Skip to content

Latest commit

 

History

History
138 lines (99 loc) · 5.17 KB

README.md

File metadata and controls

138 lines (99 loc) · 5.17 KB

Kubernetes Ingress Proxy

What?

This tool is intended to be used to ease development and debugging of applications deployed into local Kubernetes cluster which may make using Ingress challenging.

Why?

If you have a local Kubernetes cluster, and would like to test applications over ingress, you will likely need to modify your /etc/hosts file. In some cases, you may not have the permissions to do so. If using WSL, then even if you can modify your WSL /etc/hosts file, then you still cannot reach those hostnames from within, say, a web browser running on the host Windows OS.

There are three main use cases this tool is tailored for:

  1. You have a localhost cluster, but don't have access to your own /etc/hosts file, but still want to use an ingress controller
  2. You have a localhost cluster, have access to your /etc/hosts file, but are using so many ingresses that it would be a pain to add all of the entries by hand
  3. You need to access a service by its ingress hostname (such as an SSO provider), but those hostnames aren't backed by an external DNS server

In most cases, this tool is best suited for development and test environments.

As a byproduct of how this tool is implemented, you will also be able to access services by their <name>.<namespace>.svc.cluster.local-style hostnames.

How?

This tool operates as a pod within your local cluster, and scans all namespaces (or a subset) for Ingress resources. It maintains its own custom /etc/hosts files, and exposes an HTTP proxy. You can expose this tool on a NodePort-type Service, using a container hortPort, or just using kubectl port-forward and configure your system to use it as a proxy.

Getting Started

If you've got the ingress-nginx installed in the ingress-nginx namespace, install the proxy like this

helm repo add kube-ingress-proxy https://meln5674.github.io/kube-ingress-proxy
helm upgrade kube-ingress-proxy/kube-ingress-proxy \
    --install \
    --wait \
    --set controllerAddresses[0].className=nginx \
    --set controllerAddresses[0].address=ingress-nginx-controller.ingress-nginx.svc.cluster.local

Now if you've got the following ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: some-ingress
rules:
- host: some.internal.hostname
  # ...
tls:
- hosts:
  - some.internal.hostname
  # ...

You can access it like this

kubectl port-forward svc/k8s-ingress-proxy 8080:80 &
# Give it a second to start
sleep 5

http_proxy=http://localhost:8080 curl -v http://some.internal.hostname
# HTTPS also works
https_proxy=http://localhost:8080 curl -v https://some.internal.hostname

# Stop the port forward
kill %1

To set up a persistent port, you can install it like this

helm repo add https://meln5674.github.io/k8s-ingress-proxy
helm upgrade k8s-ingress-proxy/k8s-ingress-proxy \
    --install \
    --wait \
    --set controllerAddresses[0].className=nginx \
    --set controllerAddresses[0].address=ingress-nginx-controller.ingress-nginx.svc.cluster.local \
    --set hostPort.enabled \
    --set hostPort.port=8080 # Defaults to 8080

If using Kind, make sure to add an extra section as shown here to have this port exposed.

If using Chrome (or one of it's cousings such as Brave or Edge), go to this page to set http://localhost:<hostPort.port from above> as both the http and https proxy. For Firefox, go here and go to "Network Setttings: to set this.

After doing this, you'll be able to debug your services and ingresses straight in your browser, as well as utilize browser-based test frameworks such as Selenium or Karma. Just make sure to revert these settings once you're done.

Common Configuration

Namespaced access

If you do not have cluster-scoped access, install like so

helm upgrade k8s-ingress-proxy/k8s-ingress-proxy \
    --install \
    --wait \
    --set allNamespaces=false \
    --set namespaces[0]=<namespace 1> \
    --set namespaces[1]=<namespace 2> \
    # ...

Second Hop Proxy

If you need requests which leave the cluster (e.g. to the public internet) to themselves be proxied, install like so

helm upgrade k8s-ingress-proxy/k8s-ingress-proxy \
    --install \
    --wait \
    --set extraEnv[0].name=http_proxy \
    --set extraEnv[0].value=<second proxy url> \
    --set extraEnv[1].name=https_proxy \
    --set extraEnv[1].value=<second proxy url> \
    --set extraEnv[2].name=no_proxy \
    --set extraEnv[2].value=<exceptions, separated by comma>

Make sure to include your cluster domain (e.g. svc.cluster.local) in your list of exceptions

Out-of-Cluster

If you have write access to your /etc/hosts file, and your ingress controller(s) are exposed on localhost, you can run the tool natively.

For example, if your ingress-nginx-controller is accessible on localhost:80 and localhost:443

go build -o kube-ingress-proxy main.go

sudo ./kube-ingress-proxy proxy \
    --kubeconfig=~/.kube/config \
    --ingress-class-address nginx=localhost \
    --listen localhost:8080 &

http_proxy=http://localhost:8080 curl -v http://some.internal.hostname