I need to connect a service running in a local container inside Docker on my machine to a database that's running on a Kubernetes cluster.
Everything I found on port forwarding allowed me to connect my machine to the cluster, but not the local container to the cluster (unless I install kubectl on my container, which I cannot do).
Is there a way to do this?
https://www.telepresence.io/ is what you're looking for. It will hook into the cluster network like a VPN and patch the services so traffic will get routed through the tunnel.
Related
I've setup a kubernetes cluster in my network and a postgres database in same network. I am able to connect my java app to my postgres database if I run it over in a container or a VM. But some how when I deploy the same app in Kubernetes it is not able to connect to my database.
All my services are in my private network and my cluster is a bare metal setup in my home lab using calico network.
I also tried ping my database ip from a busybox pod but that also fails.
Im trying to create multiple docker containers to deploy on a VM where each container has its own proxy ip. But when i run the system the containers take the ip for the VM and not the assinged proxy ip. How do i make the containers pick up the proxy ip?
I have a Kubernetes cluster which doesn't need to expose ports to the public. I am installing monitoring and logging (Prometheus & Loki or Elastic) for in house use and would like to use their GUI. I could provision https ingress and limit IP access but port forwarding seems to work.
How Does port forwarding work, under the hood?
Is port forwarding as secure as my kubectl connection?
Is the connection as fast as an ingress load balancer based HTTPs connection?
In Kubernetes documentation you can find information that port-forward command allows you to access and interact with internal Kubernetes cluster processes from your localhost. Also it's one of the best tools to debugging.
Forward one or more local ports to a pod. This command requires the node to have 'socat' installed.
Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.
If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and rerun of the command is needed to resume forwarding.
1. How Does port forwarding work, under the hood?
This information can be found in How Does Kubernetes Port Forwarding Work? article.
The whole process is simplified by the fact that kubectl already has a built-in port forwarding functionality.
A user interacts with Kubernetes using the kubectl command-line on their local machine.
The port-forward command specifies the cluster resource name and defines the port number to port-forward to.
As a result, the Kubernetes API server establishes a single HTTP connection between your localhost and the resource running on your cluster.
The user is now able to engage that specific pod directly, either to diagnose an issue or debug if necessary.
Port forwarding is a work-intensive method. However, in some cases, it is the only way to access internal cluster resources.
2. Is port forwarding as secure as my kubectl connection?
For this question, you can find answer in Is kubectl port-forward encrypted?. As pointed by #iomv
As far as I know when you port-forward the port of choice to your machine kubectl connects to one of the masters of your cluster so yes, normally communication is encrypted. How your master communicate to the pod though is dependent on how you set up internal comms.
or #neokyle
kubectl port-forward uses socat to make an encrypted TLS tunnel with port forwarding capabilities. The tunnel goes from you to the kube api-server to the pod so it may actually be 2 tunnels with the kube api-server acting as a pseudo router.
Kubecelt port-forward is encrypted.
3. Is the connection as fast as an ingress load balancer based HTTPs connection
As connection is inside the cluster, it should be faster than connection from outside the cluster to the cluster.
In addition, there was similar Stackoverflow thread about kubectl port-forward.
I have a requirement that the server that is running inside one of my container in a k8s cluster should be able to reach a server that is running in some other machine (currently its in AWS).Now the problem is that both the server (in AWS & Kubernetes Cluster) should be able to reach each other.
My server in AWS is not able to ping my Server running in Kubernetes Cluster.
Is that possible? Can we do it ?
Yes you can use ingress-nginx to create publicly reachable services ingress-nginx
If you want to do it manually you can setup load balancers that map to specific ip ranges for your nodes. This is for ssh traffic.
yes you can use ingress kubernetes object it will create publicly reachable services.
Mainly if you are using aws or digital-ocean and you will use ingress it will make load balancer (ELB or ALB) and make public service and you can access server running inside kubernetes
By manually also you can do it just simply use kubernetes service and expose it using load balancer and NODE port
https://kubernetes.io/docs/concepts/services-networking/service/
I have a Kubernetes cluster with 2 containers running in a single workload.
One container is running a Flask server application and the other is running an angular application. I need to have this pod set up in a way where both applications can communicate with each other within the localhost. I need the angular container which is exposed in port 4200 to communicate with the unexposed flask server which is on port 5000. I am stuck when it comes to having these containers communicate within the pod.
Rather than localhost (127.0.0.1), make sure your flask server is reachable via any local IP, that is, app.run(host='0.0.0.0').
You should be able to communicate with each other using localhost:<port-number> as all containers in a Kubernetes pod share the same network namespace.