Tuesday, 2 January 2018

IBM DataPower Gateway on IBM Cloud Private - Can you say "Doofus" ?

Following my earlier post: -

I'm having MORE fun with the IBM DataPower Gateway (IDG) pattern on IBM Cloud Private (ICP).

Having finally managed to instantiate my container ( I had to drop the resources.requests.cpu and resources.requests.memory values down, as I'm running on a relatively small estate, with a single Worker node with 1 CPU and 8 GB RAM ) : -


I waited for the container to start ( there's quite a bit going on, including the bit where the Worker node has to pulled the IDG Docker image ).

Once it was running, I followed the guidance to get back the endpoint details: -

export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services davidhay-ibm-datapower-dev)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo https://$NODE_IP:$NODE_PORT

and hit the endpoint

and……

got the IBM website.

So I appeared to be proxying IBM.COM, which was somewhat worrying.

I cleaned my configuration, and tried again, and then saw this: -


Yes, you've guessed it, the default behaviour ( within the Helm chart ) is to act as a Web Application Proxy for …. IBM.COM :-)

There's even a clue: -


in the Helm chart.

So I deployed another Helm chart, to spin up a container instance of WebSphere Liberty Profile, deployed the Ferret app to it: -

docker ps -a|grep -i websphere-liberty

1a9a6536444e        websphere-liberty   "/opt/ibm/docker/doc…"   20 minutes ago      Up 20 minutes                           k8s_ibm-websphere-liberty_davehaywlp-ibm-websphere-689cfdbb6c-ffq75_default_a8e5ac8e-efdb-11e7-93d6-000c29651885_0

docker exec -i -t 1a9a6536444e /bin/bash

docker cp ferret-1.2.war 1a9a6536444e://opt/ibm/wlp/usr/servers/defaultServer/dropins

docker logs 1a9a6536444e -f

[AUDIT   ] CWWKF0011I: The server defaultServer is ready to run a smarter planet.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://davehaywlp-ibm-websphere-689cfdbb6c-ffq75:9080/ferret/
[AUDIT   ] CWWKZ0001I: Application ferret-1.2 started in 1.448 seconds.

and confirmed that I could hit Ferret via the normal ICP proxy: -

https://192.168.1.200:31585/ferret/

and, finally, redeployed my DataPower container, but this time specifying the WLP URL: -


I used the same approach to get the proxied endpoint of the DataPower URL: -

export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services davehaywlp-ibm-websphere)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo https://$NODE_IP:$NODE_PORT


and was then able to hit the Ferret servlet, via the IDG Web Application Proxy: -


So I've got DataPower running as a Web Application Proxy against Liberty, which is nice :-)

Finally, for reference, if I understand it correctly, I've got four additional containers running on my Worker node: -

docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
b46395546542        ibmcom/datapower    "/bin/drouter"           35 minutes ago      Up 35 minutes                           k8s_ibm-datapower-dev_davehayidg-ibm-datapower-dev-585554d78c-pzbcj_default_211ade0c-efe0-11e7-93d6-000c29651885_0
7a81a4f421ab        ibmcom/pause:3.0    "/pause"                 35 minutes ago      Up 35 minutes                           k8s_POD_davehayidg-ibm-datapower-dev-585554d78c-pzbcj_default_211ade0c-efe0-11e7-93d6-000c29651885_0
1a9a6536444e        websphere-liberty   "/opt/ibm/docker/doc…"   About an hour ago   Up About an hour                        k8s_ibm-websphere-liberty_davehaywlp-ibm-websphere-689cfdbb6c-ffq75_default_a8e5ac8e-efdb-11e7-93d6-000c29651885_0
0e8f9dbb49b9        ibmcom/pause:3.0    "/pause"                 About an hour ago   Up About an hour                        k8s_POD_davehaywlp-ibm-websphere-689cfdbb6c-ffq75_default_a8e5ac8e-efdb-11e7-93d6-000c29651885_0
a77aee47c7fb        bb4a6b774658        "/bin/node_exporter …"   3 days ago          Up 3 days                               k8s_nodeexporter_monitoring-prometheus-nodeexporter-amd64-x5268_kube-system_ce4afa9c-ecc7-11e7-93d6-000c29651885_0
4494b0042b5d        ibmcom/pause:3.0    "/pause"                 3 days ago          Up 3 days                               k8s_POD_monitoring-prometheus-nodeexporter-amd64-x5268_kube-system_ce4afa9c-ecc7-11e7-93d6-000c29651885_0
4ef59603592a        56354bef6b82        "/bin/sh -c /startup…"   3 days ago          Up 3 days                               k8s_metering-reader-amd64_metering-reader-amd64-qf472_kube-system_8697c507-ecc7-11e7-93d6-000c29651885_0
852b06a7a54c        ibmcom/pause:3.0    "/pause"                 3 days ago          Up 3 days                               k8s_POD_metering-reader-amd64-qf472_kube-system_8697c507-ecc7-11e7-93d6-000c29651885_0
261e111c20c2        af80995a4fcf        "filebeat -e"            3 days ago          Up 3 days                               k8s_filebeat_filebeat-ds-amd64-x5bsp_kube-system_6e494fa5-ecc7-11e7-93d6-000c29651885_0
40767f0230db        ibmcom/pause:3.0    "/pause"                 3 days ago          Up 3 days                               k8s_POD_filebeat-ds-amd64-x5bsp_kube-system_6e494fa5-ecc7-11e7-93d6-000c29651885_0
fee15f1d965a        88ca805c8ddd        "/install-cni.sh"        3 days ago          Up 3 days                               k8s_install-cni_calico-node-amd64-2d2hk_kube-system_95bdffaa-ecc6-11e7-93d6-000c29651885_0
2b89043639c3        7643422fdf0f        "start_runit"            3 days ago          Up 3 days                               k8s_calico-node-amd64_calico-node-amd64-2d2hk_kube-system_95bdffaa-ecc6-11e7-93d6-000c29651885_0
2fbc29422aa7        ibmcom/pause:3.0    "/pause"                 3 days ago          Up 3 days                               k8s_POD_calico-node-amd64-2d2hk_kube-system_95bdffaa-ecc6-11e7-93d6-000c29651885_0
dac6368cc3f9        924aee0d6910        "/hyperkube proxy --…"   3 days ago          Up 3 days                               k8s_proxy_k8s-proxy-192.168.1.201_kube-system_8312bd0a1d5cee59daf19f2df2bdf2fe_0
631f76b15478        ibmcom/pause:3.0    "/pause"                 3 days ago          Up 3 days                               k8s_POD_k8s-proxy-192.168.1.201_kube-system_8312bd0a1d5cee59daf19f2df2bdf2fe_0

via the two Helm releases: -




 



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...