Expose Nginx Ingress on K8s with OpenVPN
Expose to world your Apps on K8s On-Premises with Nginx Ingress + Metallb + OpenVPN
Goals
- You can access your apps with Ingress URL on your K8s on-prem to the World!
Markdown
192.168.17.50
are Nginx Ingress External IP Generated by MetalLB.res.bignetlab.com
are Domain for this case.- This
default.conf
are Nginx on Host (not on K8s stack). - Make sure you have install Kubernetes on Premises Kubeadm/Kubespray.
- Make sure you have been connected to your VPN Server.
Environment
- VMWare Workstation Pro 16
- Ubuntu 20.04 LTS
- Kubernetes Cluster v1.21.9 provision with
Kubespray
Configuration
- Configure Nginx Ingress Manifest
nano ing.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: gbesar
name: gbesar
spec:
replicas: 1
selector:
matchLabels:
app: gbesar
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: gbesar
spec:
containers:
- image: gilangvperdana/apps:flaskcrud1
name: gbesar
---
kind: Service
apiVersion: v1
metadata:
name: gbesar-clustip-svc
spec:
selector:
app: gbesar
type: ClusterIP
ports:
- name: gbesar-clustip-svc
port: 5000
targetPort: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gbesar-ing
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: res.bignetlab.com
http:
paths:
- path: /flaskcrud
pathType: Prefix
backend:
service:
name: gbesar-clustip-svc
port:
number: 5000
- Confiure Nginx Block
nnao /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name res.bignetlab.com www.res.bignetlab.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
if ($host != "res.bignetlab.com") {
return 412;
}
server_name res.bignetlab.com www.res.bignetlab.com;
ssl_certificate /etc/ssl/certs/res/res.crt;
ssl_certificate_key /etc/ssl/certs/res/res.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location /flaskcrud {
proxy_pass http://192.168.17.50;
proxy_set_header Host res.bignetlab.com;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
service nginx reload
Access
You can access on https://res.bignetlab.com/flaskcrud