BestHub
Sign in
Cloud Native 5 min read

Proxy External Web Services via Kubernetes Ingress: A Step‑by‑Step Guide

Learn how to configure a Kubernetes Ingress controller to expose and route external web services into your cluster, covering prerequisites, Service and Ingress resource creation, verification via curl and browser, and reference documentation, enabling unified network management in cloud‑native environments.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Proxy External Web Services via Kubernetes Ingress: A Step‑by‑Step Guide

In modern cloud‑native environments, Kubernetes is the standard for container orchestration. While it primarily manages internal services, you can also expose external web services through the cluster by configuring an Ingress controller.

Kubernetes Ingress illustration
Kubernetes Ingress illustration

Prerequisites

Kubernetes cluster: ensure you have a running Kubernetes cluster.

Ingress controller: install and configure an Ingress controller that supports external service proxying, such as Nginx Ingress Controller.

Ingress Proxy External Web Service

1. Create Service resource

<code>$ cat <<'EOF' | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
  name: grafana
spec:
  externalName: 172.139.20.170
  ports:
  - name: http
    port: 3000
    protocol: TCP
    targetPort: 3000
  sessionAffinity: None
  type: ExternalName
EOF

$ kubectl get svc grafana
NAME      TYPE           CLUSTER-IP   EXTERNAL-IP      PORT(S)   AGE
grafana  ExternalName   <none>       172.139.20.170  3000/TCP  11s</code>

2. Create Ingress resource

<code>$ cat <<'EOF' | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: ca-cluster-issuer
    cert-manager.io/common-name: ops.jiaxzeng.com
  name: ops-system
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: ops.jiaxzeng.com
    http:
      paths:
      - pathType: Prefix
        path: /grafana
        backend:
          service:
            name: grafana
            port:
              number: 3000
  tls:
  - hosts:
    - ops.jiaxzeng.com
    secretName: ops.jiaxzeng.com
EOF</code>

Verification

1. Command line verification

<code>$ curl -k -I -L -H 'Host: ops.jiaxzeng.com' https://172.139.20.100/grafana
HTTP/1.1 302 Found
Date: Mon, 30 Sep 2024 15:02:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-store
Location: /grafana/login
Set-Cookie: redirect_to=%2Fgrafana; Path=/grafana; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains

HTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 15:02:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains</code>

2. Browser verification

Browser verification screenshot
Browser verification screenshot

Reference

https://www.kancloud.cn/jiaxzeng/kubernetes/3125885

Conclusion

By following these steps, you can successfully use a Kubernetes Ingress controller to bring external web services under unified management, simplifying network architecture and providing flexible routing control.

cloud nativeKubernetesDevOpsNginxIngressExternal Service
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment