Deploy and test the HTTPBin application - Alibaba Cloud Service Mesh

HTTPBin is an open-source HTTP testing tool for web debugging. After you deploy HTTPBin in your service mesh, you can inspect request methods, headers, and authorization details through simple HTTP endpoints.

This topic describes how to deploy HTTPBin on an ACK cluster, route external traffic to it through an ASM ingress gateway, and verify the setup.

Prerequisites

Before you begin, make sure that you have:

The cluster is added to the ASM instance.
An ingress gateway is deployed.
kubectl configured to connect to the ACK cluster on the data plane

Step 1: Deploy HTTPBin to the ACK cluster

The HTTPBin application runs in the Container Service for Kubernetes (ACK) cluster on the data plane.

Save the following YAML as httpbin-application.yaml.

This manifest creates three resources: a ServiceAccount, a Service that exposes port 8000, and a single-replica Deployment running the HTTPBin container.

httpbin-application.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
    service: httpbin
spec:
  ports:
  - name: http
    port: 8000
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/httpbin:0.1.0
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80

Apply the manifest:

kubectl apply -f httpbin-application.yaml

Verify that the HTTPBin pod is running:
```
kubectl get pods -l app=httpbin
```

Step 2: Configure traffic routing

To route external traffic to HTTPBin, create two Istio resources: a Gateway that accepts inbound connections at the mesh edge, and a VirtualService that forwards matching requests to the HTTPBin service.

Create an Istio gateway

A Gateway defines the ports, protocols, and hosts that the ingress gateway listens on. The following Gateway accepts HTTP traffic on port 80 for all hosts.

For more information, see Manage Istio gateways.

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: httpbin
  namespace: default
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - '*'
      port:
        name: test
        number: 80
        protocol: HTTP

Create a virtual service

A VirtualService binds to the Gateway and defines routing rules. The following VirtualService routes all HTTP requests to the HTTPBin service at httpbin.default.svc.cluster.local:8000.

For more information, see Manage virtual services.

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: httpbin-vs
  namespace: default
spec:
  gateways:
    - httpbin
  hosts:
    - '*'
  http:
    - name: test
      route:
        - destination:
            host: httpbin.default.svc.cluster.local
            port:
              number: 8000

Step 3: Verify the deployment

Send requests through the ingress gateway to confirm that HTTPBin responds correctly.

Replace ${GATEWAY_IP} in the following commands with the actual IP address of the ASM gateway. For more information about how to obtain the IP address of the gateway, see Obtain the IP address of the ingress gateway.

Test HTTP status codes

The /status/<code> endpoint returns the specified HTTP status code. Use it to validate that the gateway forwards requests correctly.

# Expect: 200 OK
curl http://${GATEWAY_IP}/status/200 -v

# Expect: 418 Unknown
curl http://${GATEWAY_IP}/status/418 -v

# Expect: 403 Forbidden
curl http://${GATEWAY_IP}/status/403 -v

Test header forwarding

The /headers endpoint returns all headers included in the request. Use it to verify that headers pass through the gateway and sidecar proxies intact.

curl http://${GATEWAY_IP}/headers -H "test-header: test-value" -v

The response body contains all request headers, including test-header: test-value.

(Optional) Verify with the sleep service

As an alternative to curl from your local machine, deploy a sleep pod inside the mesh and send requests from within the cluster. This confirms service-to-service connectivity through the Envoy sidecars.

Save the following YAML as sleep.yaml.

##################################################################################################
# Sample sleep service
##################################################################################################
apiVersion: v1
kind: ServiceAccount
metadata:
  name: sleep
---
apiVersion: v1
kind: Service
metadata:
  name: sleep
  labels:
    app: sleep
    service: sleep
spec:
  ports:
  - port: 80
    name: http
  selector:
    app: sleep
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      terminationGracePeriodSeconds: 0
      serviceAccountName: sleep
      containers:
      - name: sleep
        image: registry.cn-hangzhou.aliyuncs.com/acs/curl:8.1.2
        command: ["/bin/sleep", "infinity"]
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: /etc/sleep/tls
          name: secret-volume
      volumes:
      - name: secret-volume
        secret:
          secretName: sleep-secret
          optional: true

Deploy the sleep service:
```
kubectl apply -f sleep.yaml -n default
```
Open a shell in the sleep pod:
```
kubectl exec -it deploy/sleep -- sh
```

Send a request to HTTPBin from inside the mesh:

curl -I http://httpbin:8000/headers

Expected output:

HTTP/1.1 200 OK
server: envoy
date: Tue, 26 Dec 2023 07:23:49 GMT
content-type: application/json
content-length: 353
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1

A 200 OK response with server: envoy confirms that traffic flows through the Envoy sidecar and reaches HTTPBin successfully.

Clean up

To remove all resources created in this topic:

kubectl delete -f httpbin-application.yaml
kubectl delete gateway httpbin -n default
kubectl delete virtualservice httpbin-vs -n default

# If you deployed the sleep service
kubectl delete -f sleep.yaml -n default