►
From YouTube: HTTPProxy In Action
Description
Steve Sloka shows how to use HTTPProxy, the evolution of IngressRoute, on Kubernetes with Envoy
A
So
this
post
looks
to
give
you
a
practical
implementation
of
how
this
new
Siri
to
be
written,
called
HTTP
proxy
functions,
so
you'll
be
able
to
apply
some
yellow
to
a
real
cluster
and
make
some
requests
and
actually
get
a
feel
for
how
this
functions
and
works
again
with
the
blue
cluster
Dave
wrote
a
big,
a
nice
article,
if
you're
curious
of
the
reason
that
we
went
from
ingress
route
to
this
new
CRT
and
and
I
encourage
you
to
go.
Look
look
forward
to
this.
A
If
this
helps
to
get
crew
biddies
up
and
running,
with
kind,
so
kind
of
a
tool
to
run
kubernetes,
cluster
Zin
docker
containers
as
nodes,
something
it's
really
easy-
it
works
on
Linux
works
on
Macs
works
on
Windows.
This
isn't
the
only
way
to
do
it.
So,
however,
you
want
to
do
this
feel
free
to
go
and
get
yourself
a
cluster
spun
up,
but
I'm
gonna
go
ahead
and
use
this
just
to
simplify
our
demo
here
today.
But
if
you
want
to
see
how
that's
done,
you
can
walk
through
this
as
well
great.
A
So
here
I
have
my
my
cluster.
It's
up
and
running
it's
a
1/16
at
one
cluster
again
running
in
kind.
First
thing,
we're
gonna
do
is
we're
gonna
go
ahead
and
deploy
some
sample
applications,
so
we
need
some
sample
namespaces
and
sample
services
and
deployments
to
help
us
get
started
now.
So
this
one's
going
to
do
so
we'll
go
ahead
and
run
this
command
here.
A
Okay,
what
we
created
was
this
namespace
to
work
at
it,
and
this
is
called
project
contour
roots.
This
is
a
good
work.
This
is
where
we're
gonna
start
deploying
our
proxies
out
of
this
is
the
top-level
root
namespace
we're
gonna
have
these
all
live
in.
We
created
some
some
deployments
and
services.
Now
these
deployments
just
spit
out
a
couple
things
they
spit
out.
The
name
of
the
app
and
that'll
help
us
see
which
app
responds
to
what
request
it
spits
out
the
path
that
gets
that
got
routed
as
well
as
all
the
headers.
A
This
is
the
output
of
what
that
proxy
is
we're,
gonna
call
it
route
and
we're
gonna,
give
it
a
domain
name,
so
we're
using
local
type
project
Concord
at
I/o,
and
you
can
use
that
in
your
cluster.
We
have
this
resolving
to
localhost
today
from
our
Public
DNS
at
project
contour,
and
we
have
some
conditions
on
here.
So
this
is
what's
new,
so
conditions
are
new
to
proxy
and
what
conditions
do
is
they
define?
What
needs
to
be
met
for
this
route
to
match?
A
And
here
we've
defined
a
path
prefix
of
slash
for
this
application
and
we
have
a
path
prefix
of
slash
secure
for
this
one.
So
what
this
means
is
that
any
request
to
slash
is
going
to
route
to
this
service.
Any
request
to
this
path
is
going
to
use
this
service.
Let's
go
ahead
and
apply
that
and
then
we'll
see
how
this
functions
alright
so
copy
that
alright,
so
we
carried
our
proxy.
So
if
we
go
ahead
and
get
our
proxies
and
we'll
see,
we've
got
one
again:
it's
called
route
and
here's
our
domain
name.
A
So
now,
if
we
do
a
curl,
so
I
do
a
curl
on
HTTP
local
dot,
Project
contour,
piyo,
slash
I
should
get
the
default
site.
Okay,
this
is
the
default
site
with
slash
I,
make
the
same
request
to
slash,
secure,
you'll,
see
I,
get
the
secure
site,
secure
site
to
slash,
secure
and
that's
what
we
defined
here
right.
We've
defined
two
conditions
on
each
route,
saying
where
things
should
route.
