Ambassador Container Pattern
The ambassador container pattern aims to hide the primary container's complexity and provide a unified interface through which the primary container can access services outside of the Pod.
/movies
, and whenever it receives a request, it will make an authenticated request to the API of The Movie DB.func TheMovieDBServer(w http.ResponseWriter, r *http.Request) {
apiKey := os.Getenv("API_KEY")
resp, err := http.Get(fmt.Sprintf("https://api.themoviedb.org/3/discover/movie?api_key=%s", apiKey))
// ...
// Return the response
}
API_KEY
environment variable and then make a GET request to the URL. Note if you try to request to URL without the API key, you'll get the following error:$ curl https://api.themoviedb.org/3/discover/movie
{"status_code":7,"status_message":"Invalid API key: You must be granted a valid key.","success":false}
startkubernetes/ambassador:0.1.0
.curl
from the main container.apiVersion: v1
kind: Pod
metadata:
name: themoviedb
spec:
containers:
- name: main
image: radial/busyboxplus:curl
args:
- sleep
- '600'
- name: ambassador
image: startkubernetes/ambassador:0.1.0
env:
- name: API_KEY
valueFrom:
secretKeyRef:
name: themoviedb
key: apikey
ports:
- name: http
containerPort: 8080
$ kubectl create secret generic themoviedb --from-literal=apikey=<INSERT YOUR API KEY HERE>
secret/themoviedb created
ambassador-container.yaml
file and create it with kubectl apply -f ambassador-container.yaml
.kubectl get po
to see the status), you can use the exec
command to run the curl
command inside the main
container:$ kubectl exec -it themoviedb -c main -- curl localhost:8080/movies
{"page":1,"total_results":10000,"total_pages":500,"results":[{"popularity":2068.491,"vote_count":
...
localhost:8080
, which corresponds to the port on the ambassador container.api.themoviedb.org
directly, you are making requests to the ambassador container.api.themoviedb.org
you could add the ambassador container to the Pod and solve access like that.