Skip to content

SleepyBrett/kube-http-proxy

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

kube-http-proxy

Docker Build Status License: MIT

This is a HTTP reverse proxy for Kubernetes based on Nginx and confd.

To run this container, you need Kubernetes v0.15.0 or later and access to the etcd cluster on which Kubernetes operates.

Usage

docker run -e CONFD_ETCD_NODE=<etcd-address>:<etcd-port> -p 80:80 -p 443:443 noonien/kube-http-proxy

The reverse proxy is configured using Kubernetes annotations on services.

The configuration is stored as serialized JSON strings. Two annotations are supported:

  • http-proxy-servers - To configure the servers and a root path for the service
  • http-proxy-paths - To configure additional paths for specified servers

Examples

http-proxy-servers:

[
    {
        "host": "some.example.com",
        "names": ["some.other.example.com"],
        "port": "8080",
        "targetPort": "3000",
        "default": true,
        "pattern": true,
        "targetPath": "proxy",
        "pathOptions": ["proxy_pass_request_headers on"],
    },
    {
        "host": "another.example.com",
        "port": "8000",
        "ssl": true,
        "sslPort": "8443",
        "path": "/somewhere/",
        "webSocket": true
    },
]

Field:

  • host - Server hostname. Required.
  • names - Additional names for the server.
  • port - Port on which to listen for connections. Defaults to 80.
  • ssl - If enabled, ceritificate and key has to be available at /etc/nginx/ssl named .crt and <host.key>. If enabled all http requests are redirected to https. Defaults to false.
  • sslPort - Port on which to listen to ssl connections. Defaults to 443.
  • targetPort - Port on which the service listens for connections. Defaults to 80.
  • path - Path on which this service is exposed. Defaults to "/".
  • webSocket - Enable if the service requires upgrading the HTTP conenction to a WebSocket. Defaults to false.
  • default - Enable if this is the default server. Defaults to false.
  • pattern - Defaults to false, true adds a ~ to the location line allowing url rewriting.
  • targetPath - The path to proxy to.
  • options - Additional Nginx options for the server;
  • pathOptions - Additional Nginx options for the default path;

http-proxy-paths:

{
    "some.example.com": [
        {
            "path": "/somewhere/",
            "targetPort": "3000",
            "webSocket": true,
            "pattern": true
        },
        {
            "path": "/somewhere/else/",
            "targetPort": "3000",
            "options": ["proxy_pass_request_headers on"],
        }
    ],
    "another.example.com": [
        {
            "path": "/api/",
            "targetPort": "8080",
            "targetPath": "proxy",
        }
    ]
}

Fields:

  • path - Path on which this service is exposed. Required.
  • targetPort - Port on which the service listens for connections. Defaults to 80.
  • webSocket - Enable if the service requires upgrading the HTTP conenction to a WebSocket. Defaults to false.
  • targetPath - Path to proxy to.
  • options - Additional Nginx options for the path.
  • pattern - Defaults to false, true adds a ~ to the location line allowing url rewriting.

Example service.yaml

apiVersion: v1beta3
kind: List
items:
  - kind: Service
    apiVersion: v1beta3
    metadata:
      name: test-proxy
      annotations:
        http-proxy-servers: '[{"host": "some.example.com"}]'
    spec:
      selector:
        name: test-pod
      ports:
        - port: 80
          targetPort: http
  - kind: Service
    apiVersion: v1beta3
    metadata:
      name: test-proxy-api
      annotations:
        http-proxy-paths: '{"some.example.com": [{"path": "/api/", "targetPort": 8080}]}'
    spec:
      selector:
        name: test-pod-api
      ports:
        - port: 8080
          targetPort: api

Fleet

This container should be ran outside of kubernetes because due to kube-proxy, client IPs are obscured. Here's a service file that can be used to launch this container:

[Unit]
Description=Kubernetes HTTP Reverse Proxy
Documentation=https://github.com/noonien/kube-http-proxy
Requires=docker.service
Requires=etcd2.service
After=docker.service
After=etcd2.service

[Service]
EnvironmentFile=/etc/network-environment
ExecStartPre=-/usr/bin/docker rm -f kube-http-proxy
ExecStart=/usr/bin/docker run -e CONFD_ETCD_NODE=${DEFAULT_IPV4}:4001 -p 443:443 -p 80:80 --name kube-http-proxy noonien/kube-http-proxy
Restart=always
RestartSec=10

This example uses setup-network-environment to get the correct IP address of the etcd server.

About

Kubernetes HTTP Reverse Proxy using Nginx and confd

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%