2 min read Linux

Proxying External Services Using Kubernetes Services

There are various reasons why setting up external service proxying from a Kubernetes cluster becomes essential. For example:

  • Managing a hybrid deployment where certain services operate within a Kubernetes cluster, while others remain on-premises.
  • Handling services with specific requirements, such as object storage or databases, that need to stay outside the cluster.
  • Dealing with a service situated in a different data center than the Kubernetes cluster.
  • Undertaking significant restructuring or refactoring within the Kubernetes cluster, aiming to minimize downtime and establish a seamless traffic redirection during migration.

On this occasion, I have an external service, called code-server, which I had previously deployed on my blog here.

Setup Code Server: VS Code in the browser
Run VS Code on any machine anywhere and access it in the browser. Requirements See requirements for minimum specs, as well as instructions on how to set up a Google VM on which you can install code-server. TL;DR: Linux machine with WebSockets enabled, 1 GB RAM, and 2 vCPUs
RJRaja Haikal

I intend to proxy/expose it using a Kubernetes service.

Proxy to external services with Kubernetes Service

Let’s start by creating a default ClusterIP Service:

cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
  name: rj-codeserver-service
spec:
  ports:
  - port: 8080
    targetPort: 8080
  type: ClusterIP
EOF

Now,  since we’re creating a Service without selectors, no Endpoint is being created for us so we need to create an Endpoint manually and provide an IP address of the external service/application that we want to proxy the requests to.

cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Endpoints
metadata:
  name: rj-codeserver-service  # Must be equal to Service name for automatic mapping
subsets:
- addresses:
  - ip: 13.212.177.111  # IP address of your external service
  ports:
  - port: 8080  # Listen Port of your external service
EOF

Next, let’s create an Ingress resource in order to enable traffic routing to the newly created Service. If the backend service only accepts HTTPS traffic and using NGINX, in addition to updating the destination port accordingly we will need to add nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" annotation to the Ingress resource definition.

cat<<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: rj-codeserver-ingress
spec:
  ingressClassName: nginx
  rules:
  - host: code.rjhaikal.my.id
    http:
      paths:
      - backend:
          service:
            name: rj-codeserver-service
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - 'code.rjhaikal.my.id'
    secretName: code-rjhaikal-secret
EOF

The Flow would look something like this:

And it's done😎.  Now go to https://code.rjhaikal.my.id

Published by:

Raja Haikal

You might also like...

Feb
03

Set Up SSH to Use Two-Factor Authentication

Enhance the security of your SSH access by adding two-factor authentication (2FA) for an extra layer of protection on your
5 min read
Jan
26

Provision ArgoCD

Install Cert Manager We need certificates to be securely logon to the Argo CD UI. Certificate provisioning can be a
2 min read
Jan
20

Backup Restore Kubernetes with Velero & Swift

Hello World! Pada Artikel kali ini saya mau sharing ringan terkait riset yang sudah saya coba terkait Backup Restore Kubernetes
5 min read
Jan
15

Using RadosGW as a drop-in replacement for Swift

Hello Folks! Artikel ini lebih seperti catatan untuk diri sendiri, tetapi ini mungkin membantu jika anda mencari cara untuk mengintegrasikan
6 min read
Jan
10

Implement Oauth2 Proxy on Kubernetes

Sometimes, we may want to add authentication features to our service running on Kubernetes, but the application itself does not
5 min read

Member discussion