[TUTORIAL] PVE proxy with kubernetes nginx ingress

Mar 26, 2018
283
46
33
36
Austria
rene.jochum.dev
Today I moved my Proxmox behind an Kubernetes NGINX Ingress, I did that because I want a CORS, a Let's Encrypt Cert with a single Public IP and port 443.

The Service YAML

Code:
apiVersion: v1
kind: Service
metadata:
  annotations:
    field.cattle.io/ipAddresses: '["10.167.160.10"]'
  name: pve01
  namespace: my-pve-namespace
spec:
  clusterIP: None
  ports:
  - name: pve
    port: 8006
    protocol: TCP
    targetPort: 8006
  sessionAffinity: None
  type: ClusterIP


And the ingress yaml

Code:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    ingress.kubernetes.io/configuration-snippet: "proxy_set_header Host $http_host;\nproxy_set_header
      X-Real-IP $remote_addr;\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      \     \nproxy_http_version 1.1;\nproxy_set_header Upgrade $http_upgrade;\nproxy_set_header
      Connection $connection_upgrade;      "
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/cors-allow-headers: Authorization
    nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/server-snippet: |-
      client_max_body_size 100G;
      server_tokens off;
      proxy_hide_header X-Powered-By;
  generation: 2
  managedFields:
  name: pve01
  namespace: my-pve-namespace
spec:
  rules:
  - host: pve01.mydomain.com
    http:
      paths:
      - backend:
          serviceName: pve01
          servicePort: 8006
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - pve01.mydomain.com
    secretName: pve01-mycomain-com-tls
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!