Nginx ReverseProxy Pod in kubernetes
Nginx ReverseProxy Pod in kubernetes
Use Case
If you want to have a simple reverse-proxy for a site which is having basic auth to be added without any authentication.
Lets say grafana.ijuned.com is having a basic auth and you want to have a reverse proxy without any authentication.
Create
- ConfigMap with Nginx Proxy configurations
- Nginx Deployment
- Nginx Service - I am using node port but we can change based on the requirement.
- To add the Grafana as an IFRAME in another HTML, make sure to edit the grafana.ini file and add
1 2
[security] allow_embedding = true
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
---
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: loki
data:
default.conf: |-
server {
listen 80 default_server;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header Authorization "Basic YWRtaW46dVpONWV1N2RkN0tQd2FuSTQ0MWJCUGpvdWRKOHc3NEVHcTU3OTdYNg=="; # to generate the token use this - echo -n "admin:admin" | base64 -w 0
proxy_pass_header Authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://grafana.ijuned.com:80/;
proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOWALL";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-proxy
namespace: loki
spec:
replicas: 1
selector:
matchLabels:
app: grafana-proxy
template:
metadata:
labels:
app: grafana-proxy
spec:
volumes:
- name: nginx-conf
configMap:
name: nginx-conf
items:
- key: default.conf
path: default.conf
containers:
- name: grafana-proxy
image: docker.io/library/nginx:1.21.6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
---
apiVersion: v1
kind: Service
metadata:
labels:
app: grafana-proxy
name: grafana-proxy
namespace: loki
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 80
selector:
app: grafana-proxy
type: ClusterIP