Search code examples
kuberneteskubernetes-ingressnginx-ingressk3straefik-ingress

Kubernetes newby question on ingress and reverse proxy

After running a Proxmox virtualization server on an energy hungry PC for years I finally decided to migrate the services to a kubernetes cluster on raspberries, which (hopefully) also adds better reliability and data safety. The old VMs ran an apache proxy, several Java Spring applications, one or two WordPress sites, and a small Nextcloud (as well as a GitLab CI/CD for my development), with two DB servers (mariaDB and mongoDB). Each of the services ran on their own VM with their own IP. I'd like to bundle them all now in a single landing page, from which each service gets accessed via specific prefixes (e.g. http://{my-ip}/service1, http://{my-ip}/service2, http://{my-ip}/longhorn-ui etc.). I believe that should be doable in kubernetes, leaving the authentication and authorization out for the moment, I just don't quite know how.

So my question for today is: How do I set up an Ingress (traeffik or nginx) in k3s/kubernetes such that a request prefix '/service1' on port 80 or 443 gets routed to the root path on port 80 (or any other, for that sake) of a service? So far I succeeded in using prefixes, but those were not stripped when the request got routed to the backend.

Thanks for the answers,

Stefan

Solution

  • Found the answer :-)

    Apparently my k3s is version v1.25.6, which uses traefik v2. That, in turn, uses the middleware concept, which allows to define a StripPrefix middleware.

    So if I want to redirect all traffic with the prefix /spring to root of the service 'demo' in the default namespace, I can do that like such:

    ingress.yaml:

    ---
# Strip prefix /spring
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: strip-prefix
spec:
  stripPrefix:
    forceSlash: false
    prefixes:
      - /spring
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: default-strip-prefix@kubernetescrd
spec:
  rules:
  - http:
      paths:
      - path: /spring
        pathType: Prefix
        backend:
          service:
            name: demo
            port:
              number: 8080

    Observe that the namespace has to be given for the traefik.ingress.kubernetes.io/router.middlewares annotation, even if it is the default namespace. I can't say if the original path is preserved in a header ... that's for another day to figure out :-)