Help:Toolforge/Kubernetes/Reverse proxy
< Help:Toolforge | Kubernetes
Any objects manually created in Kubernetes (as opposed to using
toolforge
clients) are not officially supported by the Toolforge admin team. They may stop working without notice following any Kubernetes software update or platform outage.If you rely on this method, please add a note in the T337191 task so we can better focus our efforts.
Rationale
Imagine your webservice includes request to an external service named cdn.example.com
.
Instead of having the client web browser load the external content directly, you can use a proxyed endpoint like mytool.toolforge.org/external-cdn
.
TODO: explain what this is, and why is needed.
How to do it
Create a new kubernetes Service
and Ingress
resources.
For that, put the following information on a reverse-proxy.yaml
file in your tool home directory:
---
# Service object for routing requests to cdn.example.com
apiVersion: v1
kind: Service
metadata:
name: cdn-example-com
namespace: tool-mytool
spec:
type: ExternalName
externalName: cdn.example.com
---
# Ingress object for routing requests to cdn.example.com
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: proxy-cdn-example-com
namespace: tool-mytool
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/upstream-vhost: cdn.example.com
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-name: cdn.example.com
spec:
rules:
- host: mytool.toolforge.org
http:
paths:
- backend:
service:
name: cdn-example-com
port:
number: 443
path: /external-cdn(/|$)(.*)
pathType: ImplementationSpecific
Load it in your tool account:
tools.mytool@tools-sgebastion-08:~$ kubectl apply -f reverse-proxy.yaml
service/cdn-example-com configured
ingress.networking.k8s.io/proxy-cdn-example-com configured
Repeat the process for each external endpoint you want to reverse-proxy.
A quota bump is likely required to increase allowance for Service resources.
See also
TODO.