Currently I have an endpoint which is internet facing, in order to access it we need to go through corp proxy. I want to be able to setup a nginx to an external name so that internal client can access the endpoint. Is there a way to setup a http proxy for nginx ingress controller per ingress?
Here is the existing configuration on kubernetes
apiVersion: v1
kind: Service
metadata:
name: my-svc
namespace: apps
spec:
type: ExternalName
externalName: external.example.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: apps
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
tls:
- hosts:
- my-internal.company.com
secretName: tls-wildcard-cert-app
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-svc
port:
number: 443
host: my-internal.company.com
If I understand you correctly, you would like to expose the external endpoint through an ingress, so no proxy would be needed when using the ingress endpoint, right?
Wouldn't it be easiest to use the proxy directly in the internal client?
E.g. if it would be cURL, by setting http_proxy and https_proxy environment variables like here or in case of java, by setting java command line options -Dhttp.proxyHost=<proxy-ip/hostname> -Dhttp.proxyPort=<proxy-port>?
Or don't you have any control of the internal client?
If I understood your question correctly, I don't think you would use k8s tooling to achieve that.
ExternalName-type Kubernetes services are basically just a CNAME record and this DNS record would then be known inside the cluster. You cannot do any HTTP-based alterations like proxying with CNAME records. You would need to setup another pod/deployment doing the proxying for you, basically setting up another proxy to use the proxy - which would be overkill imho.