Challenge, Medium,  on  Kubernetes

Kubernetes - Proxy Outbound Traffic with an Ambassador Container

In this challenge you will create a Pod where the app container always calls localhost:80 and never changes. The ambassador container controls where that traffic goes. Change the nginx config - the app logs change. No Pod restart, no app changes.

Task 1 - Create the ConfigMap and Pod

Create a ConfigMap named nginx-proxy-config with the following default.conf:

server {
  listen 80;
  location / {
    proxy_pass https://httpbin.org/uuid;
    proxy_set_header Host httpbin.org;
    proxy_ssl_server_name on;
  }
}

Then create a Pod named ambassador-pod with:

  • Container app (busybox): calls localhost:80 every 3 seconds and prints the response Command: sh -c "while true; do wget -qO- localhost:80 && echo && sleep 3; done"
  • Container ambassador (nginx:alpine): mounts the nginx-proxy-config ConfigMap at /etc/nginx/conf.d

Watch the app logs - you should see UUID responses:

kubectl wait pod ambassador-pod --for=condition=Ready --timeout=60s
kubectl logs -f ambassador-pod -c app

Task 2 - Switch the Ambassador to /ip

Edit the ConfigMap and change proxy_pass from httpbin.org/uuid to httpbin.org/ip:

kubectl edit configmap nginx-proxy-config

Kubernetes will sync the updated config into the Pod's volume. This can take up to 60 seconds. Check when it has landed:

watch kubectl exec ambassador-pod -c ambassador -- cat /etc/nginx/conf.d/default.conf

Once updated, reload nginx - no Pod restart needed:

kubectl exec ambassador-pod -c ambassador -- nginx -s reload

Watch the logs - they will switch from UUID responses to IP responses:

kubectl logs -f ambassador-pod -c app

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge ambassador-proxy-pattern-ad555a44

This will create a local copy of the challenge content in a directory named ambassador-proxy-pattern-ad555a44. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge ambassador-proxy-pattern-ad555a44

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge