From e77cd7ad7f8c20ab34fc41882c31562d228f88db Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Thu, 23 Mar 2023 16:01:20 +0000 Subject: [PATCH 01/20] WIP - add NIC deployment example --- .../service-insight/README.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 examples/custom-resources/service-insight/README.md diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md new file mode 100644 index 0000000000..3a0a0bb1df --- /dev/null +++ b/examples/custom-resources/service-insight/README.md @@ -0,0 +1,62 @@ +# Support for Service Insight + +NGINX Plus supports [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/). To use the service in the Ingress Controller: + +1. [Enable service insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/#enabling-service-insight-endpoint) in the Ingress Controller in the deployment file. + +In the following example we enable service insight in the NGINX Ingress Controller [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml): + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + app.kubernetes.io/name: nginx-ingress + spec: + serviceAccountName: nginx-ingress + automountServiceAccountToken: true + securityContext: + ... + containers: + - image: nginx-plus-ingress:3.0.2 + imagePullPolicy: IfNotPresent + name: nginx-plus-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: readiness-port + containerPort: 8081 + - name: prometheus + containerPort: 9113 + - name: service-insight + containerPort: 9114 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + resources: + ... + securityContext: + ... + env: + ... + args: + - -nginx-plus + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + ... + - -enable-service-insight + +``` From afb42659cbe982a6e6006608f7e17dca966977d6 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Thu, 23 Mar 2023 16:56:38 +0000 Subject: [PATCH 02/20] WIP - Add sections for VS and TS --- .../custom-resources/service-insight/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 3a0a0bb1df..c0093578be 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -60,3 +60,21 @@ spec: - -enable-service-insight ``` + +## Configuration + + + +# Virtual Servers + +## Deployment + +## Testing + + + +# Transport Servers + +## Deployment + +## Testing \ No newline at end of file From f3223d91e127802bfe0ec935ed16aebc43cd5f59 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Mon, 27 Mar 2023 16:41:30 +0100 Subject: [PATCH 03/20] Add service insight example for VS --- .../service-insight/README.md | 113 +++++++++++++++++- 1 file changed, 107 insertions(+), 6 deletions(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index c0093578be..b67a116b30 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -63,18 +63,119 @@ spec: ## Configuration +Check nginx-ingress pod id: +```bash +kubectl get pods -n nginx-ingress +``` +``` +NAME READY STATUS RESTARTS AGE +nginx-ingress-5b99f485fb-vflb8 1/1 Running 0 72m +``` + +Enable port forwarding +```bash +kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & +``` + +### Virtual Servers + +### Deployment + +Follow the [basic configuration example](../basic-configuration/) to deploy `cafe` app and `cafe virtual server`. + +### Testing + +Verify that the virtual server is up and running and verify the hostname: +```bash +kubectl get vs cafe +NAME STATE HOST IP PORTS AGE +cafe Valid cafe.example.com 16m +``` + +Scale down `tea` and `caffee` deployments: + +```bash +kubectl scale deployment tea --replicas=1 +``` + +```bash +kubectl scale deployment coffee --replicas=1 +``` + +Verify `tea` deployment: + +```bash +kubectl get deployments.apps tea +``` + +```bash +NAME READY UP-TO-DATE AVAILABLE AGE +tea 1/1 1 1 19m +``` + +Verify `coffee` deployment: +```bash +kubectl get deployments.apps coffee +``` + +```bash +NAME READY UP-TO-DATE AVAILABLE AGE +coffee 1/1 1 1 20m +``` + +Send `GET` request to the service insight endpoint to check statistics: + +Request: + +```bash +curl http://localhost:9114/probe/cafe.example.com +``` + +Response: + +```json +{"Total":2,"Up":2,"Unhealthy":0} +``` + +Scale up deployments: -# Virtual Servers +```bash +kubectl scale deployment tea --replicas=3 +``` -## Deployment +```bash +kubectl scale deployment coffee --replicas=3 +``` -## Testing +Verify deployments: +```bash +kubectl get deployments.apps tea +``` +```bash +NAME READY UP-TO-DATE AVAILABLE AGE +tea 3/3 3 3 31m +``` -# Transport Servers +```bash +kubectl get deployments.apps coffee +``` -## Deployment +```bash +NAME READY UP-TO-DATE AVAILABLE AGE +coffee 3/3 3 3 31m +``` -## Testing \ No newline at end of file +Send `GET` HTTP request to the service insight endpoint to check statistics: + +```bash +curl http://localhost:9114/probe/cafe.example.com +``` + +Response: + +```json +{"Total":6,"Up":6,"Unhealthy":0} +``` From 