Imagine you have a webserver running outside your Kubernetes cluster which you want to integrate in your ingress controller. There are several reasons why you might want to do this:
- The external webserver isn’t developed in such a way that you can (easily) run it in a container on your cluster.
- Maybe the external webserver is running in a different data center than your Kubernetes cluster.
- You want to take the advantage of the automic HTTPS setup of your Nginx Ingress controller.
It turns out it’s actually quite easy to set this up.
In this example, we are assuming the external website is hosted on the IP address 10.20.30.40 and is listening on port 8080. Note that for this example, we assume that port 8080 is serving unencryped plain HTTP.
Also make sure you setup your firewall correctly and limit the IP address on which this webserver accepts connections. You don’t want to open the unencrypted port 8080 to the whole world.
First of all, you need to create a service with an endpoint:
apiVersion: v1 kind: Service metadata: name: <my-external-service> spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 clusterIP: None type: ClusterIP --- apiVersion: v1 kind: Endpoints metadata: name: <my-external-service> subsets: - addresses: - ip: 10.20.30.40 ports: - name: http port: 8080 protocol: TCP
We’re basically telling Kubernetes that we define a service which is linked to an external IP address listening on a specific port. We are using the IP-address to avoid that there are DNS queries involved in this setup.
Loading it in the cluster is done as follows:
$ kubectl apply -f service.yaml
To complete the setup, we add the service to the ingress definition just like we would do with a normal service:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress annotations: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" kubernetes.io/ingress.class: nginx certmanager.k8s.io/cluster-issuer: letsencrypt-prod spec: tls: - hosts: - <my-domain-name.com> secretName: letsencrypt-prod rules: - host: <my-domain-name.com> http: paths: - backend: serviceName: <my-external-service> servicePort: 80
Apply this as well and you’re done.
$ kubectl apply -f ingress.yaml
If you now browse to
https://my-domain-name.com, the correct content should show up.