AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
Voyager
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Ingress
    Cert Manager
  • Voyager Operator
    Voyager CLI

New to Voyager? Please start here.

Using External Service as Ingress Backend

You can use an external service as a Backend for Kubernetes Ingress. There are 2 options depending on whether the external service has an external IP or DNS record.

Using External IP

You can introduce any external IP address as a Kubernetes service by creating a matching Service and Endpoint object. Then you can use this service as a backend for your Ingress rules.

apiVersion: v1
kind: Service
metadata:
  name: external-ip
  namespace: default
spec:
  ports:
  - name: app
    port: 80
    protocol: TCP
    targetPort: 9855
  clusterIP: None
  type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
  name: external-ip
  namespace: default
subsets:
- addresses:
  # list all external ips for this service
  - ip: 172.17.0.5
  ports:
  - name: app
    port: 9855
    protocol: TCP

Now, you can use this external-ip Service as a backend in your Ingress definition. For example:

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: test-ings-rhvulnlb
  namespace: default
spec:
  defaultBackend:
    service:
      name: external-ip
      port:
        number: 80

Using External Domain

You can introduce an external service into a Kubernetes cluster by creating a ExternalName type service. Voyager can forward traffic in both HTTP and TCP mode to the named domain in the ExternalName service by resolving dns. For static resolution of DNS record when HAProxy config is parsed, only use the ingress.appscode.com/use-dns-resolver: "true" annotation on the respective service. To periodically resolve dns, DNS resolvers must be configured using annotations on the service name.

KeysValueDefaultDescription
ingress.appscode.com/use-dns-resolverboolfalse for L7, always true for L4If set, DNS resolution will be used
ingress.appscode.com/dns-resolver-nameserversarrayOptional. If set to an array of DNS nameservers, these will be used HAProxy to periodically resolve DNS. If not set, HAProxy parses the server line definition and matches a host name at start up.
ingress.appscode.com/dns-resolver-check-healthboolOptional. If nameservers are set, this defaults to true. Set to false, to disable periodic dns resolution.
ingress.appscode.com/dns-resolver-retriesintegerOptional. If set, this defines the number of queries to send to resolve a server name before giving up. If not set, default value pre-configured by HAProxy is used.
ingress.appscode.com/dns-resolver-timeoutmapOptional. If set, defines timeouts related to name resolution. Define value as ‘{ “event”: “time” }’. For a list of valid events, please consult HAProxy documentation.
ingress.appscode.com/dns-resolver-holdmapOptional. If set, Defines period during which the last name resolution should be kept based on last resolution status. Define value as ‘{ “status”: “period” }’. For a list of valid status, please consult HAProxy documentation.

Following example illustrates the scenario.

apiVersion: v1
kind: Service
metadata:
  name: external-ns
  namespace: default
  annotations:
    ingress.appscode.com/use-dns-resolver: "true"
    ingress.appscode.com/dns-resolver-nameservers: '["8.8.8.8:53", "8.8.4.4:53"]'
spec:
  externalName: google.com
  type: ExternalName

If this service is used in ingress, the traffic will forward to google.com’s address.

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: test-ings-rhvulnlb
  namespace: default
spec:
  defaultBackend:
    service:
      name: external-ns
      port:
        number: 80

HTTP Redirect

If ingress.appscode.com/use-dns-resolver annotation is set to false or missing on a ExternalName type service, Voyager resolves L7 ingress in the following ways.

apiVersion: v1
kind: Service
metadata:
  name: external-ns
  namespace: default
spec:
  externalName: google.com
  type: ExternalName

Default redirect

If No BackendRules are configured for the endpoint, Voyager will configure HAProxy to redirect traffic to provided domain and port. The redirect code will be 301 (permanent redirect). Scheme (http or https) used by endpoint is preserved on redirect.

backend:
  service:
    name: external-svc-non-dns
    port:
      number: 80

The generated redirect line in HAProxy config:

http-request redirect location http[s]://{{e.ExternalName}}:{{ e.Port }} code 301

Backend Rule

If Backendrules are configured, Voyager will not auto generate any redirect rule. This allows users to use full spectrum of HTTP redirection options available in HAProxy. To learn about these option, consult HAProxy documentation.

backend:
  backendRules:
  - http-request redirect location https://google.com code 302
  service:
    name: external-svc-non-dns
    port:
      number: 80

What's on this Page

Search
Improve This Page