How to set internal environment with public cloud service?

12/8/2018

For Microsoft Azure cloud, with AKS service, we want to deploy an internal application that can been accessed only by our team.

This scenario:

  • Use public domain myawesomesite.com for production.
  • Use subdomain internal.myawesomesite.com for staging. (Limit access)

Even use private DNS can only connect the virtual network vms.

Then how to do?

-- Jingqiang Zhang
azure
azure-aks
dns
kubernetes
networking

3 Answers

12/13/2018

Finally, this is the right solution:

https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/whitelist

If use nginx-ingress, install with this setting:

helm install stable/nginx-ingress \
    --set controller.service.externalTrafficPolicy=Local
-- Jingqiang Zhang
Source: StackOverflow

12/10/2018

You can use an Internal Load Balancer (ILB) in Azure, which is just like a regular load balancer but with only private IP's from the same VNET where AKS is deployed (thus, no public IP's). It uses the annotation:

annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true"

as described in this article. You can use AzureDNS to point an A record to an that IP.

-- Alessandro Vozza
Source: StackOverflow

12/9/2018
-- Jingqiang Zhang
Source: StackOverflow