Imagine you have a webserver running outside your Kubernetes cluster which you want to integrate in your ingress controller. There are several reasons why you might want to do this:
- The external webserver isn't developed in such a way that you can (easily) run it in a container on your cluster.
- Maybe the external webserver is running in a different data center than your Kubernetes cluster.
- You want to take the advantage of the automic HTTPS setup of your Nginx Ingress controller.
It turns out it's actually quite easy to set this up.
In this example, we are assuming the external website is hosted on the IP address 10.20.30.40 and is listening on port 8080. Note that for this example, we assume that port 8080 is serving unencryped plain HTTP.
Also make sure you setup your firewall correctly and limit the IP address on which this webserver accepts connections. You don't want to open the unencrypted port 8080 to the whole world.
First of all, you need to create a service with an endpoint:
service.yaml
1apiVersion: v1
2kind: Service
3metadata:
4 name: <my-external-service>
5spec:
6 ports:
7 - name: http
8 port: 80
9 protocol: TCP
10 targetPort: 8080
11 clusterIP: None
12 type: ClusterIP
13---
14apiVersion: v1
15kind: Endpoints
16metadata:
17 name: <my-external-service>
18subsets:
19- addresses:
20 - ip: 10.20.30.40
21 ports:
22 - name: http
23 port: 8080
24 protocol: TCP
We're basically telling Kubernetes that we define a service which is linked to an external IP address listening on a specific port. We are using the IP-address to avoid that there are DNS queries involved in this setup.
Loading it in the cluster is done as follows:
1$ kubectl apply -f service.yaml
To complete the setup, we add the service to the ingress definition just like we would do with a normal service:
ingress.yaml
1apiVersion: extensions/v1beta1
2kind: Ingress
3metadata:
4 name: ingress
5 annotations:
6 nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
7 nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
8 kubernetes.io/ingress.class: nginx
9 certmanager.k8s.io/cluster-issuer: letsencrypt-prod
10spec:
11 tls:
12 - hosts:
13 - <my-domain-name.com>
14 secretName: letsencrypt-prod
15 rules:
16 - host: <my-domain-name.com>
17 http:
18 paths:
19 - backend:
20 serviceName: <my-external-service>
21 servicePort: 80
Apply this as well and you're done.
1$ kubectl apply -f ingress.yaml
If you now browse to https://my-domain-name.com
, the correct content should show up.
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.