Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana

gilangvperdana/README.md

Last active May 6, 2022 03:13
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Expose Nginx Ingress with specify HOST Header on K8s on-prem with OpenVPN
Raw
README.md

Expose Nginx Ingress on K8s with OpenVPN

Expose to world your Apps on K8s On-Premises with Nginx Ingress + Metallb + OpenVPN

Goals

  • You can access your apps with Ingress URL on your K8s on-prem to the World!

Markdown

  • 192.168.17.50 are Nginx Ingress External IP Generated by MetalLB.
  • res.bignetlab.com are Domain for this case.
  • This default.conf are Nginx on Host (not on K8s stack).
  • Make sure you have install Kubernetes on Premises Kubeadm/Kubespray.
  • Make sure you have been connected to your VPN Server.

Environment

  • VMWare Workstation Pro 16
  • Ubuntu 20.04 LTS
  • Kubernetes Cluster v1.21.9 provision with Kubespray

Configuration

  • Configure Nginx Ingress Manifest
nano ing.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: gbesar
  name: gbesar
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gbesar
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: gbesar
    spec:
      containers:
      - image: gilangvperdana/apps:flaskcrud1
        name: gbesar
---
kind: Service
apiVersion: v1
metadata:
  name:  gbesar-clustip-svc
spec:
  selector:
    app:  gbesar
  type:  ClusterIP
  ports:
  - name:  gbesar-clustip-svc
    port:  5000
    targetPort:  5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gbesar-ing
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: res.bignetlab.com
    http:
      paths:
      - path: /flaskcrud
        pathType: Prefix
        backend:
          service:
            name: gbesar-clustip-svc
            port:
              number: 5000
  • Confiure Nginx Block
nnao /etc/nginx/sites-enabled/default

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name res.bignetlab.com www.res.bignetlab.com;
  return 301 https://$host$request_uri;
}

server {
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    if ($host != "res.bignetlab.com") {
        return 412;
    }
    
    server_name res.bignetlab.com www.res.bignetlab.com;
    ssl_certificate /etc/ssl/certs/res/res.crt;
    ssl_certificate_key /etc/ssl/certs/res/res.key;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

location /flaskcrud {
     proxy_pass http://192.168.17.50;
     proxy_set_header Host res.bignetlab.com;
     proxy_set_header X-Forwarded-For $remote_addr;
    }
}

service nginx reload

Access

You can access on https://res.bignetlab.com/flaskcrud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment