Guided Exercise: Scale and Expose Applications to External Access
Deploy one web server and access it through a Kubernetes ingress; and deploy another web server and access it through an OpenShift route.
Outcomes
In this exercise, you deploy two web applications to access them through an ingress object and a route, and scale them to verify the load-balance between the pods.
Deploy two web applications.
Create a route and an ingress object to access the web applications.
Enable the sticky sessions for the web applications.
Scale the web applications to load-balance the service.
As the student user on the workstation machine, use the lab command to prepare your system for this exercise. This command ensures that the cluster is accessible.
[student@workstation ~]$ lab start deploy-routes
Procedure 4.4. Instructions
Create two web application deployments, named
satir-appandsakila-app. Use theregistry.ocp4.example.com:8443/httpd-app:v1container image for both deployments.Log in to the OpenShift cluster as the
developeruser with thedeveloperpassword.[student@workstation ~]$ oc login -u developer -p developer \ https://api.ocp4.example.com:6443 Login successful ...output omitted...Change to the
web-applicationsproject.[student@workstation ~]$ oc project web-applications Now using project "web-applications" on server "https://api.ocp4.example.com:6443". ...output omitted...Create the
satir-appweb application deployment by using theregistry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1container image. Ignore the warning message.[student@workstation ~]$ oc create deployment satir-app \ --image registry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/satir-app createdAfter a few moments, verify that the deployment is successful.
[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS ... satir-app-787b7d7858-5dfsh 1/1 Running 0 ...[student@workstation ~]$ oc status ...output omitted... deployment/satir-app deploys registry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1 deployment #1 running for 20 seconds - 1 pod ...output omitted...Create the
sakila-appweb application deployment by using theregistry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1image. Ignore the warning message.[student@workstation ~]$ oc create deployment sakila-app \ --image registry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/sakila-app createdWait a few moments and then verify that the deployment is successful.
[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS ... sakila-app-6694...5kpd 1/1 Running 0 ... satir-app-787b7...dfsh 1/1 Running 0 ...[student@workstation ~]$ oc status ...output omitted... deployment/satir-app deploys registry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1 deployment #1 running for 5 minutes - 1 pod deployment/sakila-app deploys registry.ocp4.example.com:8443/redhattraining/do180-httpd-app:v1 deployment #1 running for 2 minutes - 1 pod ...output omitted...
Create services for the web application deployments. Then, use the services to create a route for the
satir-appapplication and an ingress object for thesakila-appapplication.Expose the
satir-appdeployment. Name the servicesatir-svc, and specify port8080as the port and target port.[student@workstation ~]$ oc expose deployment satir-app --name satir-svc \ --port 8080 --target-port 8080 service/satir-svc exposedExpose the
sakila-appdeployment to create thesakila-svcservice.[student@workstation ~]$ oc expose deployment sakila-app --name sakila-svc \ --port 8080 --target-port 8080 service/sakila-svc exposedVerify the status of the services.
