I have nginx pod with following configuration (partly shown here):
upstream something-1-8080 {
server something-1.namespace:8080;
}
upstream something-2-8080 {
server something-2.namespace:8080;
}
server {
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
access_log /dev/stdout timed_combined;
listen 443 ssl http2;
server_name some.server.net;
location /api/v1/something1 {
rewrite ^/api/v1/something1/(.*)$ /$1 break;
rewrite ^/api/v1/something1(.*)$ /$1 break;
proxy_pass http://something-1-8080;
}
location /api/v1/something2 {
rewrite ^/api/v1/something2/(.*)$ /$1 break;
rewrite ^/api/v1/something2(.*)$ /$1 break;
proxy_pass http://something-2-8080;
}
location / {
proxy_pass http://some.nice.server.com;
}
ssl_certificate /etc/nginx/secret/tls.crt;
ssl_certificate_key /etc/nginx/secret/tls.key;
}
I would like to translate my nginx config to kubernetes ingress-nginx (Ingress resource). Is there a way to implement this config using kubernetes Ingress resources? Reading ingress-nginx docs I haven't found how to map proxy_pass or multiple rewrites to Ingress resource. I would appreciate ref to some detailed doc or sample with similar config.
The ingress-nginx mandatory.yaml file, which the documentation specifies for deploying the ingress-nginx ingress controller, sets-up a k8s ConfigMap with the default name nginx-configuration in the default ingress-nginx namespace. See the link to the mandatory file from the deployment documentation.
Then, to configure your nginx conf file, you can simply add key-value pairs to the nginx-configuration ConfigMap. The available settings and their keys are in the ingress-nginx documentation on ConfigMaps. I have found they differ (slightly) from the nginx config names.
Here's an example ConfigMap.yaml file with some settings I've made for my controller.
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
data:
# This tells the nginx config to look at a different ConfigMap named custom-headers if you have a lot of headers you want to set
proxy-set-headers: "ingress-nginx/custom-headers"
# Suggested changes for interacting with Cloud service load balancing
proxy-read-timeout: "660"
proxy-send-timeout: "660"
# Custom code that can be referenced
http-snippet: "map $http_upgrade $connection_upgrade {
default 'upgrade';
'' close;
}"
proxy-body-size: "500m"When you post your ConfigMap, ingress-nginx is smart enough to update itself, on-the-fly with no downtime. You should see the changes noted in the logs.
Finally, it's best to check your config settings are active by looking at the dynamically-generated nginx.conf file. I like to do that with the kubectl plugin described in the documentation.
This example may not do everything exactly like your nginx.conf, it only routes traffic to correct backend (Kubernetes service) with shortened URL:
E.g.:
from: http://some.nice.server.com/api/v1/something1/blabla
to: http://some.nice.server.com/blabla You you may need to tweak it a bit according to your needs using ingress annotations:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: some-nice-server
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- "some.nice.server.com"
secretName: some.nice.server.com
rules:
- host: "some.nice.server.com"
http:
paths:
- path: /something1/?(.*)
backend:
serviceName: something-1
servicePort: 8080
- path: /something2/?(.*)
backend:
serviceName: something-2
servicePort: 8080You can find guide how to manually create a Kubernetes Secret with your site certificate here or how to use LetsEncrypt service for this purpose here