Workflow of the demo

The demo is splitted in 4 steps :
  • Deploy and publish Arcadia Main App
  • Deploy and publish Money Transfer App
  • Deploy and publish Refer Friends App
  • Apply WAF policy

Step 1 - DevOps deploy Arcadia application

Note

Goal is to use the GUI in the NGINX Controller for our traditional customers. NetOps will configure the services (MainApp and BackEnd) manually.

Tasks:

  1. DevOps commit a new code in GitLab in order to publish a brand new application “Arcadia Bank”
  2. GitLab webhooks this commit and ask Jenkins to run a pipeline. This pipeline:
    1. Deploy Arcadia application in Kubernetes (Terraform).
    2. Deploy nodeports in Kubernetes (but it could be KIC) (Terraform).
    3. Deploy NGINX+ instances (ADC) in Docker, in front of this K8S cluster (Terraform)
    4. Create Gateways in NGINX Controller for each NGINX+ instance (Ansible)
    5. Deploy AS3 template into front BIGIP to publish publically the application - without WAF (Ansible)
  3. NetOps create ADC configuration in NGINX controller in order to “route” traffic to the right K8S service
    1. MainApp (/*) to service MainApp
    2. BackEnd (/file*) to service BackEnd
../../_images/MainApp.png

Warning

At this stage, the first part of the application is published and can be accessed and demonstrated. We can see Money Transfert application is not yet there, same for Refer Friends.


Step 2 - DevOps deploy Money Transfer application

Note

Goal is to demonstrate NGINX Controller has a REST API to configure objects. NetOps will configure the service (Money Transfer) via REST API.

Tasks:

  1. DevOps commit a new code in GitLab in order to publish the second part of the Arcadia Bank website. This new application allows money transfer between friends.
  2. GitLab webhooks this commit and ask Jenkins to run a pipeline. This pipeline:
    1. Deploy Money Transfer application in Kubernetes (Terraform)
    2. Deploy nodeports in Kubernetes (Terraform)
  3. NetOps use REST API to publish this new app on NGINX+ instances
../../_images/app2.png

Warning

At this stage, the Money Transfer application is published and can be accessed and demonstrated


Step 3 - DevOps deploy Refer Friends application

Note

Goal is to demonstrate NGINX Controller can be part of the application lifecycle and CICD. NetOps don’t configure anything.

Tasks:

  1. DevOps commit a new code in GitLab in order to publish the third and last part of the Arcadia Bank website. This new application allow a customer to refer friends with their email address.
  2. GitLab webhooks this commit and ask Jenkins to run a Pipeline. This pipeline:
    1. Deploy Refer Friends application in Kubernetes (Terraform)
    2. Deploy nodeports in Kubernetes (Terraform)
    3. Configure all components in NGINX Controller (Ansible)
../../_images/app3.png

Warning

At this stage, the Refer Friends application is published and can be accessed and demonstrated. The Arcadia Bank website is finished, but not yet secured.


Step 4 - NetOps/SecOps publish WAF policy to protect Arcadia application

Note

Goal is to demonstrate BIG-IP Advanced WAF has a Declrarative API interface to push WAF policies.

Task:

  1. NetOps run a Jenkins pipeline that will push a new AS3 declaration with a WAF policy built by Secops

Warning

At this stage, the Arcadia Bank website is published and secured.