1

I have an EKS cluster, and a separate website built on (and hosted by) Webflow.

The cluster is behind cluster.com and the website website.webflow.io

What I would like to achieve is to proxy requests coming to cluster.com/website to website.webflow.io

Based on my research, this problem could/might be solved with the ExternalName service. Unfortunately, it doesn't solve it for me, and it's trying to do a DNS lookup within the cluster. I tried various other configurations with Endpoints as well. The ExternalName seems the most promising of everything I tried that's why I'm attaching the configuration below.

Here is what my configuration looks like:

---
kind: Service
apiVersion: v1
metadata:
  namespace: development
  name: external-service
spec:
  type: ExternalName
  externalName: website.webflow.io
  ports:
    - port: 443
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: development
  name: external-ingress
  annotations:
    ingress.kubernetes.io/preserve-host: "false"
    ingress.kubernetes.io/secure-backends: "true"
    ingress.kubernetes.io/upstream-vhost: "website.webflow.io"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/server-snippet: |
      proxy_ssl_name website.webflow.io;
      proxy_ssl_server_name on;
spec:
  rules:
  - host: cluster.com
    http:
      paths:
      - path: /website
        backend:
          serviceName: external-service
          servicePort: 443

Is there a straight-forward way to achieve this? What stands out as wrong in the configuration?

Andrei Gaspar
  • 79
  • 2
  • 8
  • "should/might work"? Have you even tried this? Do you expect me to test it for you? – Matt Jan 28 '21 at 09:42
  • Of course I tried it, as well as plenty of other approaches. This one was closest to what feels like should have worked, but it doesn't. It is trying to do a DNS lookup within the cluster itself. Edit: By this should/might work I mean, ExternalName is the closest thing I found that could solve this problem. But it doesn't. – Andrei Gaspar Jan 28 '21 at 09:59

1 Answers1

5

Here is what I did.

I applied your config but changed the following annotation name:

ingress.kubernetes.io/upstream-vhost: "website.webflow.io"

To the one I have found in the nginx ingress docs:

nginx.ingress.kubernetes.io/upstream-vhost: "website.webflow.io"
^^^^^^

Try it and let me know if it solves it.

EDIT: here is a complete yaml I used:

---
kind: Service
apiVersion: v1
metadata:
  name: external-service
spec:
  type: ExternalName
  externalName: website.webflow.io
  ports:
    - port: 443

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: external-ingress
  annotations:
    ingress.kubernetes.io/preserve-host: "false"
    ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/upstream-vhost: "website.webflow.io"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/server-snippet: |
      proxy_ssl_name website.webflow.io;
      proxy_ssl_server_name on;
spec:
  rules:
  - host: cluster.com
    http:
      paths:
      - path: /website
        backend:
          serviceName: external-service
          servicePort: 443
Matt
  • 7,419
  • 1
  • 11
  • 22