Expose a mock mission app using istio ingress gateway Lab💣
Intro💣
In this lab a nginx pod will represent a mock mission app that you’ll need to expose via the istio ingress gateway.
Experience Gained💣
Understanding how virtual services work and route traffic to backend service/pod
-
Create a new directory for istio
[admin@Laptop:~] mkdir -p ~/Desktop/residency/labs/istio-nginx-lab cd ~/Desktop/residency/labs/istio-nginx-lab
-
Create directories for
manifests
,manifests/app
,manifests/istio
[admin@Laptop:~/Desktop/residency/labs/istio-lab] mkdir -p manifests/app mkdir -p manifests/istio
-
Create a nginx-configmap.yaml file inside
manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab] vim manifests/app/nginx-configmap.yaml # Copy the content below into manifests/app/nginx-configmap.yaml apiVersion: v1 data: nginx.conf: | user nginx; worker_processes auto; error_log /var/log/nginx/error.log; #pid /run/nginx.pid; pid /tmp/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 7000 default_server; listen [::]:7000 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } location /health { access_log off; return 200 "healthy\n"; } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } kind: ConfigMap metadata: name: my-nginx-config
-
Create a nginx-deployment.yaml file inside
manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab] vim manifests/app/nginx-deployment.yaml # Copy the content below into manifests/app/nginx-deployment.yaml # **Note:** # Replace instances of `<NAME>` with your name. apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx annotations: sidecar.istio.io/rewriteAppHTTPProbers: "true" spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: <NAME>-nginx image: docker.io/iahmad/ubi8-nginx-high-port:8.1 env: - name: MYNAME value: "<NAME>" ports: - containerPort: 7000 resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "128Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 7000 initialDelaySeconds: 5 periodSeconds: 5 readinessProbe: httpGet: path: /health port: 7000 initialDelaySeconds: 10 periodSeconds: 10 volumeMounts: - name: my-nginx-config mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: my-nginx-config configMap: name: my-nginx-config
-
Create a service.yaml file inside
manifests/app
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab] vim manifests/app/nginx-service.yaml # Copy the content below into manifests/app/nginx-service.yaml apiVersion: v1 kind: Service metadata: name: nginx-service spec: ports: - port: 8080 name: http protocol: TCP targetPort: 7000 selector: app: nginx sessionAffinity: None type: ClusterIP
-
Apply the configmap, deployment, and service resources you created
ls ~/Desktop/residency/labs/istio-nginx-lab/manifests/app kubectl apply -f ~/Desktop/residency/labs/istio-nginx-lab/manifests/app -n=istio-lab
-
Make sure that the application page is reachable via a direct port forward from your laptop
kubectl port-forward -n istio-lab service/nginx-service 8080:8080 ## Access the nginx page on http://localhost:8080 to confirm service is up
-
Create a virtualservice.yaml file inside
manifests/istio
[admin@Laptop:~/Desktop/residency/labs/istio-nginx-lab] vim manifests/istio/nginx-virtualservice.yaml # Copy the content below to manifests/istio/nginx-virtualservice.yaml # **Note:** # Replace instances of `<NAME>` with your name. apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: nginx-virtualservice labels: cluster: <NAME> spec: gateways: - public.istio-system.svc.cluster.local hosts: - nginx.<NAME>.bigbang.dev http: - route: - destination: host: nginx-service port: number: 8080
-
Apply the virtualservice
ls ~/Desktop/residency/labs/istio-nginx-lab/manifests/istio
kubectl apply -f ~/Desktop/residency/labs/istio-nginx-lab/manifests/istio -n=istio-lab
kubectl get virtualservice -n=istio-lab
kubectl get vs -n=istio-lab
- Note: In Lab Guide #6’s 6th lab where we set up ingress dns
- There is an entry for *.$NAME.bigbang.dev
- Because of the wildcard CNAME record, the DNS part of ingress was preconfigured.
-
If we didn’t have a wildcard CNAME entry, a new CNAME record would need to be created for every site added.
-
Access the application at the following address
https://nginx.<NAME>.bigbang.dev
# Note: This is very similiar to how you'd setup access to a custom mission application hosted on the cluster.
Question: How you were able to hit the nginx pod and service, with the gateway to ingress traffic into cluster ?
Activity: Trace the traffic flow and identify AWS + K8S objects that helped display this page