Deploy to K8S

Nova can be deployed to Kubernetes in order to load balance your services and provide WAF/WAAP protection to your applications and services.

Get the GitHub Repo

You can get the demo GitHub repo with the demo application, service and Nova instructions hereopen in new window.

This guide will walk you through the steps to deploy an example application and protect it using the Nova helm integration.

Overview

We are going to follow three main steps:

  1. Deploy the application and service to Kubernetes
  2. Set up Nova on nova.snapt.net
  3. Deploy Nova on Kubernetes

Kubernetes: Application

In this section we will describe (and demo) the requirements for setting up a web application to send traffic to from Nova. In our example this is a blog built with Hugo.

We use the container novaadc/demo-blog which serves the Hugo blog using Nginx.

Requirements

Nova requires a headless service to be deployed to Kubernetes. This service will point to your blog containers, and allow the Nova Backend to use DNS-based service discovery to detect any running containers.

See this repositoryopen in new window for the Kubernetes config files.

Here is a copy of our headless service, which allow us to do service discovery on _http._tcp.blog-svc.blog.svc.cluster.local. This is critical to being able to discover the containers running your application. Learn more about Service Discovery here.

apiVersion: v1
kind: Service
metadata:
  name: blog-svc
  namespace: blog
spec:
  clusterIP: None
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: web

Deployment

We have the following deployed in our blog namespace now, after deploying the repository linked above.

$ kubectl get pods,deployments,services -n blog

NAME                       READY   STATUS    RESTARTS   AGE
pod/web-6df9685b56-w59hw   1/1     Running   0          90m
pod/web-6df9685b56-z9szv   1/1     Running   0          90m

NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/web   2/2     2            2           90m

NAME               TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/blog-svc   ClusterIP   None         <none>        80/TCP    90m

Nova Configuration

Now you can configure Nova to use the Kubernetes backend, and set up an ADC with your security, performance and analytics preferences.

We will be doing the following on Nova:

  1. Creating a new service discovery backend.
  2. Creating a new ADC.
  3. Getting the Helm chart for our new ADC.

Create a Backend

We will now create a backend that can discover all the blog containers from your service.

Step 1: Create a Backend

Head to the Nova and Create a new Backendopen in new window. Select DNS Service Discovery and click the Create Backend button.

Step 2: Configure the DNS Server

Here you will need to configure the DNS server address, and the Service Discovery address. To find your DNS server IP on Kubernetes run the following:

kubectl get svc --all-namespaces|grep dns

You will see the IP address to use as a DNS server there. In our example, we have entered 10.245.0.10:53.

Step 3: Configure the Service Discovery Address

Then you can enter your service name to use as the service discovery address. In our example, we have entered _http._tcp.blog-svc.blog.svc.cluster.local.

This tells Nova to ask for the port names "http" on the service named "blog-svc" in the "blog" namespace.

Create an ADC

We will now create your ADC template which will be automatically applied to all Nova workers in your Kubernetes deployment.

Head to the Nova and Create a new ADCopen in new window. Select either HTTP or SSL. In our example we will be using an SSL termination ADC.

Configure your ADC as you wish. Primarily we set the following options:

  1. SSL certificate: we set an uploaded one for *.nova-adc.com
  2. Listen and Backends: we set our K8S service discovery backend as the Always backend.
  3. Performance: we enabled HTTP caching
  4. Security: we enabled the WAF, SSL redirection, NovaSense, and Anomaly Detection.

Then Save your ADC.

Get the Helm Chart

Normally at this point you would allocate attachments to your ADC. With Kubernetes it happens in reverse - Nodes join and automatically attach themselves to an ADC.

That is done using AutoJoin, a feature in Nova that allows Nodes to sign up with a key.

Go to AutoJoin Keysopen in new window on Nova and click "Helm Chart" next to your new ADC. Save this file as nova.yaml to use with helm.

For use with our repo

If you are using our example application GitHub repository, store nova.yaml in nova/nova.yaml

Deploy Nova on Kubernetes

Now that you have your Helm chart you can deploy your ADC into Kubernetes. Our guide provides everything you need to do this in the nova/ directoryopen in new window aside from the nova.yaml file you have just downloaded.

To deploy the Helm chart run the following:

helm repo add nova-helm https://snapt.github.io/nova-helm
helm repo update

helm install blog-nova -f nova.yaml nova-helm/nova

You can scale Nova up from one container to multiple containers by running the following:

kubectl scale deployments/blog-nova-dpl --replicas=3 -n blog-nova-ns

And you can get the details of the deployment by running:

kubectl get pods,deployments,services -n blog-nova-ns

This last component is important, as it will give you the external load balancer IP to connect to. This can take a few minutes to provision on public clouds.

Check your ADC

You can now have a look at your running Kubernetes ADC, and make any further configuration changes that are needed. Below is an example image of ours: