This project aims to ease and do two things, connect to private resources safely and being simple enough like any other kubernetes resource, it relies in socat to do so (maybe at some point it will not), basically it will spin up a pod with socat and some given params to create the connection for you, at this time only the port-fordward method has been written for tcp and udp (udp needs more testing), tested and works. It uses the same port for the Pod that the remote connection uses.
There is a blog page describing how to get here, check it out.
Also if you are interested how I got the idea to make this operator check this github issue.
To install this operator in your cluster you need to do the following:
make deploy IMG=kainlite/forward:0.0.2
I think this is probably the easiest way to adopt such a thing, and to put something like this into kubernetes itself sounds hard, and some people could resist, so I'm just trying to have an alternative but native to kubernetes, hence an operator.
Of course, this can make secure things insecure by exposing them, so use at your own risk and be aware of what you expose, how, and where...
Basically this should ease the life of a developer trying to reach a DB in a private subnet, or connect securely to a production endpoint to debug something, you name it, it only fills the gap that port-forward currently has.
Doing it manually without the controller, naked socat example:
kubectl run --restart=Never --image=alpine/socat TEMP_POD_NAME -- -d -d tcp-listen:PORT,fork,reuseaddr tcp-connect:HOSTNAME:PORT kubectl port-forward pod/TEMP_POD_NAME LOCAL_PORT:PORT
Doing it with the operator, example resource:
apiVersion: forward.techsquad.rocks/v1beta1 kind: Forward metadata: name: mapsample namespace: default spec: host: 10.244.0.8 port: 8000 protocol: tcp liveness_probe: true
Then just do the port-forward:
kubectl port-forward pod/forward-privatedb-a LOCAL_PORT:PORT
It might be overkill to have a controller to wrap this, but it's the kubernetes way.
How to get here
You don't need to do this:
# Create the project and also an API kubebuilder init --domain techsquad.rocks kubebuilder create api --group forward --version v1beta1 --kind Map # Install the CRD and run the Controller to test make install make run # Build the docker image, push it to the registry and deploy it make docker-build docker-push IMG=kainlite/forward:0.0.2 make deploy IMG=kainlite/forward:0.0.2 # Uninstall the whole thing from the cluster make uninstall
Manually testing, in one terminal, you will need to create a resource like the one from the example but with the alpine pod ip as host:
kubectl run -it --rm --restart=Never alpine --image=alpine sh nc -l -p 8000
In another terminal:
kubectl port-forward forward-mapsample-pod 8000:8000 nc localhost 8000
Then type something and hit enter, it should show up in the first nc.