In another installment of stupid Kubernetes routing tricks I bring you the following problem: <\/p>\n\n\n\n
So I figured the thing to do is to just use Kubernetes as a reverse proxy to send traffic to Webflow. So that’s what I did. I broke this up into two different sections. First, let’s tackle the webflow issue. This will reverse proxy into our site: <\/p>\n\n\n\n
apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n annotations:\n kubernetes.io\/ingress.class: nginx\n kubernetes.io\/tls-acme: \"true\"\n nginx.ingress.kubernetes.io\/backend-protocol: HTTPS\n nginx.ingress.kubernetes.io\/configuration-snippet: |\n proxy_ssl_name www.example.com;\n proxy_ssl_server_name on;\n name: proxy-example-com\nspec:\n rules:\n - host: example.com\n http:\n paths:\n - backend:\n service:\n name: proxy-example-com\n port:\n number: 443\n path: \/\n pathType: Prefix\n tls:\n - hosts:\n - example.com\n secretName: proxy-example-com\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: proxy-example-com\nspec:\n type: ExternalName\n externalName: proxy-ssl-geo.webflow.com<\/code><\/pre>\n\n\n\nA few things: <\/p>\n\n\n\n
\n- We have to forward HTTPS and port 433. <\/li>\n\n\n\n
- The webflow recommendation is that you use the www subdomain as primary. <\/li>\n<\/ul>\n\n\n\n
Checking this out and modifying our routing to point to our ingress controller load balancer it redirects to our website. During my trial and error of this I’m sad to report I took down our corporate website for 5 minutes. <\/p>\n\n\n\n
Now we can create some other manifests for our .well-known site. We just create another ingress rule that is specific to the path<\/p>\n\n\n\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: example-com-config\ndata:\n com.tesla.3p.public-key.pem: |\n -----BEGIN PUBLIC KEY-----\n MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAED43wf2LN+adRW5Tv4KpwotH1g8S5\n Jj02Tzb+u\/lgktlEFWreI1gNCn3Ivi97ziVnYNfg5sEPfO1MNqv5BWrvvg==\n -----END PUBLIC KEY-----\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: example-com\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: example-com\n template:\n metadata:\n labels:\n app: example-com\n spec:\n containers:\n - name: nginx\n image: nginx:latest\n ports:\n - containerPort: 80\n volumeMounts:\n - name: example-com-volume\n mountPath: \/usr\/share\/nginx\/html\/.well-known\/appspecific\/\n volumes:\n - name: example-com-volume\n configMap:\n name: example-com-config\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: example-com\nspec:\n selector:\n app: example-com\n ports:\n - protocol: TCP\n port: 80\n targetPort: 80\n---\napiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n name: example-com-well-known\n annotations:\n cert-manager.io\/cluster-issuer: letsencrypt-prod\n kubernetes.io\/ingress.class: nginx\n kubernetes.io\/tls-acme: \"true\"\nspec:\n rules:\n - host: example.com\n http:\n paths:\n - path: \"\/.well-known\/appspecific\/\"\n pathType: ImplementationSpecific\n backend:\n service:\n name: example-com\n port:\n number: 80\n tls:\n - hosts:\n - example.com\n secretName: example-com-tls<\/code><\/pre>\n\n\n\nCool. Now this later part lets us host a .well-known\/appspecific\/com.tesla.3p.public-key.pem. This can be used for any other .well-known file that is needed to be hosted. <\/p>\n","protected":false},"excerpt":{"rendered":"
In another installment of stupid Kubernetes routing tricks I bring you the following problem: So I figured the thing to do is to just use Kubernetes as a reverse proxy to send traffic to Webflow. So that’s what I did. I broke this up into two different sections. First, let’s tackle the webflow issue. This…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[797],"tags":[798,888,1014],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3845"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3845"}],"version-history":[{"count":2,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3845\/revisions"}],"predecessor-version":[{"id":3848,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/3845\/revisions\/3848"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}