[student@workstation ~]$ oc get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) ... sakila-svc ClusterIP 172.30.230.41 <none> 8080/TCP ... satir-svc ClusterIP 172.30.143.15 <none> 8080/TCP ...[student@workstation ~]$ oc get endpoints NAME ENDPOINTS ... sakila-svc 10.8.0.66:8080 ... satir-svc 10.8.0.65:8080 ...[student@workstation ~]$ oc get pods -o wide NAME READY STATUS RESTARTS AGE IP ... sakila-app-6694...5kpd 1/1 Running 0 92s 10.8.0.66 ... satir-app-787b7...dfsh 1/1 Running 0 2m49s 10.8.0.65 ...Create a route named
satirfor thesatir-appweb application by exposing thesatir-svcservice.[student@workstation ~]$ oc expose service satir-svc --name satir route.route.openshift.io/satir exposed[student@workstation ~]$ oc get routes NAME HOST/PORT ... SERVICES PORT ... satir satir-web-applications.apps.ocp4.example.com ... satir-svc 8080 ...Create an ingress object named
ingr-sakilafor thesakila-svcservice. Configure the--ruleoption with the following values:| Field | Value | | --- | --- | | Host |
ingr-sakila.apps.ocp4.example.com| | Service name |sakila-svc| | Port number |8080|[student@workstation ~]$ oc create ingress ingr-sakila \ --rule "ingr-sakila.apps.ocp4.example.com/*=sakila-svc:8080" ingress.networking.k8s.io/ingr-sakila created[student@workstation ~]$ oc get ingress NAME ... HOSTS ADDRESS PORTS ... ingr-sakila ... ingr-sakila.apps.ocp4.example.com router...com 80 ...Confirm that a route exists for the
ingr-sakilaingress object.[student@workstation ~]$ oc get routes NAME HOST/PORT ... SERVICES PORT ingr-sakila... ingr-sakila.apps.ocp4.example.com ... sakila-svc <all> satir satir-web-applications.apps.ocp4.example.com ... satir-svc 8080A specific port is not assigned to routes that ingress objects created. By contrast, a route that an exposed service created is assigned the same ports as the service.
Use the
curlcommand to access theingr-sakilaingress object and thesatirroute. The output states the name of the pod that is servicing the request.[student@workstation ~]$ curl ingr-sakila.apps.ocp4.example.com Welcome to Red Hat Training, from sakila-app-66947cdd78-x5kpd[student@workstation ~]$ curl satir-web-applications.apps.ocp4.example.com Welcome to Red Hat Training, from satir-app-787b7d7858-bdfsh
Scale the web application deployments to load-balance their services. Scale the
sakila-appto two replicas, and thesatir-appto three replicas.Scale the
sakila-appdeployment with two replicas.[student@workstation ~]$ oc scale deployment sakila-app --replicas 2 deployment.apps/sakila-app scaledWait a few moments and then verify the status of the replica pods.
[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS ... sakila-app-6694...5kpd 1/1 Running 0 ... sakila-app-6694...rfzg 1/1 Running 0 ... satir-app-787b...dfsh 1/1 Running 0 ...Scale the
satir-appdeployment with three replicas.[student@workstation ~]$ oc scale deployment satir-app --replicas 3 deployment.apps/satir-app scaledWait a few moments and then verify the status of the replica pods.
[student@workstation ~]$ oc get pods -o wide NAME READY STATUS RESTARTS ... IP ... sakila-app-6694...5kpd 1/1 Running 0 ... 10.8.0.66 ... sakila-app-6694...rfzg 1/1 Running 0 ... 10.8.0.67 ... satir-app-787b...dfsh 1/1 Running 0 ... 10.8.0.65 ... satir-app-787b...z8xm 1/1 Running 0 ... 10.8.0.69 ... satir-app-787b...7bhj 1/1 Running 0 ... 10.8.0.70 ...Retrieve the service endpoints to confirm that the services are load-balanced between the additional replica pods.
[student@workstation ~]$ oc get endpoints NAME ENDPOINTS ... sakila-svc 10.8.0.66:8080,10.8.0.67:8080 ... satir-svc 10.8.0.65:8080,10.8.0.69:8080,10.8.0.70:8080 ...
Enable the sticky sessions for the
sakila-appweb application. Then, use thecurlcommand to confirm that the sticky sessions are working for theingr-sakilaobject.Configure a cookie for the
ingr-sakilaingress object.[student@workstation ~]$ oc annotate ingress ingr-sakila \ ingress.kubernetes.io/affinity=cookie ingress.networking.k8s.io/ingr-sakila annotatedUse the
curlcommand to access theingr-sakilaingress object. The output states the name of the pod that is servicing the request. Notice that the connection is load-balanced between the replicas.[student@workstation ~]$ for i in {1..3}; do \ curl ingr-sakila.apps.ocp4.example.com ; done Welcome to Red Hat Training, from sakila-app-66947cdd78-x5kpd Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzg Welcome to Red Hat Training, from sakila-app-66947cdd78-x5kpdUse the
curlcommand to save theingr-sakilaingress object cookie to the/tmp/cookie_jarfile. Confirm that the cookie exists in the/tmp/cookie_jarfile.[student@workstation ~]$ curl ingr-sakila.apps.ocp4.example.com \ -c /tmp/cookie_jar Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzg[student@workstation ~]$ cat /tmp/cookie_jar ...output omitted... #HttpOnly_ingr-sakila.apps.ocp4.example.com FALSE / FALSE 0 b9b484110526b4b1b3159860d3aebe04 921e139c5145950d00424bf3b0a46d22The cookie provides session stickiness for connections to the
ingr-sakilaroute. Use thecurlcommand and the cookie in the/tmp/cookie_jarfile to connect to theingr-sakilaroute again. Confirm that you are connected to the same pod that handled the request in the previous step.[student@workstation ~]$ for i in {1..3}; do \ curl ingr-sakila.apps.ocp4.example.com -b /tmp/cookie_jar; done Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzg Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzg Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzgUse the
curlcommand to connect to theingr-sakilaroute without the cookie. Observe that session stickiness occurs only with the cookie.[student@workstation ~]$ for i in {1..3}; do \ curl ingr-sakila.apps.ocp4.example.com ; done Welcome to Red Hat Training, from sakila-app-66947cdd78-x5kpd Welcome to Red Hat Training, from sakila-app-66947cdd78-xrfzg Welcome to Red Hat Training, from sakila-app-66947cdd78-x5kpd
Enable the sticky sessions for the
satir-appweb application. Then, use thecurlcommand to confirm that sticky sessions are active for thesatirroute.Configure a cookie with a
hellovalue for thesatirroute.[student@workstation ~]$ oc annotate route satir \ router.openshift.io/cookie_name="hello" route.route.openshift.io/satir annotatedUse the
curlcommand to access thesatirroute. The output states the name of the pod that is servicing the request. Notice that the connection is load-balanced between the three replica pods.[student@workstation ~]$ for i in {1..3}; do \ curl satir-web-applications.apps.ocp4.example.com; done Welcome to Red Hat Training, from satir-app-787b7d7858-bdfsh Welcome to Red Hat Training, from satir-app-787b7d7858-gz8xm Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhjUse the
curlcommand to save thehellocookie to the/tmp/cookie_jarfile. Afterward, confirm that thehellocookie exists in the/tmp/cookie_jarfile.[student@workstation ~]$ curl satir-web-applications.apps.ocp4.example.com \ -c /tmp/cookie_jar Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhj[student@workstation ~]$ cat /tmp/cookie_jar ...output omitted... #HttpOnly_satir-web-applications.apps.ocp4.example.com FALSE / FALSE 0 hello b7dd73d32003e513a072e25a32b6c881The
hellocookie provides session stickiness for connections to thesatirroute. Use thecurlcommand and thehellocookie in the/tmp/cookie_jarfile to connect to thesatirroute again. Confirm that you are connected to the same pod that handled the request in the previous step.[student@workstation ~]$ for i in {1..3}; do \ curl satir-web-applications.apps.ocp4.example.com -b /tmp/cookie_jar; done Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhj Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhj Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhjUse the
curlcommand to connect to thesatirroute without thehellocookie. Observe that session stickiness occurs only with the cookie.[student@workstation ~]$ for i in {1..3}; do \ curl satir-web-applications.apps.ocp4.example.com; done Welcome to Red Hat Training, from satir-app-787b7d7858-gz8xm Welcome to Red Hat Training, from satir-app-787b7d7858-q7bhj Welcome to Red Hat Training, from satir-app-787b7d7858-bdfsh
Finish
On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.
[student@workstation ~]$ lab finish deploy-routes
