nginx reverse proxy in Kubernetes

Dynamic reverse proxy using nginx in Kubernetes

1. create a configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: confnginx
data:
  nginx.conf: |
    user  nginx;
    worker_processes  1;
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
      include       /etc/nginx/mime.types;
      default_type  application/octet-stream;
      log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
      access_log  /var/log/nginx/access.log  main;
      sendfile        on;
      keepalive_timeout  65;
      server {
        listen 80;

        server_name ~^(?<subdomain>.*?)\.;
        resolver kube-dns.kube-system.svc.cluster.local valid=5s;

        location /healthz {
          return 200;
        }

        location / {
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_pass http://$subdomain.msce0.svc.cluster.local;
          proxy_set_header Host $host;
          proxy_http_version 1.1;
        }
      }
    }

run

kubectl apply -f configmap.yaml

2. create a deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:alpine
          ports:
          - containerPort: 80
          volumeMounts:
            - name: nginx-config
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
      volumes:
        - name: nginx-config
          configMap:
            name: confnginx

run

kubectl apply -f deployment.yaml

3. create a service.yaml

kind: Service
apiVersion: v1
metadata:
  name: nginx-custom
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    name: nginx

run

kubectl apply -f service.yaml

4. create a `ingress.yaml`

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-nginx-custom
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-custom
            port:
              number: 80

REF：

https://kubernetes.io/zh/docs/concepts/services-networking/ingress/

Get error "unknown field "serviceName" in Kubernetes Ingress

run

kubectl apply -f ingress.yaml

5. create networkpolicy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: nginx-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: nginx
  policyTypes:
  - Ingress
  ingress:
    - ports:
      - protocol: TCP
        port: 80

REF: 网络策略

run

kubectl apply -f networkpolicy.yaml

7. test

HOST_IP=`ip route get 1 | awk '{match($0, /.+src\s([.0-9]+)/, a);print a[1];exit}'`
NDP=$(kubectl get svc nginx-custom -o json |jq .spec.ports[0].nodePort)
curl -kL http://$HOST_IP:$NDP/healthz

the follow command not works

SVC=nginx-custom
DEP=nginx

CIP=$(kubectl get svc $SVC -o json |jq .spec.clusterIP)
CIP=${CIP//\"/}

PODIP=$(kubectl get pod -l app=$DEP -o json | jq .items[0].status.podIP)
PODIP=${PODIP//\"/}

PODNAME=$(kubectl get pod -l app=$DEP -o json | jq .items[0].metadata.name)
PODNAME=${PODNAME//\"/}

cport=$(kubectl get svc nginx-custom -o json |jq .spec.ports[0].port)
tport=$(kubectl get svc nginx-custom -o json |jq .spec.ports[0].targetPort)

curl -kL http://$CIP:$cport/healthz
curl -kL http://$PODIP:$tport/healthz

kubectl logs pods $PODNAME

kubectl exec -it $PODNAME -- sh 
curl -kL http://localhost:80/healthz