CODEWITHSUNDEEP
kubernetes
Pavel
Pavel

Reputation: 813

nginx config to kubernetes ingress-nginx

I have nginx pod with following configuration (partly shown here): 

        upstream something-1-8080 {
              server something-1.namespace:8080;
        }
        upstream something-2-8080 {
              server something-2.namespace:8080;
        }

        server {
              proxy_buffering off;
              proxy_redirect off;
              proxy_set_header X-Real-IP $remote_addr;
              access_log /dev/stdout timed_combined;

              listen 443 ssl http2;
              server_name some.server.net;
              location /api/v1/something1 {
                    rewrite ^/api/v1/something1/(.*)$ /$1  break;
                    rewrite ^/api/v1/something1(.*)$ /$1  break;
                    proxy_pass http://something-1-8080;
              }
              location /api/v1/something2 {
                    rewrite ^/api/v1/something2/(.*)$ /$1  break;
                    rewrite ^/api/v1/something2(.*)$ /$1  break;
                    proxy_pass http://something-2-8080;
              }
              location / {
                    proxy_pass  http://some.nice.server.com;

              }
              ssl_certificate     /etc/nginx/secret/tls.crt;
              ssl_certificate_key /etc/nginx/secret/tls.key;
        }

I would like to translate my nginx config to kubernetes ingress-nginx (Ingress resource). Is there a way to implement this config using kubernetes Ingress resources? Reading ingress-nginx docs I haven't found how to map proxy_pass or multiple rewrites to Ingress resource. I would appreciate ref to some detailed doc or sample with similar config.

Upvotes: 6

Views: 3779

Answers (2)

Nadir Sidi
Nadir Sidi

Reputation: 1886

The ingress-nginx mandatory.yaml file, which the documentation specifies for deploying the ingress-nginx ingress controller, sets-up a k8s ConfigMap with the default name nginx-configuration in the default ingress-nginx namespace. See the link to the mandatory file from the deployment documentation.

Then, to configure your nginx conf file, you can simply add key-value pairs to the nginx-configuration ConfigMap. The available settings and their keys are in the ingress-nginx documentation on ConfigMaps. I have found they differ (slightly) from the nginx config names.

Here's an example ConfigMap.yaml file with some settings I've made for my controller.

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
data:
  # This tells the nginx config to look at a different ConfigMap named custom-headers if you have a lot of headers you want to set
  proxy-set-headers: "ingress-nginx/custom-headers"

  # Suggested changes for interacting with Cloud service load balancing
  proxy-read-timeout: "660"  
  proxy-send-timeout: "660"

  # Custom code that can be referenced
  http-snippet: "map $http_upgrade $connection_upgrade {
                     default 'upgrade';
                     ''      close;
                }"
  proxy-body-size: "500m"

When you post your ConfigMap, ingress-nginx is smart enough to update itself, on-the-fly with no downtime. You should see the changes noted in the logs.

Finally, it's best to check your config settings are active by looking at the dynamically-generated nginx.conf file. I like to do that with the kubectl plugin described in the documentation.

Upvotes: 3

VAS
VAS

Reputation: 9041

This example may not do everything exactly like your nginx.conf, it only routes traffic to correct backend (Kubernetes service) with shortened URL:
E.g.: 

from:  http://some.nice.server.com/api/v1/something1/blabla   
to:    http://some.nice.server.com/blabla

You you may need to tweak it a bit according to your needs using ingress annotations:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: some-nice-server
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  tls:
  - hosts:
    - "some.nice.server.com"
    secretName: some.nice.server.com
  rules:
  - host: "some.nice.server.com"
    http:
      paths:
      - path: /something1/?(.*)
        backend:
          serviceName: something-1
          servicePort: 8080
      - path: /something2/?(.*)
        backend:
          serviceName: something-2 
          servicePort: 8080

You can find guide how to manually create a Kubernetes Secret with your site certificate here or how to use LetsEncrypt service for this purpose here

Upvotes: 0

Related Questions