Skip to main content

Create a proxy using Nginx Controller in kubernetes

Use Case: I needed to create a proxy which redirects my traffic to my internal service in eks mainly to expose it publicly and i already had a nginx controller installed within my kubernetes cluster. It also supports all of the nginx features like ip whitelisting, lua scripts etc

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: "nginx-proxy"
meta.helm.sh/release-namespace: default
nginx.ingress.kubernetes.io/cors-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/server-snippet: |
##### Allow Traffic from specific Ips #####
#allow x.x.x.x;
#allow x.x.x.x;
#deny all;
##### redirect From http to https, comment if want http and https both #####
if ( $server_port = 80 ) {
return 301 https://$host$request_uri;
}

location ~ "^/(.*)" {
proxy_pass https://192.168.0.1; # Change the Proxy Upstream here URL
# proxy_set_header Host "api.example.com"; #if a custom Host header needs to be set update here
proxy_ssl_verify off;
proxy_ssl_verify_depth 0;
proxy_intercept_errors on;
default_type text/plain;


##### Below section helps you to override the response 200 for all requests and forward the original status in a Header #####
# access_by_lua_block {
# ngx.header['X-forwarded-status'] = ''
# }
# header_filter_by_lua_block {
# local orig_status = ngx.status
# if orig_status == 429 then
# ngx.header['x-forwarded-status'] = orig_status
# else
# ngx.status = 200
# ngx.header['x-forwarded-status'] = orig_status
# end
# }

}
labels:
app.kubernetes.io/instance: nginx-proxy
app.kubernetes.io/name: nginx-proxy
name: nginx-proxy
namespace: default
spec:
rules:
- host: example.com
tls:
- hosts:
- example.com
secretName: nginx-proxy-com

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Add a Approval System in Jenkins For Build

Approval System in Jenkins For Build Use Cases: Only Specific users must be able to approve the build Speific users should be able to run the build without Approval Approval Can be turn off and On On-Demand Jenkins Variables Needs to Created under ( Manage Jenkins > Configure System > Environment variables ) ApprovalAdmins (Value: jenkins emails comma separated) skipApprovalUsers (Value: jenkins emails comma separated) BuildApproval (Value: True, False) import jenkins.model.Jenkins def getBuildUser() { return currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause')['userId'] } pipeline { agent { label 'ec2-fleet-common' } stages { stage('Approval Process') { when { expression { env.BuildApproval == 'True' || env.BuildApproval == 'true' } } steps { script { ...
Post a Comment
Read more

k8s rolling updates are not working

k8s rolling updates are not working Issue Whenever we were deploying a new release, pods were deleting to Fix no. like 2 then scaling up as per HPA. Cause Whenever we use replicas alongwith hpa and the deployment happens it first sets the pod count as per replicas, then hpa kick in and set the new values. To avoid this please remove or comment replicas in your yaml file. Relates Issues Old Pod is still running even after fresh deployment. Deployed Pod is still not created ( if only one pod was running 1). Relates Posts https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#migrating-deployments-and-statefulsets-to-horizontal-autoscaling
Post a Comment
Read more

Create a read Only cli User for EKS

Use Case: When you want to provide access to users, you must always avoid prividing admin priviledges to users. This is needed for security and audit Purpose. Kubernetes allows you to create Rbac credentials using roles and cluster roles for service accounts, users, groups. From k8s: RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamically configure policies through the Kubernetes API.   1. Lets First Create the cluster role and group Create file cluster-role-and-binding.yml --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eks-readonly-group-binding subjects: - kind: Group name: eks-readonly-group apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: eks-readonly-group-cluster-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eks-readonly-group-cluster-role rules: - ap...
Post a Comment
Read more