Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Provide easy debug network access to services #1863
Right now when you start a service it is available on the service IP port from within the kubernetes cluster. But hitting that service from the outside is really hard.
@lavalamp introduced an HTTP proxy through the master (
One solution is to claim a host port and look up what minion a pod landed on. That won't be stable if the minion gets rescheduled.
Another idea is to introduce an idea of a 'cluster debug port' and run a TCP proxy on perhaps the master that'll do TCP (and UDP?) forwarding to the service for that port.
It would be nice to be able to combine external ips, a bastion (for some sort of auth), and a service for "just-in-time external port exposure". Or alternatively, be able to start an ssh proxy pod that can forward port traffic on demand inside a namespace, add an external ip/port for it, and generate a one time key for the user with that pod.
Seems like for debugging you want a secure external port, not just the gateway.