lab]
mkdir -p manifests/app
mkdir -p manifests/istio
  1. Create a nginx-configmap.yaml file inside manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab]
vim manifests/app/nginx-configmap.yaml

# Copy the content below into manifests/app/nginx-configmap.yaml


apiVersion: v1
data:
  nginx.conf: |
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    #pid /run/nginx.pid;
    pid /tmp/nginx.pid;
    # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
    include /usr/share/nginx/modules/*.conf;
    events {
        worker_connections 1024;
    }
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
        include /etc/nginx/conf.d/*.conf;
        server {
            listen       7000 default_server;
            listen       [::]:7000 default_server;
            server_name  _;
            root         /usr/share/nginx/html;
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
            location / {
            }
            error_page 404 /404.html;
                location = /40x.html {
            }
            location /health {
                access_log off;
                return 200 "healthy\n";
            }
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
            }
        }
    }
kind: ConfigMap
metadata:
  name: my-nginx-config
  1. Create a nginx-deployment.yaml file inside manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab]
vim manifests/app/nginx-deployment.yaml


# Copy the content below into  manifests/app/nginx-deployment.yaml
# **Note:**
# Replace instances of `<NAME>` with your name.


apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
  annotations:
    sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: <NAME>-nginx
        image: docker.io/iahmad/ubi8-nginx-high-port:8.1
        env:
        - name: MYNAME
          value: "<NAME>"
        ports:
        - containerPort: 7000
        resources:
          requests:
            memory: "64Mi"
            cpu: "100m"
          limits:
            memory: "128Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 7000
          initialDelaySeconds: 5
          periodSeconds: 5
        readinessProbe:
          httpGet:
            path: /health
            port: 7000
          initialDelaySeconds: 10
          periodSeconds: 10
        volumeMounts:
        - name: my-nginx-config
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
      volumes:
        - name:  my-nginx-config
          configMap:
            name:  my-nginx-config
  1. Create a service.yaml file inside manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab]
vim manifests/app/nginx-service.yaml


# Copy the content below into manifests/app/nginx-service.yaml


apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  ports:
  - port: 8080
    name: http
    protocol: TCP
    targetPort: 7000
  selector:
    app: nginx
  sessionAffinity: None
  type: ClusterIP
  1. Apply the configmap, deployment, and service resources you created
ls ~/Desktop/residency/labs/istio-nginx-lab/manifests/app
kubectl apply -f ~/Desktop/residency/labs/istio-nginx-lab/manifests/app -n=istio-lab
  1. Make sure that the application page is reachable via a direct port forward from your laptop
kubectl port-forward -n istio-lab service/nginx-service 8080:8080

## Access the nginx page on http://localhost:8080 to confirm service is up
  1. Create a virtualservice.yaml file inside manifests/istio
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab]
vim manifests/istio/nginx-virtualservice.yaml


# Copy the content below to manifests/istio/nginx-virtualservice.yaml
# **Note:**
# Replace instances of `<NAME>` with your name.


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginx-virtualservice
  labels:
    cluster: <NAME>
spec:
  gateways:
  - public.istio-system.svc.cluster.local
  hosts:
  - nginx.<NAME>.bigbang.dev
  http:
  - route:
    - destination:
         host: nginx-service
         port:
            number: 8080
  1. Apply the virtualservice
ls ~/Desktop/residency/labs/istio-nginx-lab/manifests/istio
kubectl apply -f ~/Desktop/residency/labs/istio-nginx-lab/manifests/istio -n=istio-lab
kubectl get virtualservice -n=istio-lab
kubectl get vs -n=istio-lab
  1. Note: In Lab Guide #6’s 6th lab where we set up ingress dns

  2. There is an entry for *.$NAME.bigbang.dev

  3. Because of the wildcard CNAME record, the DNS part of ingress was preconfigured.
  4. If we didn’t have a wildcard CNAME entry, a new CNAME record would need to be created for every site added.

  5. Access the application at the following address

https://nginx.<NAME>.bigbang.dev
# Note: This is very similiar to how you'd setup access to a custom mission application hosted on the cluster.

Question: How you were able to hit the nginx pod and service, with the gateway to ingress traffic into cluster ?

Activity: Trace the traffic flow and identify AWS + K8S objects that helped display this page