1. Answers
  2. Enabling CORS for specific Kubernetes services

How do I enable CORS for specific Kubernetes services?

To enable Cross-Origin Resource Sharing (CORS) for specific Kubernetes services, you can use Kubernetes Ingress resources to configure the necessary headers. Ingress resources allow you to manage external access to your services, typically HTTP.

Here’s a step-by-step guide to achieve this:

  1. Create an Ingress resource: This will route traffic to your service and allow you to configure the necessary CORS headers.
  2. Add annotations to the Ingress resource: These annotations will configure the NGINX Ingress controller to add the required CORS headers.

Below is a Pulumi program written in TypeScript that demonstrates how to set up an Ingress resource with CORS enabled for a specific service.

Detailed Explanation

  1. Import Pulumi and Kubernetes libraries: We need the Pulumi library to define our infrastructure as code and the Kubernetes provider to create Kubernetes resources.
  2. Create a Kubernetes namespace: This is optional but recommended to organize your resources.
  3. Define a Kubernetes Service: This service will expose your application within the cluster.
  4. Create an Ingress resource: This will handle external HTTP traffic and apply the CORS configuration.

Code Implementation

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a namespace
const ns = new k8s.core.v1.Namespace("cors-example-namespace", {
    metadata: {
        name: "cors-example"
    }
});

// Create a Kubernetes Service
const appLabels = { app: "cors-app" };
const service = new k8s.core.v1.Service("cors-service", {
    metadata: {
        namespace: ns.metadata.name,
        name: "cors-service",
    },
    spec: {
        selector: appLabels,
        ports: [{ port: 80, targetPort: 8080 }]
    }
});

// Create an Ingress resource with CORS enabled
const ingress = new k8s.networking.v1.Ingress("cors-ingress", {
    metadata: {
        namespace: ns.metadata.name,
        name: "cors-ingress",
        annotations: {
            "nginx.ingress.kubernetes.io/enable-cors": "true",
            "nginx.ingress.kubernetes.io/cors-allow-origin": "*",  // You can specify specific origins here
            "nginx.ingress.kubernetes.io/cors-allow-methods": "PUT, GET, POST, OPTIONS",
            "nginx.ingress.kubernetes.io/cors-allow-headers": "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range",
            "nginx.ingress.kubernetes.io/cors-expose-headers": "Content-Length,Content-Range"
        }
    },
    spec: {
        rules: [{
            http: {
                paths: [{
                    path: "/",
                    pathType: "Prefix",
                    backend: {
                        service: {
                            name: service.metadata.name,
                            port: {
                                number: 80
                            }
                        }
                    }
                }]
            }
        }]
    }
});

// Export the Ingress URL
export const ingressUrl = ingress.status.loadBalancer.ingress[0].hostname;

Explanation of the Code

  • Namespace: We created a namespace cors-example to organize our resources.
  • Service: A service named cors-service is created to expose our application on port 80.
  • Ingress: An Ingress resource named cors-ingress is created with annotations that enable CORS. The annotations configure the NGINX Ingress controller to add CORS headers to the responses.
    • nginx.ingress.kubernetes.io/enable-cors: Enables CORS.
    • nginx.ingress.kubernetes.io/cors-allow-origin: Specifies which origins are allowed. Here, * allows all origins.
    • nginx.ingress.kubernetes.io/cors-allow-methods: Specifies allowed HTTP methods.
    • nginx.ingress.kubernetes.io/cors-allow-headers: Specifies allowed HTTP headers.
    • nginx.ingress.kubernetes.io/cors-expose-headers: Specifies which headers can be exposed to the browser.

This setup ensures that your Kubernetes service can handle CORS requests from specified origins, methods, and headers. Adjust the annotations as needed to fit your specific requirements.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up