Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide easy debug network access to services #1863

Closed
jbeda opened this issue Oct 17, 2014 · 4 comments
Closed

Provide easy debug network access to services #1863

jbeda opened this issue Oct 17, 2014 · 4 comments

Comments

@jbeda
Copy link
Contributor

@jbeda jbeda commented Oct 17, 2014

Right now when you start a service it is available on the service IP port from within the kubernetes cluster. But hitting that service from the outside is really hard.

@lavalamp introduced an HTTP proxy through the master (api/v1beta1/proxy/services/servicename) but there will be times when a more direct access pattern is needed.

One solution is to claim a host port and look up what minion a pod landed on. That won't be stable if the minion gets rescheduled.

Another idea is to introduce an idea of a 'cluster debug port' and run a TCP proxy on perhaps the master that'll do TCP (and UDP?) forwarding to the service for that port.

@lavalamp
Copy link
Member

@lavalamp lavalamp commented Oct 17, 2014

I think the main issue with the master proxy is that it requires auth.

Basically we need some standard gateway providing utilities.

@bgrant0607
Copy link
Member

@bgrant0607 bgrant0607 commented Oct 21, 2014

Bastions are also touched upon in #1513 (ssh), at least for individual pods (as opposed to services).

@smarterclayton
Copy link
Contributor

@smarterclayton smarterclayton commented Oct 22, 2014

It would be nice to be able to combine external ips, a bastion (for some sort of auth), and a service for "just-in-time external port exposure". Or alternatively, be able to start an ssh proxy pod that can forward port traffic on demand inside a namespace, add an external ip/port for it, and generate a one time key for the user with that pod.

Seems like for debugging you want a secure external port, not just the gateway.

@smarterclayton
Copy link
Contributor

@smarterclayton smarterclayton commented Mar 22, 2015

#5763 is setting the stage for making this easily secured via the bastion.

@thockin thockin closed this Jul 9, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.