1e777ef67b940e401954cf0a645312f4104bb085 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 27 Mar 2023 15:45:03 +0000 Subject: [PATCH 04/20] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index b67a116b30..6c59451453 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -81,7 +81,7 @@ kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & ### Deployment -Follow the [basic configuration example](../basic-configuration/) to deploy `cafe` app and `cafe virtual server`. +Follow the [basic configuration example](../basic-configuration/) to deploy `cafe` app and `cafe virtual server`. ### Testing From 49f699405cdee3b4db2e2f506aacbf86f5c88d28 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Tue, 28 Mar 2023 12:56:38 +0100 Subject: [PATCH 05/20] Update example --- .../custom-resources/service-insight/README.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 6c59451453..43b570ce65 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -1,10 +1,10 @@ # Support for Service Insight -NGINX Plus supports [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/). To use the service in the Ingress Controller: + > The Service Insight feature is available only for F5 NGINX Plus. -1. [Enable service insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/#enabling-service-insight-endpoint) in the Ingress Controller in the deployment file. +NGINX Plus provides the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature. To use the feature in the Ingress Controller you must enable it in the [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml). -In the following example we enable service insight in the NGINX Ingress Controller [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml): +In the following example we enable the service insight in the NGINX Ingress Controller [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml): ```yaml apiVersion: apps/v1 @@ -61,23 +61,31 @@ spec: ``` +## Deployment + +[Install NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/). Remember to uncomment the `-enable-service-insight` option. + +Enable access to the Ingress Controller. Examples below use the `nodeport` service. + ## Configuration Check nginx-ingress pod id: + ```bash kubectl get pods -n nginx-ingress ``` + ``` NAME READY STATUS RESTARTS AGE nginx-ingress-5b99f485fb-vflb8 1/1 Running 0 72m ``` -Enable port forwarding +Forward service insight port 9114 to localhost port 9114: ```bash kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & ``` -### Virtual Servers +## Virtual Servers ### Deployment From d03dce310df95eee31b1ab1d228437c5643f302c Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 13:55:49 +0100 Subject: [PATCH 06/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Venktesh Shivam Patel Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 43b570ce65..12c1b420f4 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -2,7 +2,7 @@ > The Service Insight feature is available only for F5 NGINX Plus. -NGINX Plus provides the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature. To use the feature in the Ingress Controller you must enable it in the [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml). +To use the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature provided by NGINX Ingress Controller you must enable it by either setting `serviceInsight.create=true` in your `helm install/upgrade...` command OR [manifest](../../../deployments/deployment/nginx-plus-ingress.yaml) depending on your preferred installation method. In the following example we enable the service insight in the NGINX Ingress Controller [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml): From d6ff33724598f1e4593d5dabbf1323480cf65b72 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 13:56:01 +0100 Subject: [PATCH 07/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Venktesh Shivam Patel Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 12c1b420f4..1a1e45ad6e 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -4,7 +4,7 @@ To use the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature provided by NGINX Ingress Controller you must enable it by either setting `serviceInsight.create=true` in your `helm install/upgrade...` command OR [manifest](../../../deployments/deployment/nginx-plus-ingress.yaml) depending on your preferred installation method. -In the following example we enable the service insight in the NGINX Ingress Controller [deployment file](../../../deployments/deployment/nginx-plus-ingress.yaml): +In the following example we'll enable the Service Insight in the NGINX Ingress Controller using [manifests (Deployment)](../../../deployments/deployment/nginx-plus-ingress.yaml): ```yaml apiVersion: apps/v1 From d3e19be90b52a5d764eb3994f0985ed1a738721d Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:02:28 +0100 Subject: [PATCH 08/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 1a1e45ad6e..2dd8fa6dbd 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -2,7 +2,7 @@ > The Service Insight feature is available only for F5 NGINX Plus. -To use the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature provided by NGINX Ingress Controller you must enable it by either setting `serviceInsight.create=true` in your `helm install/upgrade...