@@ -6,7 +6,7 @@ ms.service: azure-firewall
66ms.custom : devx-track-azurecli, build-2023
77services : firewall
88ms.topic : how-to
9- ms.date : 10/19/2023
9+ ms.date : 09/30/2024
1010ms.author : victorh
1111---
1212
@@ -267,227 +267,13 @@ You can now start exposing services and deploying applications to this cluster.
267267
268268![ Public Service DNAT] ( ~/reusable-content/ce-skilling/azure/media/aks/aks-create-svc.png )
269269
270- Deploy the Azure voting app application by copying the following yaml to a file named ` example.yaml ` .
271-
272- ``` yaml
273- # voting-storage-deployment.yaml
274- apiVersion : apps/v1
275- kind : Deployment
276- metadata :
277- name : voting-storage
278- spec :
279- replicas : 1
280- selector :
281- matchLabels :
282- app : voting-storage
283- template :
284- metadata :
285- labels :
286- app : voting-storage
287- spec :
288- containers :
289- - name : voting-storage
290- image : mcr.microsoft.com/azuredocs/voting/storage:2.0
291- args : ["--ignore-db-dir=lost+found"]
292- resources :
293- requests :
294- cpu : 100m
295- memory : 128Mi
296- limits :
297- cpu : 250m
298- memory : 256Mi
299- ports :
300- - containerPort : 3306
301- name : mysql
302- volumeMounts :
303- - name : mysql-persistent-storage
304- mountPath : /var/lib/mysql
305- env :
306- - name : MYSQL_ROOT_PASSWORD
307- valueFrom :
308- secretKeyRef :
309- name : voting-storage-secret
310- key : MYSQL_ROOT_PASSWORD
311- - name : MYSQL_USER
312- valueFrom :
313- secretKeyRef :
314- name : voting-storage-secret
315- key : MYSQL_USER
316- - name : MYSQL_PASSWORD
317- valueFrom :
318- secretKeyRef :
319- name : voting-storage-secret
320- key : MYSQL_PASSWORD
321- - name : MYSQL_DATABASE
322- valueFrom :
323- secretKeyRef :
324- name : voting-storage-secret
325- key : MYSQL_DATABASE
326- volumes :
327- - name : mysql-persistent-storage
328- persistentVolumeClaim :
329- claimName : mysql-pv-claim
330- ---
331- # voting-storage-secret.yaml
332- apiVersion : v1
333- kind : Secret
334- metadata :
335- name : voting-storage-secret
336- type : Opaque
337- data :
338- MYSQL_USER : ZGJ1c2Vy
339- MYSQL_PASSWORD : UGFzc3dvcmQxMg==
340- MYSQL_DATABASE : YXp1cmV2b3Rl
341- MYSQL_ROOT_PASSWORD : UGFzc3dvcmQxMg==
342- ---
343- # voting-storage-pv-claim.yaml
344- apiVersion : v1
345- kind : PersistentVolumeClaim
346- metadata :
347- name : mysql-pv-claim
348- spec :
349- accessModes :
350- - ReadWriteOnce
351- resources :
352- requests :
353- storage : 1Gi
354- ---
355- # voting-storage-service.yaml
356- apiVersion : v1
357- kind : Service
358- metadata :
359- name : voting-storage
360- labels :
361- app : voting-storage
362- spec :
363- ports :
364- - port : 3306
365- name : mysql
366- selector :
367- app : voting-storage
368- ---
369- # voting-app-deployment.yaml
370- apiVersion : apps/v1
371- kind : Deployment
372- metadata :
373- name : voting-app
374- spec :
375- replicas : 1
376- selector :
377- matchLabels :
378- app : voting-app
379- template :
380- metadata :
381- labels :
382- app : voting-app
383- spec :
384- containers :
385- - name : voting-app
386- image : mcr.microsoft.com/azuredocs/voting/app:2.0
387- imagePullPolicy : Always
388- ports :
389- - containerPort : 8080
390- name : http
391- env :
392- - name : MYSQL_HOST
393- value : " voting-storage"
394- - name : MYSQL_USER
395- valueFrom :
396- secretKeyRef :
397- name : voting-storage-secret
398- key : MYSQL_USER
399- - name : MYSQL_PASSWORD
400- valueFrom :
401- secretKeyRef :
402- name : voting-storage-secret
403- key : MYSQL_PASSWORD
404- - name : MYSQL_DATABASE
405- valueFrom :
406- secretKeyRef :
407- name : voting-storage-secret
408- key : MYSQL_DATABASE
409- - name : ANALYTICS_HOST
410- value : " voting-analytics"
411- ---
412- # voting-app-service.yaml
413- apiVersion : v1
414- kind : Service
415- metadata :
416- name : voting-app
417- labels :
418- app : voting-app
419- spec :
420- type : LoadBalancer
421- ports :
422- - port : 80
423- targetPort : 8080
424- name : http
425- selector :
426- app : voting-app
427- ---
428- # voting-analytics-deployment.yaml
