Using ingress-nginx on Kubernetes makes adding CORS headers painless. Kubernetes ingress-nginx uses annotations as a quick way to allow you to specify the automatic generation of an extensive list of common nginx configuration options.
Example ingress configuration enabling CORS:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: api
namespace: fuse
labels:
app: api
annotations:
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://admin.example.com"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
rules:
- host: api.example.com
http:
paths:
- backend:
serviceName: api-example
servicePort: 80
path: /api
tls:
- hosts:
- api.example.com
secretName: example-tls
You can check the nginx configuration file generated by Kubernetes ingress-nginx on any of the ingress controller pods.
If you set up the standard Kubernetes ingress-nginx on your cluster, you should have one or more controller pods running in the ingress-nginx namespace.
kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
default-http-backend-5c6d95c48-xvs55 1/1 Running 0 26d
nginx-ingress-controller-f5676dc7-5ks6q 1/1 Running 0 26d
nginx-ingress-controller-f5676dc7-cjl6l 1/1 Running 0 26d
nginx-ingress-controller-f5676dc7-kthxn 1/1 Running 0 26d
nginx-ingress-controller-f5676dc7-rvhbv 1/1 Running 0 26d
Pick a controller and cat the nginx configuration:
# pipe the config to less or your favorite text reader
kubectl exec -n ingress-nginx \
nginx-ingress-controller-f5676dc7-kthxn \
cat /etc/nginx/nginx.conf | less
You can see that ingress-nginx created some header directives for nginx:
...
more_set_headers 'Access-Control-Allow-Credentials: true';
...
About CORS
CORS, or Cross-origin resource sharing consists of a few HTTP response headers intended to let a web browser know if it’s ok to POST data to a specific endpoint. Before a web browser lets Javascript issue a POST to a URL, then performs a “preflight” request. A preflight request is merely a request to the server with the same URL using the method OPTIONS rather than POST. The web browser checks the HTTP headers for CORS related headers to determine if POSTing data on behalf of the user is ok.
Advanced Platform Development with Kubernetes
What You'll Learn
- Build data pipelines with MQTT, NiFi, Logstash, MinIO, Hive, Presto, Kafka and Elasticsearch
- Leverage Serverless ETL with OpenFaaS
- Explore Blockchain networking with Ethereum
- Support a multi-tenant Data Science platform with JupyterHub, MLflow and Seldon Core
- Build a Multi-cloud, Hybrid cluster, securely bridging on-premise and cloud-based Kubernetes nodes
Port Forwarding / Local Development
Check out kubefwd for a simple command line utility that bulk forwards services of one or more namespaces to your local workstation.
Resources
If you found this article useful, you may want to check out all my articles on Kubernetes, used to build on the Production Hobby Cluster. PHC an excellent environment for developing and testing cloud-native microservices like txToken. While using Minikube or similar environments for testing and developing cloud-native microservices, I find it a much better experience to use a more true-to-production cluster like PHC.
If in a few days you find yourself setting up a Production Hobby Cluster in Japan or Germany on Linode, and another two in Australia and France on vultr, then you may have just joined the PHC (Performance Hobby Clusters) club. Some people tinker late at night on their truck, we benchmark and test the resilience of node failures on our overseas, budget kubernetes clusters. It’s all about going big, on the cheap.
This blog post, titled: "CORS on Kubernetes Ingress Nginx: Painless CORS header configuration in Kubernetes" by Craig Johnston, is licensed under a Creative Commons Attribution 4.0 International License.
SUPPORT
Order my new Kubernetes book: Advanced Platform Development with Kubernetes: Enabling Data Management, the Internet of Things, Blockchain, and Machine Learning