` command OR [manifest](../../../deployments/deployment/nginx-plus-ingress.yaml) depending on your preferred installation method. +To use the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature provided by F5 NGINX Ingress Controller you must enable it by setting `serviceInsight.create=true` in your `helm install/upgrade...` command OR [manifest](../../../deployments/deployment/nginx-plus-ingress.yaml) depending on your preferred installation method. In the following example we'll enable the Service Insight in the NGINX Ingress Controller using [manifests (Deployment)](../../../deployments/deployment/nginx-plus-ingress.yaml): From 9ff35d9fb4e42e119f3fdfcc398780279be4188e Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:02:41 +0100 Subject: [PATCH 09/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 2dd8fa6dbd..0367dfa1dd 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -4,7 +4,7 @@ To use the [Service Insight](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/service-insight/) feature provided by F5 NGINX Ingress Controller you must enable it by setting `serviceInsight.create=true` in your `helm install/upgrade...` command OR [manifest](../../../deployments/deployment/nginx-plus-ingress.yaml) depending on your preferred installation method. -In the following example we'll enable the Service Insight in the NGINX Ingress Controller using [manifests (Deployment)](../../../deployments/deployment/nginx-plus-ingress.yaml): +The following example demonstrates how to enable the Service Insight for NGINX Ingress Controller using [manifests (Deployment)](../../../deployments/deployment/nginx-plus-ingress.yaml): ```yaml apiVersion: apps/v1 From 08202512aedd1df8ec36b1dbd27a3e8d4b4a2b2f Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:44:27 +0100 Subject: [PATCH 10/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 0367dfa1dd..c07d6fcbe9 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -93,7 +93,7 @@ Follow the [basic configuration example](../basic-configuration/) to deploy `caf ### Testing -Verify that the virtual server is up and running and verify the hostname: +Verify that the virtual server is running, and check the hostname: ```bash kubectl get vs cafe NAME STATE HOST IP PORTS AGE From 1eeda91e31a9b2efbe22a957a7bedb109f80ac21 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:44:38 +0100 Subject: [PATCH 11/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index c07d6fcbe9..400be22fcc 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -63,9 +63,9 @@ spec: ## Deployment -[Install NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/). Remember to uncomment the `-enable-service-insight` option. +[Install NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/), and uncomment the `-enable-service-insight` option: this will allow Service Insight to interact with it. -Enable access to the Ingress Controller. Examples below use the `nodeport` service. +The examples below use the `nodeport` service. ## Configuration From a3ba4fb4b514f4bf6448b6561a42c755cc27bccb Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:44:47 +0100 Subject: [PATCH 12/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 400be22fcc..2acf7a2336 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -69,7 +69,7 @@ The examples below use the `nodeport` service. ## Configuration -Check nginx-ingress pod id: +First, get the nginx-ingress pod id: ```bash kubectl get pods -n nginx-ingress From fc0ec1ad5b79d9b8627784e88a302746cb7ddba9 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:44:56 +0100 Subject: [PATCH 13/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 2acf7a2336..814a16d50a 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -80,7 +80,7 @@ NAME READY STATUS RESTARTS AGE nginx-ingress-5b99f485fb-vflb8 1/1 Running 0 72m ``` -Forward service insight port 9114 to localhost port 9114: +Using the id, forward the service insight port (9114) to localhost port 9114: ```bash kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & ``` From 378c0eca303ef63279aa9a8803d69b8a38872665 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:45:12 +0100 Subject: [PATCH 14/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 814a16d50a..7e47490527 