New to Voyager? Please start here.
Using External Service as Ingress Backend
You can use an external service as a Backend for Kubernetes Ingress. There are 2 options depending on whether the external service has an external IP or DNS record.
Using External IP
You can introduce any external IP address as a Kubernetes service by creating a matching Service and Endpoint object. Then you can use this service as a backend for your Ingress rules.
apiVersion: v1
kind: Service
metadata:
name: external-ip
namespace: default
spec:
ports:
- name: app
port: 80
protocol: TCP
targetPort: 9855
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: external-ip
namespace: default
subsets:
- addresses:
# list all external ips for this service
- ip: 172.17.0.5
ports:
- name: app
port: 9855
protocol: TCP
Now, you can use this external-ip
Service as a backend in your Ingress definition. For example:
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
name: test-ings-rhvulnlb
namespace: default
spec:
defaultBackend:
service:
name: external-ip
port:
number: 80
Using External Domain
You can introduce an external service into a Kubernetes cluster by creating a ExternalName
type service. Voyager can forward traffic in both HTTP and TCP mode to the named domain in the ExternalName
service by resolving dns. For static resolution of DNS record when HAProxy config is parsed, only use the ingress.appscode.com/use-dns-resolver: "true"
annotation on the respective service. To periodically resolve dns, DNS resolvers must be configured using annotations on the service name.
Keys | Value | Default | Description |
---|---|---|---|
ingress.appscode.com/use-dns-resolver | bool | false for L7, always true for L4 | If set, DNS resolution will be used |
ingress.appscode.com/dns-resolver-nameservers | array | Optional . If set to an array of DNS nameservers, these will be used HAProxy to periodically resolve DNS. If not set, HAProxy parses the server line definition and matches a host name at start up. | |
ingress.appscode.com/dns-resolver-check-health | bool | Optional . If nameservers are set, this defaults to true . Set to false , to disable periodic dns resolution. | |
ingress.appscode.com/dns-resolver-retries | integer | Optional . If set, this defines the number of queries to send to resolve a server name before giving up. If not set, default value pre-configured by HAProxy is used. | |
ingress.appscode.com/dns-resolver-timeout | map | Optional . If set, defines timeouts related to name resolution. Define value as ‘{ “event”: “time” }’. For a list of valid events, please consult HAProxy documentation. | |
ingress.appscode.com/dns-resolver-hold | map | Optional . If set, Defines period during which the last name resolution should be kept based on last resolution status. Define value as ‘{ “status”: “period” }’. For a list of valid status, please consult HAProxy documentation. |
Following example illustrates the scenario.
apiVersion: v1
kind: Service
metadata:
name: external-ns
namespace: default
annotations:
ingress.appscode.com/use-dns-resolver: "true"
ingress.appscode.com/dns-resolver-nameservers: '["8.8.8.8:53", "8.8.4.4:53"]'
spec:
externalName: google.com
type: ExternalName
If this service is used in ingress, the traffic will forward to google.com’s address.
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
name: test-ings-rhvulnlb
namespace: default
spec:
defaultBackend:
service:
name: external-ns
port:
number: 80
HTTP Redirect
If ingress.appscode.com/use-dns-resolver
annotation is set to false or missing on a ExternalName
type service,
Voyager resolves L7 ingress in the following ways.
apiVersion: v1
kind: Service
metadata:
name: external-ns
namespace: default
spec:
externalName: google.com
type: ExternalName
Default redirect
If No BackendRules are configured for the endpoint, Voyager will configure HAProxy to redirect traffic to provided domain and port. The redirect code will be 301 (permanent redirect). Scheme (http or https) used by endpoint is preserved on redirect.
backend:
service:
name: external-svc-non-dns
port:
number: 80
The generated redirect line in HAProxy config:
http-request redirect location http[s]://{{e.ExternalName}}:{{ e.Port }} code 301
Backend Rule
If Backendrules are configured, Voyager will not auto generate any redirect rule. This allows users to use full spectrum of HTTP redirection options available in HAProxy. To learn about these option, consult HAProxy documentation.
backend:
backendRules:
- http-request redirect location https://google.com code 302
service:
name: external-svc-non-dns
port:
number: 80