Skip to content
Permalink
Browse files

Add inlets server example

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
  • Loading branch information...
alexellis committed Aug 6, 2019
1 parent ce9ebe7 commit 9c1d3a3984134174c78350b5140e8653225b7039
Showing with 82 additions and 5 deletions.
  1. +82 −5 README.md
@@ -287,7 +287,7 @@ Exit-node:
while [ true ] ; do sleep 5 && inlets server --upstream=http://192.168.0.28:8080 ; done
```

### Kubernetes application development
### Docker & Kubernetes application development

Docker images are published for `x86_64` and `armhf`

@@ -296,7 +296,9 @@ Docker images are published for `x86_64` and `armhf`

#### Run as a deployment on Kubernetes

You can even run `inlets` within your Kubernetes in Docker (kind) cluster to get ingress (incoming network) for your services such as the OpenFaaS gateway:
You can run the client inside Kubernetes to expose your local services to the Internet, or another network.

Here's an example showing how to get ingress into your cluster for your OpenFaaS gateway and for Prometheus:

```yaml
apiVersion: apps/v1beta1
@@ -312,12 +314,12 @@ spec:
spec:
containers:
- name: inlets
image: alexellis2/inlets:2.0.3
image: alexellis2/inlets:2.2.0
imagePullPolicy: Always
command: ["inlets"]
args:
- "client"
- "--upstream=http://gateway.openfaas:8080,http://endpoint.openfaas:9090"
- "--upstream=http://gateway.openfaas:8080,http://prometheus.openfaas:9090"
- "--remote=your-public-ip"
```

@@ -327,6 +329,8 @@ Alternatively, see the unofficial helm chart from the community: [inlets-helm](h

#### Use authentication from a Kubernetes secret

In production, you should always use a secret to protect your exit-node. You will need a way of passing that to your server and inlets allows you to read a Kubernetes secret.

* Create a random secret

```
@@ -382,9 +386,82 @@ $ kubectl delete deploy/inlets
$ kubectl delete secret/inlets-token
```

#### Use your Kubernetes cluster as an exit-node

You can use a Kubernetes cluster which has public IP addresses, an IngressController, or a LoadBalancer to run one or more exit-nodes.

* Create a random secret

```
$ kubectl create secret generic inlets-token --from-literal token=$(head -c 16 /dev/urandom | shasum | cut -d" " -f1)
secret/inlets-token created
```

* Or create a secret with the value from your remote server

```
$ export TOKEN=""
$ kubectl create secret generic inlets-token --from-literal token=${TOKEN}
secret/inlets-token created
```

* Create a `Service`

```yaml
apiVersion: v1
kind: Service
metadata:
name: inlets
labels:
app: inlets
spec:
type: ClusterIP
ports:
- port: 8000
protocol: TCP
targetPort: 8000
selector:
app: inlets
```

* Create a `Deployment`:

```yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: inlets
spec:
replicas: 1
template:
metadata:
labels:
app: inlets
spec:
containers:
- name: inlets
image: alexellis2/inlets:2.2.0
imagePullPolicy: Always
command: ["inlets"]
args:
- "server"
- "--token-from=/var/inlets/token"
volumeMounts:
- name: inlets-token-volume
mountPath: /var/inlets/
volumes:
- name: inlets-token-volume
secret:
secretName: inlets-token
```

You can now create an `Ingress` record, or `LoadBalancer` to connect to your server.

#### Try inlets with KinD (Kubernetes in Docker)

Try this guide to expose services running in a [KinD cluster](https://github.com/kubernetes-sigs/kind): [Gist: inlets with KinD](https://gist.github.com/alexellis/c29dd9f1e1326618f723970185195963)
Try this guide to expose services running in a [KinD cluster](https://github.com/kubernetes-sigs/kind):

[Micro-tutorial inlets with KinD](https://gist.github.com/alexellis/c29dd9f1e1326618f723970185195963)

### Run on a VPS

0 comments on commit 9c1d3a3

Please sign in to comment.
You can’t perform that action at this time.