#devops #http #kubernetes

Imagine you have a webserver running outside your Kubernetes cluster which you want to integrate in your ingress controller. There are several reasons why you might want to do this:

  • The external webserver isn't developed in such a way that you can (easily) run it in a container on your cluster.
  • Maybe the external webserver is running in a different data center than your Kubernetes cluster.
  • You want to take the advantage of the automic HTTPS setup of your Nginx Ingress controller.

It turns out it's actually quite easy to set this up.

In this example, we are assuming the external website is hosted on the IP address 10.20.30.40 and is listening on port 8080. Note that for this example, we assume that port 8080 is serving unencryped plain HTTP.

Also make sure you setup your firewall correctly and limit the IP address on which this webserver accepts connections. You don't want to open the unencrypted port 8080 to the whole world.

First of all, you need to create a service with an endpoint:

service.yaml

 1apiVersion: v1
 2kind: Service
 3metadata:
 4  name: <my-external-service>
 5spec:
 6  ports:
 7  - name: http
 8    port: 80
 9    protocol: TCP
10    targetPort: 8080
11  clusterIP: None
12  type: ClusterIP
13---
14apiVersion: v1
15kind: Endpoints
16metadata:
17  name: <my-external-service>
18subsets:
19- addresses:
20  - ip: 10.20.30.40
21  ports:
22  - name: http
23    port: 8080
24    protocol: TCP

We're basically telling Kubernetes that we define a service which is linked to an external IP address listening on a specific port. We are using the IP-address to avoid that there are DNS queries involved in this setup.

Loading it in the cluster is done as follows:

1$ kubectl apply -f service.yaml

To complete the setup, we add the service to the ingress definition just like we would do with a normal service:

ingress.yaml

 1apiVersion: extensions/v1beta1
 2kind: Ingress
 3metadata:
 4  name: ingress
 5  annotations:
 6    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
 7    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
 8    kubernetes.io/ingress.class: nginx
 9    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
10spec:
11  tls:
12  - hosts:
13    - <my-domain-name.com>
14    secretName: letsencrypt-prod
15  rules:
16  - host: <my-domain-name.com>
17    http:
18      paths:
19      - backend:
20          serviceName: <my-external-service>
21          servicePort: 80

Apply this as well and you're done.

1$ kubectl apply -f ingress.yaml

If you now browse to https://my-domain-name.com, the correct content should show up.