Deployment
Deploy the Pods and expose the Services
Service1:
kubectl apply -f https://raw.githubusercontent.com/fortinet/fortiweb-ingress/main/service_examples/service1.yaml
Service2:
kubectl apply -f https://raw.githubusercontent.com/fortinet/fortiweb-ingress/main/service_examples/service2.yaml
Check the service1 and service2 you have deployed.
kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 10m service2 NodePort 10.109.117.79 <none> 1242:32075/TCP 2m59s
Deploy the Ingress
Define the Simple-fanout Ingress resource.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: simple-fanout-example annotations: { "fortiweb-ip" : "172.23.133.148", "fortiweb-login" : "fwb-login1", "fortiweb-ctrl-log" : "disable", "virtual-server-ip" : "192.23.133.6", "virtual-server-addr-type" : "ipv4", "virtual-server-interface" : "port2", "server-policy-web-protection-profile" : "Inline Standard Protection", "server-policy-https-service" : "HTTPS", "server-policy-http-service" : "HTTP", "server-policy-syn-cookie" : "enable", "server-policy-http-to-https" : "disable" } spec: ingressClassName: fwb-ingress-controller rules: - host: test.com http: paths: - path: /info pathType: Prefix backend: service: name: service1 port: number: 1241 - path: /hello pathType: Prefix backend: service: name: service2 port: number: 1242
Deploy it with kubectl
command.
kubectl apply -f simple-fanout.yaml
ingress.networking.k8s.io/simple-fanout-example created
Get the information of the simple-fanout-example Ingress by using the kubectl describe command.
user@control-plane-node ~> kubectl describe ingress simple-fanout-example Name: simple-fanout-example Namespace: default Address: 192.23.133.6 Default backend: default-http-backend:80 Rules: Host Path Backends ---- ---- -------- test.com /info service1:1241 (10.244.1.16:9876) /hello service2:1242 (10.244.12.26:80) Annotations: FortiWeb-admin: admin "fortiweb-ip" : "172.23.133.148", "fortiweb-login" : "fwb-login1", "fortiweb-ctrl-log" : "disable", "virtual-server-ip" : "192.23.133.6", "virtual-server-addr-type" : "ipv4", "virtual-server-interface" : "port2", "server-policy-web-protection-profile" : "Inline Standard Protection", "server-policy-https-service" : "HTTPS", "server-policy-http-service" : "HTTP", "server-policy-syn-cookie" : "enable", "server-policy-http-to-https" : "disable"
FortiView
Check the deployed Ingress with FortiView.
Try to access https://test.com/info
.
Try to access https://test.com/hello
.
Update or delete the Ingress
To update an Ingress resource:
You can edit the ingress.yaml.
and use kubectl apply
or use the kubectl edit
command.
kubectl edit ingress simple-fanout-example
To delete the Ingress resource:
kubectl delete ingress/simple-fanout-example
Add, update or delete Service and Node
Service
FortiWeb Ingress Controller only monitors port sections and annotations defined in services used in the deployed Ingress resource. For example, let the service2 also handle traffic with the TCP destination port 8080 to the nginx pod. Use the kubectl edit
command to see the original service2 spec.
kubectl edit service service2
#original definition of service2 apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-10-21T08:50:31Z" labels: run: nginx-demo name: service2 namespace: default resourceVersion: "26766217" selfLink: /api/v1/namespaces/default/services/service2 uid: 69aa596e-1f23-4696-b770-6202654058a5 spec: clusterIP: 10.109.117.79 externalTrafficPolicy: Cluster ports: - nodePort: 32075 port: 1242 protocol: TCP targetPort: 80 selector: run: nginx-demo sessionAffinity: None type: NodePort status: loadBalancer: {}
Now, add another port and give each port a name. In the example below, take note of the code in bold text.
# Modified service2 apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-10-21T08:50:31Z" labels: run: nginx-demo name: service2 namespace: default resourceVersion: "26766217" selfLink: /api/v1/namespaces/default/services/service2 uid: 69aa596e-1f23-4696-b770-6202654058a5 spec: clusterIP: 10.109.117.79 externalTrafficPolicy: Cluster ports: - name: http-80 nodePort: 32075 port: 1242 protocol: TCP targetPort: 80 - name: http-8080 port: 1243 protocol: TCP targetPort: 8080 selector: run: nginx-demo sessionAffinity: None type: NodePort status: loadBalancer: {}
Check the service with the kubectl get
command. You can see service2 has registered with the second port 1243 and get a NodePort 31879 allocated from Kubernetes.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 4d21h service2 NodePort 10.109.117.79 <none> 1242:32075/TCP,1243:31879/TCP 4d21h
And check the FortiWeb real server pool default_service2. You can see the pool members with port 31879 are added.
Note: If you delete the service used in the deployed Ingress resources, Kubernetes would not give you any warning, and FortiWeb Ingress Controller would not handle any delete events on the service.
Node
If you add or delete a worker node, FortiWeb Ingress Controller will check the deployed Ingress resources and handle the add/delete event. For updating a node, FortiWeb Ingress Controller only monitors the node’s IP.