429- apiVersion : apps/v1
430- kind : Deployment
431- metadata :
432- name : voting-analytics
433- spec :
434- replicas : 1
435- selector :
436- matchLabels :
437- app : voting-analytics
438- version : " 2.0"
439- template :
440- metadata :
441- labels :
442- app : voting-analytics
443- version : " 2.0"
444- spec :
445- containers :
446- - name : voting-analytics
447- image : mcr.microsoft.com/azuredocs/voting/analytics:2.0
448- imagePullPolicy : Always
449- ports :
450- - containerPort : 8080
451- name : http
452- env :
453- - name : MYSQL_HOST
454- value : " voting-storage"
455- - name : MYSQL_USER
456- valueFrom :
457- secretKeyRef :
458- name : voting-storage-secret
459- key : MYSQL_USER
460- - name : MYSQL_PASSWORD
461- valueFrom :
462- secretKeyRef :
463- name : voting-storage-secret
464- key : MYSQL_PASSWORD
465- - name : MYSQL_DATABASE
466- valueFrom :
467- secretKeyRef :
468- name : voting-storage-secret
469- key : MYSQL_DATABASE
470- ---
471- # voting-analytics-service.yaml
472- apiVersion : v1
473- kind : Service
474- metadata :
475- name : voting-analytics
476- labels :
477- app : voting-analytics
478- spec :
479- ports :
480- - port : 8080
481- name : http
482- selector :
483- app : voting-analytics
484- ` ` `
270+ 1 . Review the [ AKS Store Demo quickstart] ( https://github.com/Azure-Samples/aks-store-demo/blob/main/aks-store-quickstart.yaml ) manifest to see all the resources that will be created.
485271
486- Deploy the service by running:
272+ 2 . Deploy the service using the ` kubectl apply ` command.
487273
488- ` ` ` bash
489- kubectl apply -f example .yaml
490- ```
274+ ``` azurecli-interactive
275+ kubectl apply -f https://raw.githubusercontent.com/Azure-Samples/aks-store-demo/main/aks-store-quickstart .yaml
276+ ```
491277
492278### Add a DNAT rule to Azure Firewall
493279
@@ -507,17 +293,18 @@ kubectl get services
507293The IP address needed is listed in the EXTERNAL-IP column, similar to the following.
508294
509295``` bash
510- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
511- kubernetes ClusterIP 10.41.0.1 < none> 443/TCP 10h
512- voting-analytics ClusterIP 10.41.88.129 < none> 8080/TCP 9m
513- voting-app LoadBalancer 10.41.185.82 20.39.18.6 80:32718/TCP 9m
514- voting-storage ClusterIP 10.41.221.201 < none> 3306/TCP 9m
296+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
297+ kubernetes ClusterIP 10.41.0.1 < none> 443/TCP 10h
298+ store-front LoadBalancer 10.41.185.82 203.0.113.254 80:32718/TCP 9m
299+ order-service ClusterIP 10.0.104.144 < none> 3000/TCP 11s
300+ product-service ClusterIP 10.0.237.60 < none> 3002/TCP 10s
301+ rabbitmq ClusterIP 10.0.161.128 < none> 5672/TCP,15672/TCP 11s
515302```
516303
517304Get the service IP by running:
518305
519306``` bash
520- SERVICE_IP=$( kubectl get svc voting-app -o jsonpath=' {.status.loadBalancer.ingress[*].ip}' )
307+ SERVICE_IP=$( kubectl get svc store-front -o jsonpath=' {.status.loadBalancer.ingress[*].ip}' )
521308```
522309
523310Add the NAT rule by running:
@@ -530,9 +317,11 @@ az network firewall nat-rule create --collection-name exampleset --destination-a
530317
531318Navigate to the Azure Firewall frontend IP address in a browser to validate connectivity.
532319
533- You should see the AKS voting app. In this example, the Firewall public IP was ` 203.0.113.32 ` .
320+ You should see the AKS store app. In this example, the Firewall public IP was ` 203.0.113.32 ` .
321+
322+ :::image type="content" source="../aks/media/container-service-kubernetes-tutorials/aks-store-application.png" alt-text="Screenshot showing the Azure Store Front App opened in a local browser." lightbox="../aks/media/container-service-kubernetes-tutorials/aks-store-application.png":::
534323
535- :::image type="content" source="media/protect-azure-kubernetes-service/aks-vote.png" alt-text="Screenshot shows the A K S Voting App with buttons for Cats, Dogs, and Reset, and totals.":::
324+ On this page, you can view products, add them to your cart, and then place an order.
536325
537326## Clean up resources
538327
0 commit comments