Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A proxy subcommand for exposing dev env processes as Skupper network services #11

Open
ssorj opened this issue Sep 13, 2019 · 7 comments
Open

Comments

@ssorj
Copy link

@ssorj ssorj commented Sep 13, 2019

(or developer-proxy, or proxy, or "portal", ...)

A sketch:

skupper local-proxy <secret> <service-name>:<service-port>:<local-port>...

In my developer environment (not in a cluster):

$ skupper local-proxy ~/secret.yaml hw-backend:8080:8081
$ export BACKEND_SERVICE_HOST=localhost
$ export BACKEND_SERVICE_PORT=8081
$ python3 hw-frontend.py 8082 &
$ curl http://localhost:8082/
The backend says 'hello!'

@grs

This comment has been minimized.

Copy link
Collaborator

@grs grs commented Sep 13, 2019

kubectl port-forward does this already

A more interesting case would be running the frontend in the cluster, but have it use a backend in dev environment outside the cluster

@ssorj

This comment has been minimized.

Copy link
Author

@ssorj ssorj commented Sep 13, 2019

Cool. I didn't know about kc port-forward.

So, in the case you're talking about, Skupper would take a locally running process, proxy it, and represent it as a service inside the cluster, right? Trying this out again:

skupper local-process-as-service <secret> <service-name> <local-port>:<remote-port>

# I have hw-frontend running in my cluster
$ skupper local-process-as-service ~/secret.yaml hw-backend 8081:8080
$ python3 hw-backend.py 8081 &
$ curl <hw-frontend-service-url>
The backend says 'hello!'

@grs

This comment has been minimized.

Copy link
Collaborator

@grs grs commented Sep 13, 2019

Perhaps:

skupper proxy hw-backend localhost:8081
@ssorj

This comment has been minimized.

Copy link
Author

@ssorj ssorj commented Sep 13, 2019

That looks very nice. Do you not need the connection-token because you have the all the connection details you need via the current context?

@grs

This comment has been minimized.

Copy link
Collaborator

@grs grs commented Sep 13, 2019

Yes, you have direct access to the messaging secret.

@ssorj ssorj changed the title A local-proxy subcommand for developer use A proxy subcommand for exposing dev env processes as Skupper network services Sep 13, 2019
@valdar

This comment has been minimized.

Copy link

@valdar valdar commented Oct 28, 2019

A the moment this can be obtained through a number of manual steps. Suppose we have a simple echo service running locally on our machine on port 2000:

ncat -l 2000 --keep-open --exec "/bin/cat"

and we want to use that in our remote k8s cluster to which we are currently logged in with kubewctl or oc:

  • init skupper:
skupper init --id public
  • expose amqp router ouside the cluster:
oc apply -f - << EOF
kind: Route
apiVersion: route.openshift.io/v1
metadata:
  name: skupper-messaging
spec:
  to:
    kind: Service
    name: skupper-messaging
    weight: 100
  port:
    targetPort: amqps
  tls:
    termination: passthrough
    insecureEdgeTerminationPolicy: None
  wildcardPolicy: None
EOF 
  • create a dummy service to connect our echo service:
oc apply -f - << EOF
kind: Service
apiVersion: v1
metadata:
  name: echo
  annotations:
    skupper.io/proxy: tcp
spec:
  ports:
    - protocol: TCP
      port: 2000
      targetPort: 2000
  selector:
    dummy: selector
EOF
  • clone skupper/proxy project:
git clone git@github.com:skupperproject/skupper-proxy.git
  • cd in bin directory:
cd skupper-proxy/bin
  • extract secretes to mutually TSL connect from our machine to amqp skupper broker in the public lcuster:
oc extract secret/skupper
  • modify connection.json as:
{
    "scheme": "amqps",
    "host": "you host: see next command",
    "port": "443",
    "verify": false,
    "tls": {
        "ca": "ca.crt",
        "cert": "tls.crt",
        "key": "tls.key",
        "verify": false
    }
}

the host can be obtained by:

oc get route skupper-messaging -o=jsonpath='{.spec.host}{"\n"}'
  • run simple.js (a simplified version of the skupper-proxy that can easily run outside a k8s cluster) to finally proxy our local echo service to the public cluster:
node ./simple.js 'amqp:echo=>tcp:2000'

after that, from a pod within the k8s cluster, should be possible to connecto to the echo server like:

nc echo 2000
@valdar

This comment has been minimized.

Copy link

@valdar valdar commented Oct 28, 2019

I think it is quite possible to bake all this manual work in a skupper sub-command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
You can’t perform that action at this time.