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -176,7 +176,7 @@ NAME READY UP-TO-DATE AVAILABLE AGE coffee 3/3 3 3 31m ``` -Send `GET` HTTP request to the service insight endpoint to check statistics: +Send a `GET` HTTP request to the service insight endpoint to check statistics: ```bash curl http://localhost:9114/probe/cafe.example.com From 20a95f35ae1bab2c183b8dc119964f7a22946f0e Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:45:22 +0100 Subject: [PATCH 15/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 7e47490527..2e6a883b76 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -132,7 +132,7 @@ NAME READY UP-TO-DATE AVAILABLE AGE coffee 1/1 1 1 20m ``` -Send `GET` request to the service insight endpoint to check statistics: +Send a `GET` request to the service insight endpoint to check statistics: Request: From ec1fd5b05f4b20de36cdee63075d8b94cc1c74fc Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:45:33 +0100 Subject: [PATCH 16/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Alan Dooley Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 2e6a883b76..49da3dae81 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -100,7 +100,7 @@ NAME STATE HOST IP PORTS AGE cafe Valid cafe.example.com 16m ``` -Scale down `tea` and `caffee` deployments: +Scale down the `tea` and `coffee` deployments: ```bash kubectl scale deployment tea --replicas=1 From 330a9f44c1007df9e64f2688267043388030d559 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Tue, 28 Mar 2023 19:40:47 +0100 Subject: [PATCH 17/20] Add TransportServer Service Insight example --- .../service-insight/README.md | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 49da3dae81..51898a0c40 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -187,3 +187,98 @@ Response: ```json {"Total":6,"Up":6,"Unhealthy":0} ``` + +## Transport Servers + +[Install NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/), and uncomment the `-enable-service-insight`, `-enable-custom-resources`, and `-enable-tls-passthrough` options. + +The examples below use the `nodeport` service. + +First, get the nginx-ingress pod id: + +```bash +kubectl get pods -n nginx-ingress +``` + +``` +NAME READY STATUS RESTARTS AGE +nginx-ingress-67978954cc-l6gvq 1/1 Running 0 72m +``` + +Using the id, forward the service insight port (9114) to localhost port 9114: +```bash +kubectl port-forward -n nginx-ingress nginx-ingress-67978954cc-l6gvq 9114:9114 & +``` + +### Deployment + +Follow the [tls passthrough example](../tls-passthrough/) to deploy the `secure-app` and configure load balancing. + +### Testing + +Verify that the transport server is running, and check the app name: + +```bash +kubectl get ts secure-app +NAME STATE REASON AGE +secure-app Valid AddedOrUpdated 5h37m +``` + +Scale down the `secure-app` deployment: + +```bash +kubectl scale deployment secure-app --replicas=1 +``` + +Verify `secure-app` deployment: + +```bash +kubectl get deployments.apps secure-app +NAME READY UP-TO-DATE AVAILABLE AGE +secure-app 1/1 1 1 5h41m +``` + +Send a `GET` request to the service insight endpoint to check statistics: + +Request: + +```bash +curl http://localhost:9114/probe/ts/secure-app +``` + +Response: + +```json +{"Total":1,"Up":1,"Unhealthy":0} +``` + +Scale up deployments: + +```bash +kubectl scale deployment secure-app --replicas=3 +``` + +Verify deployments: + +```bash +kubectl get deployments.apps secure-app +``` + +```bash +NAME READY UP-TO-DATE AVAILABLE AGE +secure-app 3/3 3 3 5h53m +``` + +Send a `GET` HTTP request to the service insight endpoint to check statistics: + +Request: + +```bash +curl http://localhost:9114/probe/ts/secure-app +``` + +Response: + +```json +{"Total":3,"Up":3,"Unhealthy":0} +``` From c65c21fd9abf67f6b851fc119df8b4dfe0214824 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Tue, 28 Mar 2023 19:42:46 +0100 Subject: [PATCH 18/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Venktesh Shivam Patel Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 51898a0c40..d581854c40 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -69,7 +69,7 @@ The examples below use the `nodeport` service. ## Configuration -First, get the nginx-ingress pod id: +First, get the pod name in namespace `nginx-ingress`: ```bash kubectl get pods -n nginx-ingress From 5111a2064941c1fec6e42803d14d3f348403e3de Mon Sep 17 00:00:00 2001 From: Jakub Jarosz Date: Wed, 29 Mar 2023 14:48:50 +0100 Subject: [PATCH 19/20] Add example with TLS support --- .../service-insight/README.md | 142 +++++++++++++++++- .../service-insight-secret.yaml | 8 + 2 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 examples/custom-resources/service-insight/service-insight-secret.yaml diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index d581854c40..30878d982d 