#devops #http #kubernetes
Imagine you have a webserver running outside your Kubernetes cluster which you want to integrate in your ingress controller. There are several reasons why you might want to do this:
- The external webserver isn't developed in such a way that you can (easily) run it in a container on your cluster.
- Maybe the external webserver is running in a different data center than your Kubernetes cluster.
- You want to take the advantage of the automic HTTPS setup of your Nginx Ingress controller.
It turns out it's actually quite easy to set this up.
In this example, we are assuming the external website is hosted on the IP address 10.20.30.40 and is listening on port 8080. Note that for this example, we assume that port 8080 is serving unencryped plain HTTP.
Also make sure you setup your firewall correctly and limit the IP address on which this webserver accepts connections. You don't want to open the unencrypted port 8080 to the whole world.
First of all, you need to create a service with an endpoint:
1apiVersion: v1 2kind: Service 3metadata: 4 name: <my-external-service> 5spec: 6 ports: 7 - name: http 8 port: 80 9 protocol: TCP 10 targetPort: 8080 11 clusterIP: None 12 type: ClusterIP 13--- 14apiVersion: v1 15kind: Endpoints 16metadata: 17 name: <my-external-service> 18subsets: 19- addresses: 20 - ip: 10.20.30.40 21 ports: 22 - name: http 23 port: 8080 24 protocol: TCP
We're basically telling Kubernetes that we define a service which is linked to an external IP address listening on a specific port. We are using the IP-address to avoid that there are DNS queries involved in this setup.
Loading it in the cluster is done as follows:
1$ kubectl apply -f service.yaml
To complete the setup, we add the service to the ingress definition just like we would do with a normal service:
1apiVersion: extensions/v1beta1 2kind: Ingress 3metadata: 4 name: ingress 5 annotations: 6 nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" 7 nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" 8 kubernetes.io/ingress.class: nginx 9 certmanager.k8s.io/cluster-issuer: letsencrypt-prod 10spec: 11 tls: 12 - hosts: 13 - <my-domain-name.com> 14 secretName: letsencrypt-prod 15 rules: 16 - host: <my-domain-name.com> 17 http: 18 paths: 19 - backend: 20 serviceName: <my-external-service> 21 servicePort: 80
Apply this as well and you're done.
1$ kubectl apply -f ingress.yaml
If you now browse to
https://my-domain-name.com, the correct content should show up.
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.