In this example we are going to design an architecture where Kubernetes Nginx Ingress controller and internal Nginx proxy work together to divert traffic to relevant service/pods. This is handled by reading the domain at Ingress level first then reading the rest of the URL at internal Nginx proxy level. The reason why we are not doing everything at Ingress level is because it would have limitations like background calls, manipulating headers so on.

We are accepting HTTPS request from outside and use HTTP for internal communications. Ingress is responsible for SSL termination. See whole workflow below. A small note for the design below; you would normally put an additional proxy between the client and Ingress in order to prevent your Kubernetes cluster from being exposed to outside completely, but it is out of context at this stage.

#kubernetes #nginx