description |
---|
A guide on how to expose an HTTP service from a cluster for external access. |
You first need to enable the workload service proxying feature on the cluster you want to expose Services from.
If you are creating a new cluster, you can enable the feature by checking the checkbox in the “Cluster Features” section:
For an existing cluster, simply check the checkbox in the features section of the cluster overview page.
If you are using cluster templates, you can enable the feature by adding the following to the cluster template YAML:
features:
enableWorkloadProxy: true
You will notice that the “Exposed Services” section will appear on the left menu for the cluster the feature is enabled on.
Let’s install a simple Nginx deployment and service to expose it.
Create the following nginx.yaml
file:
apiVersion: apps/v1
kind: Deployment
metadata:
name: workload-proxy-example-nginx
namespace: default
spec:
selector:
matchLabels:
app: workload-proxy-example-nginx
template:
metadata:
labels:
app: workload-proxy-example-nginx
spec:
containers:
- name: workload-proxy-example-nginx
image: nginx:stable-alpine-slim
---
apiVersion: v1
kind: Service
metadata:
name: workload-proxy-example-nginx
namespace: default
annotations:
omni-kube-service-exposer.sidero.dev/port: "50080"
omni-kube-service-exposer.sidero.dev/label: Sample Nginx
omni-kube-service-exposer.sidero.dev/icon: H4sICB0B1mQAA25naW54LXN2Z3JlcG8tY29tLnN2ZwBdU8ly2zAMvfcrWPZKwiTANWM5015yyiHdDr1kNLZsa0axvKix8/cFJbvNdCRCEvEAPDxQ8/vLSydem+Op7XeVtGCkaHbLftXuNpX8Pax1kveL+UetxY9919erZiWG/k58+/kgvjb7Xonz+Qyn182RP2DZvyjx0OyaYz30x38o8dhemqP43vfdSWi9+DDnCHFuV8O2ksmY/UWKbdNutsPfz9e2OX/pL5U0wghCvqVgqrtTJbfDsL+bzUrhM0F/3MzQGDPjlHIxH9qhaxbrtmueh7d987zbtLvLfDZtz/f1sBWrSj5aD9klhVswwdfWgLNJXR+GL6sgRwSP6QmRd53yELzCCMmRShCjqyFmLOsWwCiIKS01GJOUA0qZHQUby5ZXlsAGjkv8wmuK00A+gDfxoD1DSREQOm0teBdVgOA4wqdY1i0i+AiG4lOGbFEhg7icZWJIgCMz+It1DA/hYDQXScxVjyyohpCprBt7SswylJze49htVNxQjk6xDuSXTAs12OQgUGLWMRenLj4pTsNb11SSde/uPhmbA2U5e6c3qxBiEdhTOhhO77CIwxvJ55p7NVlN1owX+xkOJhUb3M1OTuShAZpQIoK72mtcSF5bwExLoxECjsqzssgIzdMLB2IdiPViApHbsTwhH1KNkIgFHO2tTOB54pjfXu3k4QLechmK9lCGzfm9s0XbQtmWfqa4NB0Oo1lzVtUsx6wjKxtYBcKSMkJOyGzJBbYxBM0aBypZfdBRJyDCz0zNRjXZKw0D/J75KFApFvPVTt73kv/6b0Lr9bqMp/wziz8W9M/pAwQAAA==
spec:
selector:
app: workload-proxy-example-nginx
ports:
- name: http
port: 80
targetPort: 80
Apply it to the cluster:
kubectl apply -f nginx.yaml
Note the following annotations on the cluster:
omni-kube-service-exposer.sidero.dev/port: "50080"
omni-kube-service-exposer.sidero.dev/label: Sample Nginx
omni-kube-service-exposer.sidero.dev/icon: H4sICB0B1mQAA25naW54LXN2Z3JlcG8tY29tLnN2ZwBdU8ly2zAMvfcrWPZKwiTANWM5015yyiHdDr1kNLZsa0axvKix8/cFJbvNdCRCEvEAPDxQ8/vLSydem+Op7XeVtGCkaHbLftXuNpX8Pax1kveL+UetxY9919erZiWG/k58+/kgvjb7Xonz+Qyn182RP2DZvyjx0OyaYz30x38o8dhemqP43vfdSWi9+DDnCHFuV8O2ksmY/UWKbdNutsPfz9e2OX/pL5U0wghCvqVgqrtTJbfDsL+bzUrhM0F/3MzQGDPjlHIxH9qhaxbrtmueh7d987zbtLvLfDZtz/f1sBWrSj5aD9klhVswwdfWgLNJXR+GL6sgRwSP6QmRd53yELzCCMmRShCjqyFmLOsWwCiIKS01GJOUA0qZHQUby5ZXlsAGjkv8wmuK00A+gDfxoD1DSREQOm0teBdVgOA4wqdY1i0i+AiG4lOGbFEhg7icZWJIgCMz+It1DA/hYDQXScxVjyyohpCprBt7SswylJze49htVNxQjk6xDuSXTAs12OQgUGLWMRenLj4pTsNb11SSde/uPhmbA2U5e6c3qxBiEdhTOhhO77CIwxvJ55p7NVlN1owX+xkOJhUb3M1OTuShAZpQIoK72mtcSF5bwExLoxECjsqzssgIzdMLB2IdiPViApHbsTwhH1KNkIgFHO2tTOB54pjfXu3k4QLechmK9lCGzfm9s0XbQtmWfqa4NB0Oo1lzVtUsx6wjKxtYBcKSMkJOyGzJBbYxBM0aBypZfdBRJyDCz0zNRjXZKw0D/J75KFApFvPVTt73kv/6b0Lr9bqMp/wziz8W9M/pAwQAAA==
To expose a service, only the omni-kube-service-exposer.sidero.dev/port
annotation is required.
Its value must be a port that is unused on the nodes, such as by other exposed Services.
The annotation omni-kube-service-exposer.sidero.dev/label
can be set to a human-friendly name to be displayed on the Omni Web left menu.
If not set, the default name of <service-name>.<service-namespace>
will be used.
The annotation omni-kube-service-exposer.sidero.dev/icon
can be set to render an icon for this service on the Omni Web left menu.
If set, valid values are:
- Either a base64-encoded SVG
- Or a base64-encoded GZIP of an SVG
To encode an SVG file icon.svg
to be used for the annotation, you can use the following command:
gzip -c icon.svg | base64
You will notice that the Service you annotated will appear under the “Exposed Services” section in Omni Web, on the left menu when the cluster is selected.
Clicking it will render the Service in Omni.
{% hint style="info" %} This feature only works with HTTP services. Raw TCP or UDP are not supported. {% endhint %}
The services are only accessible to users authenticated to Omni and that have at leastReader
level access to the cluster containing the Service.