Help:Toolforge/Kubernetes/Reverse proxy
< Help:Toolforge | Kubernetes
Rationale
Imagine your webservice includes request to an external service named cdn.example.com.
Instead of having the client web browser load the external content directly, you can use a proxyed endpoint like mytool.toolforge.org/external-cdn.
TODO: explain what this is, and why is needed.
How to do it
Create a new kubernetes Service and Ingress resources.
For that, put the following information on a reverse-proxy.yaml file in your tool home directory:
---
# Service object for routing requests to cdn.example.com
apiVersion: v1
kind: Service
metadata:
name: cdn-example-com
namespace: tool-mytool
spec:
type: ExternalName
externalName: cdn.example.com
---
# Ingress object for routing requests to cdn.example.com
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: proxy-cdn-example-com
namespace: tool-mytool
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/upstream-vhost: cdn.example.com
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-name: cdn.example.com
spec:
rules:
- host: mytool.toolforge.org
http:
paths:
- backend:
service:
name: cdn-example-com
port:
number: 443
path: /external-cdn(/|$)(.*)
pathType: ImplementationSpecific
Load it in your tool account:
tools.mytool@tools-sgebastion-08:~$ kubectl apply -f reverse-proxy.yaml
service/cdn-example-com configured
ingress.networking.k8s.io/proxy-cdn-example-com configured
Repeat the process for each external endpoint you want to reverse-proxy.
A quota bump is likely required to increase allowance for Service resources.
See also
TODO.