A
So,
let's,
let's
look
at
conditions
a
little
further.
So
if
you
scroll
down
here,
we
can
also
add
other
things
now
so
before
an
ingress
route.
The
only
thing
that
we
could
route
on
was
path
prefix.
Well
now,
with
proxy.
We
have
this
new
set
of
router
pool
conditions,
and
one
of
those
conditions
is
called
headers
and
with
header
I
can
do
a
contains
match
on
a
header.
I
can
do
an
exact
match,
which
means
that
the
the
value
of
the
header
must
match
exactly
what
we've
typed
here.
A
A
This
is
the
same
one
and
again
so
just
to
review
what
the
request
should
look
like
and
need
to
slash
it
route
to
read
app
and
your
request
to
slash
secure
is
gonna
hit
this
now
new,
secure
rap
default
and
then
anything
to
secure
with
the
user
agent
of
chrome
is
going
to
route
to
the
Sakura
right.
So
we've
kind
of
come
up
with
a
a
very
simple
security
app
to
say
the
user
agent
needs
to
match
for
this
to
application
to
be
routed
to
alright.
So
let's
go
ahead
and
apply
this
one.
A
All
right,
if
I,
can
figure
that
now
so
now,
let's
review
our
request
again.
So
if
I
do
a
curl
and
I
curl
to
slash
actually
get
the
default
site,
slash
secure
so
give
me
the
default
secure,
app
site,
which
is
here
again
/
here
and
that's
because
our
our
user
agent
does
not
match
Chrome
right
now
are
usually
agent
is
curl.
A
So
we
don't
have
the
word
Chrome
in
the
value
of
this
header
and
that's
why
we
don't
match
the
the
proper
secure
one
if
I
make
the
same
request
and
I
do
/host
is
user
agent
of
Chrome
now
what
happens
is
I
get
the
secure
site
again
and
again?
That's
because
our
route
requires
us
to
match
slash,
secure
on
the
path
as
well
as
the
user
agent
containing
Chrome
and
if
you're
interested
again.
This
is
a
contains
right.
A
Okay,
so
now
I'm
going
to
just
go
ahead
and
implement
includes
so
they
have.
An
include
is
that
it
works
just
like
delegation
did
with
ingress
route.
So
an
include
is
the
way
to
implement
a
multi
team
cluster.
So
what
you
can
do
is
you
can
carve
off
Porsche
of
a
request
and
let
another
team
manage
that
portion
of
that
request.
So
what
I
want
to
do
is
I
want
to
create
a
marketing
team
and
we're
gonna,
give
them
at
their
unnamed
space
and
let
them
work
out
of
their
own.
A
This
namespace
that
we're
gonna
create
and
we're
gonna
carve
off
a
piece
of
the
request
and
pass
it
off
to
this
team
and
say
hey.
You
can
manage
this
part
of
the
request
all
by
yourself
and
what
proxy
does-
and
this
is
the
way
the
ingress
rattler
to
solve-
was
that
allows
teams
to
work
this
way
in
ingress
today
and
current
urban
Eddy's
ingress.
A
There
isn't
a
way
to
help
define
this
properly
right,
so
teams
can
create
conflicting
records
by
defining
the
same
domain
with
the
same
path
and
causing
issues
and
production
issues
in
there
and
their
requests
and
their
clusters.
So
proxy
doesn't
allow
this
right
when
I
carve
off
portions
of
these
requests.
Only
that
team
is
allowed
to
manage
that
request.
If
someone
else
tries
to
match
that
same
one,
contour
will
throw
it
out
because
they
don't
have
the
proper,
the
proper
authority
to
do
that.
A
So
what
I
want
to
do
now
is
I'm
gonna,
go
ahead
and
create
an
include
and
you'll
see
this.
This
is
the
include
now
again
in
our
route
proxy.
So
from
this
route,
we're
gonna
pass
off
to
this
new
team
called
marketing.
I'm
gonna
give
that
proxy
called
blog
site
permissions
to
slash
blog
right,
they're
gonna
get
included
this
condition.
So
what
happens
is
if
we
come
down
here.
