Configuring VirtualServer with custom HTTP and HTTPS listener ports
This tutorial outlines how to configure and deploy a VirtualServer resource with custom HTTP and HTTPS listener ports.
VirtualServer can explicitly define custom HTTP and HTTPS listener ports using the spec.listener.http and spec.listener.https fields.
Each field must reference a valid listener defined by in a GlobalConfiguration resource.
- Create a yaml file called
nginx-configuration.yamlwith the below content:
apiVersion: k8s.nginx.org/v1
kind: GlobalConfiguration
metadata:
name: nginx-configuration
namespace: nginx-ingress
spec:
listeners:
- name: http-8083
port: 8083
protocol: HTTP
- name: https-8443
port: 8443
protocol: HTTP
ssl: true- Deploy
nginx-configuration.yamlfile:
kubectl apply -f nginx-configuration.yaml-
Add the below arguments to the
values.yamlfile incontroller.globalConfiguration:yamlspec: listeners: - name: http-8083 port: 8083 protocol: HTTP - name: https-8443 port: 8443 protocol: HTTP ssl: true -
Follow the Installation with Helm instructions to deploy the NGINX Ingress Controller with custom resources enabled.
-
Ensure your NodePort or LoadBalancer service is configured to expose the custom listener ports. This is set in the
customPortssection undercontroller.service.customPorts:yamlcustomPorts: - name: http-8083 port: 8083 protocol: TCP targetPort: 8083 - name: https-8443 port: 8443 protocol: TCP targetPort: 8443
-
Add the below argument to the manifest file of NGINX Ingress Controller:
yamlargs: - -$(POD_NAMESPACE)/nginx-configuration -
Follow the Installation with Manifests instructions to deploy NGINX Ingress Controller with custom resources enabled.
-
Ensure your NodePort or LoadBalancer service is configured to expose the custom listener ports. Below is an example yaml configuration using NodePort, which would also apply to a LoadBalancer service:
yamlapiVersion: v1 kind: Service metadata: name: nginx-ingress namespace: nginx-ingress spec: type: NodePort ports: - port: 8083 targetPort: 8083 # Custom HTTP listener port protocol: TCP name: http-8083 - port: 8443 targetPort: 8443 # Custom HTTPS listener port protocol: TCP name: https-8443 selector: app: nginx-ingress
Deploy the custom listeners resources from the repository examples. It includes all required resources, including VirtualServer.
Below is a snippet of the VirtualServer resource that will be deployed:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: cafe
spec:
listener:
http: http-8083
https: https-8443
host: cafe.example.com
tls:
secret: cafe-secret
upstreams:
...Below is a snippet of the NGINX configuration for this VirtualServer.
server {
listen 8083;
listen [::]:8083;
server_name cafe.example.com;
set $resource_type "virtualserver";
set $resource_name "cafe";
set $resource_namespace "default";
listen 8443 ssl;
listen [::]:8443 ssl;
ssl_certificate /etc/nginx/secrets/default-cafe-secret;
ssl_certificate_key /etc/nginx/secrets/default-cafe-secret;
}You can test that the VirtualServer resource is deployed with non-default port configuration by explicitly defining them when sending requests.
curl using port 8443:
curl -k https://cafe.example.com:8443/coffee
Server address: 10.32.0.40:8080
Server name: coffee-7dd75bc79b-qmhmv
...
URI: /coffee
...curl using port 8083:
curl -k http://cafe.example.com:8083/coffee
Server address: 10.32.0.40:8080
Server name: coffee-7dd75bc79b-qmhmv
...
URI: /coffee
...