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -75,12 +75,13 @@ First, get the pod name in namespace `nginx-ingress`: kubectl get pods -n nginx-ingress ``` -``` +```bash NAME READY STATUS RESTARTS AGE nginx-ingress-5b99f485fb-vflb8 1/1 Running 0 72m ``` Using the id, forward the service insight port (9114) to localhost port 9114: + ```bash kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & ``` @@ -94,6 +95,7 @@ Follow the [basic configuration example](../basic-configuration/) to deploy `caf ### Testing Verify that the virtual server is running, and check the hostname: + ```bash kubectl get vs cafe NAME STATE HOST IP PORTS AGE @@ -282,3 +284,141 @@ Response: ```json {"Total":3,"Up":3,"Unhealthy":0} ``` + +## Service Insight with TLS + +The following example demonstrates how to enable the Service Insight for NGINX Ingress Controller with **TLS** using [manifests (Deployment)](../../../deployments/deployment/nginx-plus-ingress.yaml): + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + app.kubernetes.io/name: nginx-ingress + spec: + serviceAccountName: nginx-ingress + automountServiceAccountToken: true + securityContext: + ... + containers: + - image: nginx-plus-ingress:3.0.2 + imagePullPolicy: IfNotPresent + name: nginx-plus-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: readiness-port + containerPort: 8081 + - name: prometheus + containerPort: 9113 + - name: service-insight + containerPort: 9114 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + resources: + ... + securityContext: + ... + env: + ... + args: + - -nginx-plus + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + ... + - -enable-service-insight + - -service-insight-tls-secret=default/service-insight-secret +``` + +The example below uses the `nodeport` service. + + +First, create and verify the secret: + +```bash +kubectl apply -f service-insight-secret.yaml +``` + +```bash +kubectl get secrets service-insight-secret +``` + +```bash +NAME TYPE DATA AGE +service-insight-secret kubernetes.io/tls 2 55s +``` + + +Get the nginx-ingress pod id: + +```bash +kubectl get pods -n nginx-ingress +``` + +```bash +NAME READY STATUS RESTARTS AGE +nginx-ingress-687d9c6764-g6vwx 1/1 Running 0 2m8s +``` + +Verify the nginx-ingress configuration parameters: + +```bash +kubectl describe pods -n nginx-ingress nginx-ingress-687d9c6764-g6vwx +``` + +```bash +... +Containers: + nginx-plus-ingress: + Container ID: containerd://fdff9038d747cada877cd547d88aa4a94af3d243e43956445d81f1e9d641be86 + Image: nginx-plus-ingress:jjplus + Image ID: docker.io/library/import-2023-03-27@sha256:85120b9f157bd6bb8e4469fa4aee3bbeac62c0a494d2707b47daab66b6b0b199 + Ports: 80/TCP, 443/TCP, 8081/TCP, 9113/TCP, 9114/TCP + Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP + Args: + -nginx-plus + -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + ... + -enable-service-insight + -service-insight-tls-secret=default/service-insight-secret + ... + State: Running + Started: Wed, 29 Mar 2023 14:32:25 +0100 +... +``` + +Using the nginx-ingress pod id, forward the service insight port (9114) to localhost port 9114: + +```bash +kubectl port-forward -n nginx-ingress nginx-ingress-687d9c6764-g6vwx 9114:9114 & +``` + +Follow the [basic configuration example](../basic-configuration/) to deploy `cafe` app and `cafe virtual server`. + +Send a `GET` request to the service insight (TLS) endpoint to check statistics: + +Request: + +```bash +curl https://localhost:9114/probe/cafe.example.com --insecure +``` + +Response: + +```json +{"Total":2,"Up":2,"Unhealthy":0} +``` diff --git a/examples/custom-resources/service-insight/service-insight-secret.yaml b/examples/custom-resources/service-insight/service-insight-secret.yaml new file mode 100644 index 0000000000..dea0d7dc89 --- /dev/null +++ b/examples/custom-resources/service-insight/service-insight-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: service-insight-secret +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== From cd3e09d325b5850850d59f7fb975d21d337d690c Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Wed, 29 Mar 2023 14:50:21 +0100 Subject: [PATCH 20/20] Update examples/custom-resources/service-insight/README.md Co-authored-by: Venktesh Shivam Patel Signed-off-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- examples/custom-resources/service-insight/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 30878d982d..425f02ffbf 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -83,7 +83,7 @@ nginx-ingress-5b99f485fb-vflb8 1/1 Running 0 72m Using the id, forward the service insight port (9114) to localhost port 9114: ```bash -kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 & +kubectl port-forward -n nginx-ingress nginx-ingress-5b99f485fb-vflb8 9114:9114 ``` ## Virtual Servers