Using External VMs behind a Kubernetes Ingress

Infrastructure
,
1

To help with my Kubernetes journey, I wanted to move my VM hosted applications behind an Nginx ingress that I’m utilizing as a reverse proxy. This is obviously a stop gap until I can fully containerize the environment, but it allows me to to simplify the external access and easily apply valid certs to any application.

Below is the structure required, and has been tested on K8s 1.16+. Essentially an Endpoint needs to be created pointing at the external application, a Service needs to consume the Endpoint, and the Ingress directs itself to the Service.

Here is the example I use with my Morpheus Environment. I’ve also included the optional ConfigMap to globally fix the Nginx settings required by Morpheus.:

Apply

kubectl create -f morpheus.yaml

morpheus.yaml

apiVersion: v1
kind: ConfigMap
data:
  client-max-body-size: "0"
  proxy-read-timeout: "300"
  proxy-send-timeout: "300"
  proxy-connect-timeout: "300"
metadata:
  name: nginx-conf
---
apiVersion: v1
kind: Service
metadata:
  name: morpheus-external
spec:
  ports:
  - name: app
    port: 36000
    protocol: TCP
    targetPort: 80 
  clusterIP: None
  type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
  name: morpheus-external
subsets:
- addresses:
  - ip: 192.168.0.23
  ports:
  - name: app
    port: 80
    protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: morpheus-external
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/forwarded-for-header: "X-Forwarded-For"
    nginx.ingress.kubernetes.io/backend-protocol: "https"
    nginx.ingress.kubernetes.io/x-forwarded-proto: "https"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.org/websocket-services: "morpheus-external"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS"
spec:
  rules:
  - host: morpheusfqdn.com
    http:
      paths:
      - backend:
          service:
            name: morpheus-external
            port:
              number: 36000
        path: /
        pathType: Prefix
  tls:
  - hosts:
      - morpheusfqdn.com
    secretName: mysecretname

Note: As of Ingress “apiVersion: networking.k8s.io/v1”, it is required to have the annotation “kubernetes.io/ingress.class: nginx”