Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to serve external URLs from nginx-kubernetes ingress?

Tags:

nginx

kubernetes

azure

Setup: Kubernetes cluster on AKS with nginx-kubernetes ingress. Azure Application Gateway routing domain with SSL certificate to nginx-kubernetes.

No problems serving everything in Kubernetes.

Now I moved static content to Azure Blob Storage. There's an option to use a custom domain, which works fine, but does not allow to use a custom SSL certificate. The only possible way is to set up a CDN and use the Verizon plan to use custom SSL certificates.

I'd prefer to keep all the routing in the ingress configuration, since some subroutes are directed to different Kubernetes services. Is there a way to mask and rewrite a path to the external blob storage url in nginx-kubernetes? Or is there any other available option that proxies an external url through ingress?

I don't mind having direct blob storage URLs for resources, but the main entry point should use the custom domain.

like image 589
Markus Dresch Avatar asked Jul 20 '18 13:07

Markus Dresch

People also ask

Is Kubernetes Ingress a proxy?

An ingress controller acts as a reverse proxy and load balancer. It implements a Kubernetes Ingress. The ingress controller adds a layer of abstraction to traffic routing, accepting traffic from outside the Kubernetes platform and load balancing it to Pods running inside the platform.

Is Nginx Ingress a load balancer?

Coming to your query Ingress-nginx is not a load balancer but on a broader lever can help you with load balancing. 1) ingress controller - which is a traffic management solution I would say. Yes it manages the traffic using path based or host based routing.

Is Nginx ingress an API gateway?

NGINX Plus is a software load balancer, API gateway, and reverse proxy built on top of NGINX.

What is the difference between ingress and egress in Kubernetes?

Ingress and egress From the point of view of a Kubernetes pod, ingress is incoming traffic to the pod, and egress is outgoing traffic from the pod. In Kubernetes network policy, you create ingress and egress “allow” rules independently (egress, ingress, or both).

1 Answers

Not exactly the answer to the question, but the answer to the problem. Unfortunately this isn't documented very well. The solution is to create a service with a type of "ExternalName". According to https://akomljen.com/kubernetes-tips-part-1/ the service should look like this:

kind: Service
apiVersion: v1
metadata:
  name: external-service
  namespace: default
spec:
  type: ExternalName
  externalName: full.qualified.domain.name

I just tried it and it works like a charm.

like image 115
Markus Dresch Avatar answered Oct 01 '22 13:10

Markus Dresch
Sign in to Comment

Related questions

Azure Functions fails to find API key with "Unable to resolve value for property 'SendGridAttribute.ApiKey'."
Can't access to Azure Storage using Lucene.Net And Azure App Service
using conditional IF statements in arm templates for properties,
How to copy an Azure Image from one region to another region
How to make Azure Function triggered by Azure Event Grid?
Django return blob form azure-storage as downloadable file
What is the point of a table in a data lake? [closed]
Azure Function using Selenium WebDriver.dll
Count not load schema model from package. (Microsoft.SqlServer.Dac)
How can I use AzureSearch with wildcard
Azure Web App EasyAuth callback throws error
Azure Search's search.in doesn't return results when using spaces
Custom routing in Azure functions using HttpTrigger attribute
Terraform Azure network security
Where is AccountKey for CosmosDB in Azure portal
Python Azure Graph: Access Token missing or malformed
Options or setting up a test environment in Azure
Make sure the ACL and firewall rule is correctly configured in the Azure Data Lake Store account
How do I get a list containing only Azure region names?
Where can i find the code of an Azure Function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!