Kubernetes expose a service on a port over tls

Question

I have my application https://myapp.com deployed on K8S, with an nginx ingress controller. HTTPS is resolved at nginx.

Now there is a need to expose one service on a specific port for example https://myapp.com:8888. Idea is to keep https://myapp.com secured inside the private network and expose only port number 8888 to the internet for integration.

Is there a way all traffic can be handled by the ingress controller, including tls termination, and it can also expose 8888 port and map it to a service?

Or I need another nginx terminating tls and exposed on nodeport? I am not sure if I can access services like https://myapp.com:<node_port> with https.

Is using multiple ingress controllers an option?

What is the best practice to do this in Kubernetes?

Answer 1

Use sidecar proxy pattern to add HTTPS support to the application running inside the pod.

Refer the below diagram as a reference

Run nginx as a sidecar proxy container fronting the application container inside the same pod. Access the application through port 8888 on nginx proxy. nginx would route the traffic to the application.

Find below the post showing how it can be implemented

https://vorozhko.net/kubernetes-sidecar-pattern-nginx-ssl-proxy-for-nodejs