Skip to content
/ forward Public

Forward: port-forward to private endpoints the kubernetes way

License

View license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kainlite/forward

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
api
api
 
 
config
config
 
 
controllers
controllers
 
 
hack
hack
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PROJECT
PROJECT
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Forward Operator

pipeline status coverage report

This project aims to ease and do two things, connect to private resources safely and being simple enough like any other kubernetes resource, it relies in socat to do so (maybe at some point it will not), basically it will spin up a pod with socat and some given params to create the connection for you, at this time only the port-fordward method has been written for tcp and udp (udp needs more testing), tested and works. It uses the same port for the Pod that the remote connection uses.

There is a blog page describing how to get here, check it out.

Also if you are interested how I got the idea to make this operator check this github issue.

Installation

To install this operator in your cluster you need to do the following:

make deploy IMG=kainlite/forward:0.0.2

Why forward

I think this is probably the easiest way to adopt such a thing, and to put something like this into kubernetes itself sounds hard, and some people could resist, so I'm just trying to have an alternative but native to kubernetes, hence an operator.

Security

Of course, this can make secure things insecure by exposing them, so use at your own risk and be aware of what you expose, how, and where...

Use cases

Basically this should ease the life of a developer trying to reach a DB in a private subnet, or connect securely to a production endpoint to debug something, you name it, it only fills the gap that port-forward currently has.

Option one:

Doing it manually without the controller, naked socat example:

kubectl run --restart=Never --image=alpine/socat TEMP_POD_NAME -- -d -d tcp-listen:PORT,fork,reuseaddr tcp-connect:HOSTNAME:PORT
kubectl port-forward pod/TEMP_POD_NAME LOCAL_PORT:PORT

Doing it with the operator, example resource:

apiVersion: forward.techsquad.rocks/v1beta1
kind: Forward
metadata:
  name: mapsample
  namespace: default
spec:
  host: 10.244.0.8
  port: 8000
  protocol: tcp
  liveness_probe: true

Then just do the port-forward:

kubectl port-forward pod/forward-privatedb-a LOCAL_PORT:PORT

It might be overkill to have a controller to wrap this, but it's the kubernetes way.

How to get here

You don't need to do this:

# Create the project and also an API
kubebuilder init --domain techsquad.rocks
kubebuilder create api --group forward --version v1beta1 --kind Map
# Install the CRD and run the Controller to test
make install
make run
# Build the docker image, push it to the registry and deploy it
make docker-build docker-push IMG=kainlite/forward:0.0.2
make deploy IMG=kainlite/forward:0.0.2
# Uninstall the whole thing from the cluster
make uninstall

Manually testing, in one terminal, you will need to create a resource like the one from the example but with the alpine pod ip as host:

kubectl run -it --rm --restart=Never alpine --image=alpine sh
nc -l -p 8000

In another terminal:

kubectl port-forward forward-mapsample-pod 8000:8000
nc localhost 8000

Then type something and hit enter, it should show up in the first nc.

Buy Me A Coffee

About

Forward: port-forward to private endpoints the kubernetes way

Resources

Readme

License

View license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 2

v0.0.2 Latest
Jan 19, 2020
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages