To help with my Kubernetes journey, I wanted to move my VM hosted applications behind an Nginx ingress that I’m utilizing as a reverse proxy. This is obviously a stop gap until I can fully containerize the environment, but it allows me to to simplify the external access and easily apply valid certs to any application.
Below is the structure required, and has been tested on K8s 1.16+. Essentially an Endpoint needs to be created pointing at the external application, a Service needs to consume the Endpoint, and the Ingress directs itself to the Service.
Here is the example I use with my Morpheus Environment. I’ve also included the optional ConfigMap to globally fix the Nginx settings required by Morpheus.:
Apply
kubectl create -f morpheus.yaml
morpheus.yaml
apiVersion: v1
kind: ConfigMap
data:
client-max-body-size: "0"
proxy-read-timeout: "300"
proxy-send-timeout: "300"
proxy-connect-timeout: "300"
metadata:
name: nginx-conf
---
apiVersion: v1
kind: Service
metadata:
name: morpheus-external
spec:
ports:
- name: app
port: 36000
protocol: TCP
targetPort: 80
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: morpheus-external
subsets:
- addresses:
- ip: 192.168.0.23
ports:
- name: app
port: 80
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: morpheus-external
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/forwarded-for-header: "X-Forwarded-For"
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/x-forwarded-proto: "https"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.org/websocket-services: "morpheus-external"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS"
spec:
rules:
- host: morpheusfqdn.com
http:
paths:
- backend:
service:
name: morpheus-external
port:
number: 36000
path: /
pathType: Prefix
tls:
- hosts:
- morpheusfqdn.com
secretName: mysecretname
Note: As of Ingress “apiVersion: networking.k8s.io/v1”, it is required to have the annotation “kubernetes.io/ingress.class: nginx”