Skip to main content

Create a proxy using Nginx Controller in kubernetes

Use Case: I needed to create a proxy which redirects my traffic to my internal service in eks mainly to expose it publicly and i already had a nginx controller installed within my kubernetes cluster. It also supports all of the nginx features like ip whitelisting, lua scripts etc

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: "nginx-proxy"
meta.helm.sh/release-namespace: default
nginx.ingress.kubernetes.io/cors-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/server-snippet: |
##### Allow Traffic from specific Ips #####
#allow x.x.x.x;
#allow x.x.x.x;
#deny all;
##### redirect From http to https, comment if want http and https both #####
if ( $server_port = 80 ) {
return 301 https://$host$request_uri;
}

location ~ "^/(.*)" {
proxy_pass https://192.168.0.1; # Change the Proxy Upstream here URL
# proxy_set_header Host "api.example.com"; #if a custom Host header needs to be set update here
proxy_ssl_verify off;
proxy_ssl_verify_depth 0;
proxy_intercept_errors on;
default_type text/plain;


##### Below section helps you to override the response 200 for all requests and forward the original status in a Header #####
# access_by_lua_block {
# ngx.header['X-forwarded-status'] = ''
# }
# header_filter_by_lua_block {
# local orig_status = ngx.status
# if orig_status == 429 then
# ngx.header['x-forwarded-status'] = orig_status
# else
# ngx.status = 200
# ngx.header['x-forwarded-status'] = orig_status
# end
# }

}
labels:
app.kubernetes.io/instance: nginx-proxy
app.kubernetes.io/name: nginx-proxy
name: nginx-proxy
namespace: default
spec:
rules:
- host: example.com
tls:
- hosts:
- example.com
secretName: nginx-proxy-com
Labels:

Comments

Post a Comment

Popular posts from this blog

Monitor On Prem Resources From kube prom stack (Prometheus)

For this you would need Few Items Endpoints Service ServiceMonitor --- apiVersion: v1 kind: Endpoints metadata: name: onprem-proxy namespace: monitoring subsets: - addresses: - ip: "192.168.10.10" - ip: "192.168.10.11" ports: - name: 'onprem-proxy-metrics' protocol: TCP port: 9100 --- apiVersion: v1 kind: Service metadata: name: onprem-proxy namespace: monitoring labels: app.kubernetes.io/name: onprem-proxy spec: ports: - name: "onprem-proxy-metrics" protocol: TCP port: 9100 targetPort: 9100 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: onprem-proxy namespace: monitoring spec: endpoints: - interval: 10s path: /metrics port: onprem-proxy-metrics namespaceSelector: matchNames: - monitoring selector: matchLabels: app.kubernetes.io/name: onprem-proxy
Post a Comment
Read more

Microsoft Ldap login using python

Microsoft Ldap login using python3 Install dependent packages python3 -m pip install ldap3 Sample Code to test login from ldap3 import Server, Connection, ALL, SUBTREE from ldap3.core.exceptions import LDAPException, LDAPBindError def connect_ldap_server(SERVER_URI, DN,USERNAME, PASSWORD): try: # Provide the hostname and port number of the openLDAP server = Server(SERVER_URI, get_info=ALL) # username and password can be configured during openldap setup connection = Connection(server, user='CN='+USERNAME+','+DN, password=PASSWORD) bind_response = connection.bind() # Returns True or False return bind_response except LDAPBindError as e: connection = e return False # print(connection) # print(bind_response) if connect_ldap_server('ldap://9.1.0.3','OU=Headoffice,DC=example,DC=com', 'testuser',...
Post a Comment
Read more

Add a Approval System in Jenkins For Build

Approval System in Jenkins For Build Use Cases: Only Specific users must be able to approve the build Speific users should be able to run the build without Approval Approval Can be turn off and On On-Demand Jenkins Variables Needs to Created under ( Manage Jenkins > Configure System > Environment variables ) ApprovalAdmins (Value: jenkins emails comma separated) skipApprovalUsers (Value: jenkins emails comma separated) BuildApproval (Value: True, False) import jenkins.model.Jenkins def getBuildUser() { return currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause')['userId'] } pipeline { agent { label 'ec2-fleet-common' } stages { stage('Approval Process') { when { expression { env.BuildApproval == 'True' || env.BuildApproval == 'true' } } steps { script { ...
Post a Comment
Read more