rcastley
commented
3 weeks ago The following ingress has been added to the deployment.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend
annotations:
spec:
ingressClassName: traefik
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend
port:
number: 80This will expose the Boutique on ports 80 and 443 (untrusted cert. over 443).
Will look into replicating this across the Ninja workshop series in the near future.
Good news, no changes to the Splunk Show environment are required as port 80 and 443 are already open.
Is your feature request related to a problem? Please describe. In the Splunk Show environment, the hipster online boutique is exposed on port 81. For example, http://splunkawssacramento-i-0b719386050b2ff12.splunk.show:81/ While exposing the service on port 81 will work fine in many cases, there are customer networks where this is considered a non-standard, non-permitted egress port. We hit this issue in a workshop yesterday.
Describe the solution you'd like Expose the boutique with a friendly DNS name on 80 + 443.
Describe alternatives you've considered To address the issue during the workshop, I had to build an nginx reverse proxy using standard 80/443 ports in my own cloud provider account. I had students use my personal reverse proxy instead.
Later, I stood up a CDN endpoint on Fastly to do the same thing. This had the benefit of being available with a DNS name I could give out to epople.
Additional context Having to scramble and troubleshoot this was unfortunately a setback for us during the workshop. While I understand this issue may not arise everywhere, it is better for us to assume customer networks will be restrictive. Let's design the workshop infrastructure to be as standard as possible when it comes to network access.
Thanks.