A
This
is
the
new
blog
site
proxy
for
the
marketing
team,
and
what
happens
is
is
any
condition
defined
on
an
include
is
automatically
appended
to
the
to
that
child
proxy.
So
when
this
contour
processes
to
these
documents,
it's
going
to
take
all
the
conditions
defined
here
on.
This
include
and
add
them
to
this
other
proxy
automatically.
So,
even
though
we
haven't
defined
any
conditions
on
this
proxy
here
on
this
child,
contra
will
automatically
add
these
conditions,
in
this
case
prefix
slash
blog
to
this
proxy.
A
So
what
the
result
will
be
is
that
the
the
marketing
team
will
house
the
website
at
slash
blog
and
the
service
dubbed
up.
The
blog
will
will
respond.
Those
requests,
let's
go
ahead
and
do
this:
let's
go
ahead
and
apply
this
prereqs
again,
so
this
is
going
to
create
the
marketing
team
namespace,
as
well
as
a
couple
sample
apps
again
great
now
that
we
have
that
let's
go
and
update
our
proxy,
so
we're
gonna
we're
going
to
update
the
route
proxy
to
have
it.
A
A
A
So
the
result
is
that
this
info
site
is
going
to
end
up
with
with
basically
the
the
conditions
of
slash
blog
slash
info
appended
to
it.
Because
of
all
of
these
two
sets
of
includes
right
and
they
all
get
smashed
together
and
apply
to
the
end.
So
let's
go
ahead
and
apply
that
and
see
that
so
I'm
gonna
go
ahead
and
apply
this
one
great.
So
now,
if
we
hit
slash
blog
again,
let's
look
at
the
blog
site,
which
is
nothing's
changed
there.
A
Now,
if
I
do
it's
dislodged
blog
/
info
you'll
see
now
I
get
the
info
site
and
again.
This
is
because
this
info
site
gets
appended
the
conditions
of
slash
blog
and
flash
info
through
these
two
levels
of
includes
that
we've
defined
right,
so
that's
cool.
So
now
what
we're
going
to
do
is
we're
going
to
go
ahead
and
make
it
a
little
more
interesting.
A
A
So
you
have
not
contains
so
this
in
verses
that
contains
so,
basically
it's
any
request:
slash
blog,
that's
not
Chrome
or
Firefox.
So
really
Safari
should
work
then,
and
we
haven't
changed
any
other
proxy.
You
see
here.
We've
only
changing
the
route
the
children
proxies
in
the
marketing
space
haven't
changed
at
all.
So
let's
go
ahead
and
apply
this
one.
A
A
That's
right:
I
can
do
myself
there.
So
let's
go
to
my
girl,
so
I
got
the
info
site
and
that's
because
my
user
agent
right
now
is
curl
right,
so
it
doesn't
match
Firefox
and
it
doesn't
match
Chrome.
So
I
got
routed
through
Populi
to
the
right
place.
If
I
go
ahead
and
change
this
and
I
add
a
user
agent
of
Chrome.
A
What
you'll
see
now
is
I
get
the
default
site
because
if
you
look
back
to
our
requests,
we'll
see
here
that
we
don't
match
these
conditions.
So
what
happens
is
is
that
contour
routes
us
back
to
what
does
match?
So
what
does
match?
Is
we
match
slash
because
it's
the
only
app
that
matches
this
request
right
and
it's
how
we
got
to
the
default
site
cool?
So
you
can
see
how
these
includes
now
flow
through
down
to
everything
and
see
the
power
of
them.
So
we
have
the
ability
not
to
expand
on
these
conditions.
A
If
we
see
fit,
we
can
route
on
path
prefix.
We
can
write
on
headers.
There's,
there's
a
lot
more
coming
with
this
thanks.
Your
time
encourage
you
to
walk
through
this
by
yourself.
Please
give
us
feedback,
give
us
information,
anything
you'd
like
or
don't
like
about
this.
You
can
find
us
at
project
contour
on
Twitter
we're
at
hashtag
contour
on
this,
on
the
cube
slack
as
well
as
on
github.
So
thanks
a
lot.