In this example we deploy the NGINX Plus Ingress Controller with NGINX App Protect DoS, a simple web application and then configure load balancing and DOS protection for that application using the VirtualServer resource.
-
Follow the installation instructions to deploy the Ingress Controller with NGINX App Protect DoS.
-
Save the public IP address of the Ingress Controller into a shell variable:
IC_IP=XXX.YYY.ZZZ.III -
Save the HTTP port of the Ingress Controller into a shell variable:
IC_HTTP_PORT=<port number>
Create the application deployment and service:
kubectl apply -f webapp.yaml-
Create the syslog services and pod for the App Protect security and access logs:
kubectl apply -f syslog.yaml kubectl apply -f syslog2.yaml
-
Create the DoS protected resource configuration:
kubectl apply -f apdos-protected.yaml -
Create the App Protect DoS policy and log configuration:
kubectl apply -f apdos-policy.yaml kubectl apply -f apdos-logconf.yaml
-
Create the VirtualServer Resource:
kubectl apply -f virtual-server.yaml
Note the reference to the DOS protected resource in the VirtualServer resource. By specifying the resource it enables DOS protection for the VirtualServer.
To access the application, curl the Webapp service. We'll use the --resolve option to set the Host header of a request
with webapp.example.com
-
Send a request to the application:
curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/Server address: 10.12.0.18:80 Server name: webapp-7586895968-r26zn ... -
To check the security logs in the syslog pod:
kubectl exec -it <SYSLOG_POD> -- cat /var/log/messages -
To check the access logs in the syslog pod:
kubectl exec -it <SYSLOG_POD_2> -- cat /var/log/messages