Reverse Proxy Behavior in a K8s Cluster for SSH Calls
I am building an application over a managed K8s cluster. I can create deployments & co with NodePort. Services are then accessible via these ports.
Managing all the exposed services and their ports is becoming a challenge and for the HTTP traffic, I was thinking of exposing a single nginx proxy that would proxy https://someservice.someurl:someport to https://someservice:someport and have someurl DNS mapped to my front-end Ubuntu IP as depicted below.
For the web traffic, I reckon that it should work as expected. However, I have some deployments that are accessible via ssh; git daemon for example. With these demons I am currently doing commands like this git clone ssh://git@someipsofthecluster:someport/git-server/repos/somerepos and I'd like to use the same DNS name as for http traffic (i.e. git clone ssh://git@someservice.someurl:someport/git-server/repos/somerepo)
I know about iptables where I can redirect traffic incoming from one port to another IP/port but I don't know how I would go about redirecting to a given machine/port with regards to the subdomain used.
Similar Questions
1 Answer
You'll probably have to re-think how to do this as TCP load balancing or proxying based on DNS name is not really possible. More on this here. Keep in mind that HTTP is a Layer 7 protocol so the proxy can use the 'Host' header to direct requests.
Filtering based on hostname is also not possible with iptables. More on that here.
You can, however, use a Layer 4 proxy, meaning a TCP proxy but this will be based on listening on a specific TCP port. Nginx can do it or you can also use something else like Haproxy.