github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-05-06 17:06:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

️ Add combo exercise with Helm, Ingress, Gateway API

Browse Source
This commit is contained in:
Jérôme Petazzoni
2026-05-04 13:50:31 +02:00
parent 0b99d0ba4d
commit ac7149e196
1 changed files with 145 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
slides/exercises/advanced-http-details.md Normal file
View File

@@ -0,0 +1,145 @@
# Exercise — Setting up HTTP Ingress with Helm
In this lab, we want to leverage multiple skills:
- installing (and configuring!) apps with Helm charts
- exposing a simple app through Ingress or HTTPRoute
- leveraging DaemonSets, taints, tolerations, node selectors
**⚠️ Please read all instructions until the "GO!" slide!**
---
## Goal
- Deploy an Ingress or Gateway API controller
(e.g.: Traefik or HAProxy, using their official Helm charts)
- Deploy a couple of apps and expose them with a domain name
(e.g.: `jpetazzo/color` and the [juice-shop] demo app)
- Do that on multiple clusters with different topologies
(`kubeadm` cluster; managed cluster; local KinD cluster)
- Bonus: set up TLS with cert-manager and Let's Encrypt
(will require a "real" domain name!)
[juice-shop]: https://artifacthub.io/packages/helm/securecodebox/juice-shop
---
## Variations
There are many multiple choices available in this lab.
Try to complete at least one path; but feel free to experiment with other options too!
---
## Which environment?
- Managed cluster (difficult: low)
easier, because it has `LoadBalancer` services
<br/>
(and most Helm charts assume that `LoadBalancer` services are available)
- `kubeadm` cluster (difficulty: medium)
requires to switch to a combination of `hostPort` / `DaemonSet`
- Local KinD cluster (difficult: hard)
actually not *that* hard, but you need to set up port mapping correctly
only do this if you already have a working KinD install!
---
## Which controller?
- Traefik (difficulty: medium)
better Kubernetes integration (especially for Gateway API!)
- HAProxy (difficulty: hard)
you'll probably need to [install Gateway API CRDs manually][haproxy-gateway-api-docs]
[haproxy-gateway-api-docs]: https://www.haproxy.com/documentation/kubernetes-ingress/gateway-api/enable-gateway-api/#deploy-gateway-api-resources
---
## Which domain name?
- `<appname>.A.B.C.D.nip.io` (difficulty: easy)
pros: works anywhere in a pinch!
cons: not "pretty"; may not work for Let's Encrypt; can be a SPOF
- `<appname>.<customdomain.TLD>` (difficulty: easy/hard)
easy if a domain has already been set up for you; harder otherwise
use that on the `kubeadm` cluster!
- `<appname>.localtest.me`
use this for the KinD cluster
---
## Where to start?
- Pick a cluster (e.g.: `kubeadm cluster`)
- Pick a controller (e.g.: Traefik)
- Install controller on cluster
- Install a demo app (e.g.: `jpetazzo/color`)
- Expose demo app on a domain name with Ingress resource
- Script the whole setup
(make sure script is idempotent!)
---
## Where to go next?
- Expose demo app with an HTTPRoute
- Install and expose juice-shop app
- Replicate the whole setup on another cluster
---
## Bonus goals
- Make sure that the web apps have a valid TLS cert
(this requires a real domain name; use the `kubeadm` cluster with the provided domain!)
- Deploy the dockercoins app
- expose webui, rng, hasher, with Ingress / HTTPRoute
- expose redis with a TCPRoute
---
class: title
Go!
![Go!](images/running-mario.gif)