K
Q

How to set internal environment with public cloud service?

12/8/2018

For Microsoft Azure cloud, with AKS service, we want to deploy an internal application that can been accessed only by our team.

This scenario:

  • Use public domain myawesomesite.com for production.
  • Use subdomain internal.myawesomesite.com for staging. (Limit access)

Even use private DNS can only connect the virtual network vms.

Then how to do?

-- Jingqiang Zhang
azure
azure-aks
dns
kubernetes
networking

Similar Questions

How to route to a specific container within a service
unable to deploy debezium on minikube
Best practices to organize pods in kubernates
Attaching vm to kubernetes nodes list
Expose basepath in container through service in nginx ingress on kubernetes
Kubeadm join a new master node fails because of "Initial timeout of 40s passed"

3 Answers

12/13/2018

Finally, this is the right solution:

https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/whitelist

If use nginx-ingress, install with this setting:

helm install stable/nginx-ingress \
    --set controller.service.externalTrafficPolicy=Local
-- Jingqiang Zhang
Source: StackOverflow
12/10/2018

You can use an Internal Load Balancer (ILB) in Azure, which is just like a regular load balancer but with only private IP's from the same VNET where AKS is deployed (thus, no public IP's). It uses the annotation:

annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true"

as described in this article. You can use AzureDNS to point an A record to an that IP.

-- Alessandro Vozza
Source: StackOverflow
12/9/2018

It's a solution with Calico on AWS:

https://docs.aws.amazon.com/eks/latest/userguide/calico.html

-- Jingqiang Zhang
Source: StackOverflow