Kubernetes with rewrite-target and kube-lego

Question

I am trying to create redirect rule to GC buckets with my own certs. I have such configuration:

kind: Service
apiVersion: v1
metadata:
  name: proxy-to-gcs
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ExternalName
  externalName: storage.googleapis.com
----
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: proxy-to-gcs
  annotations:
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/rewrite-target: bucket_name/public
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
    - www.example.com
    secretName: secret-name-tls
  rules:
  - host: www.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: proxy-to-gcs
          servicePort: 80

When I want to see www.example.com/.well-known/acme-challenge/ as kube-lego endpoint, I see google storage bucket 404 page. There is a problem in that rewrite-target, which doesn't consider existence of kube-lego. Any suggestions? Thanks.

Yes, looks like the problem is in rewrite. Could you explain what do you expect from this rewrite? If you want to define the path as a root for your web-site, try to use `nginx.ingress.kubernetes.io/app-root` annotation. — Nick Rak, May 08 '18 at 09:31
Hi, I have some storage bucket on GCP, where I have stored static content (css, js, images). Content is stored in folder public. So these files are accessible via e.g.: `http://storage.googleapis.com/my_bucket/public/example.css` I need to make this accessible via my own domain with https in this format: `http://www.example.com/example.css`. — Chap, May 08 '18 at 20:03
If you want just to host static website from bucket, you can use official doc https://cloud.google.com/storage/docs/hosting-static-website as a how-to. — Nick Rak, May 09 '18 at 09:06
Thank you. Now I have next problem - I created domain and bucket `bucket.example.com` - It is working fine, But in ingress I have two domain with ssl redirect, which I want to use as proxy to this bucket ... i.e.: foo.example.com/file.css and boo.example.com/file.css ... .both should show same file from bucket domain .... but when I remove rewrite target from ingress and changed external name in proxy service to `bucket.example.com` .... I see `NoSuchBucket` message. — Chap, May 14 '18 at 19:26

score 0 · Answer 1 · answered May 16 '18 at 12:48

0

If you want just to host a static website from a bucket, you can use the official doc as a how-to

For Ingress, you can use HTTP(S) Load Balancer - internal google cloud loadbalancer.

You can route your traffic from 2 URL to one bucket and have HTTPS on both.

answered May 16 '18 at 12:48

Nick Rak

2,629
13
19

Hi, the static website is prepared, but I want to use my own ingress controller via kubernetes, where I have kube-lego for SSL certificate provisioning. Now I have static domain **bucket.example.com**, which I want to show on **https ://foo.example.com** – Chap May 16 '18 at 19:42

Kubernetes with rewrite-target and kube-lego

1 Answers1