Lab
A Cloud Guru

Forwarding Port Traffic with an Ambassador Container

Multi-container pods provide a variety of ways to enhance containers. When using the ambassador design pattern, a secondary container can intercept and translate network traffic before passing it on to the main container. In this lab, you will have a chance to implement a multi-container pod using the ambassador model. You will use an ambassador container running HAProxy to proxy traffic to a legacy service on a different port. After completing this exercise, you will have a hands-on understanding of how the ambassador model can be implemented.

Try for free Contact sales

Path Info

Level

Intermediate

Duration

1h 30m

Published

Mar 31, 2019

Challenge

Create a ConfigMap containing the configuration for the HAProxy ambassador.

Create a YAML definition file called fruit-service-ambassador-config.yml.

apiVersion: v1
kind: ConfigMap
metadata:
  name: fruit-service-ambassador-config
data:
  haproxy.cfg: |-
    global
        daemon
        maxconn 256

    defaults
        mode http
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms

    listen http-in
        bind *:80
        server server1 127.0.0.1:8775 maxconn 32

Create the ConfigMap in the cluster from the YAML definition file.

kubectl apply -f fruit-service-ambassador-config.yml

Challenge

Create a multi-container pod which provides access to the legacy service on port 80.

Create a YAML definition file for the pod called fruit-service.yml.

apiVersion: v1
kind: Pod
metadata:
  name: fruit-service
spec:
  containers:
  - name: legacy-fruit-service
    image: linuxacademycontent/legacy-fruit-service:1
  - name: haproxy-ambassador
    image: haproxy:1.7
    ports:
    - containerPort: 80
    volumeMounts:
    - name: config-volume
      mountPath: /usr/local/etc/haproxy
  volumes:
  - name: config-volume
    configMap:
      name: fruit-service-ambassador-config

Create the pod in the cluster.

kubectl apply -f fruit-service.yml

If everything is working correctly, you should be able to access fruit-service from another pod.

You can create a busybox pod to use for testing with a file called busybox.yml.

apiVersion: v1
kind: Pod
metadata:
  name: busybox
spec:
  containers:
  - name: myapp-container
    image: radial/busyboxplus:curl
    command: ['sh', '-c', 'while true; do sleep 3600; done']

Create the busybox testing pod.

kubectl apply -f busybox.yml

Use the busybox pod to test the legacy service on port 80. This command uses a subcommand to get the cluster's IP address for the pod and executes a curl command in the busybox pod to access the legacy service on port 80.

kubectl exec busybox -- curl $(kubectl get pod fruit-service -o=custom-columns=IP:.status.podIP --no-headers):80

If everything is working, you should see some JSON listing various types of fruit.

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.