Minikube: access private services using proxy/vpn

4/22/2018

I've installed minikube to learn kubernetes a bit better. I've deployed some apps and services which have ip's in a range of 10.x.x.x (private ip). I can expose my services on minikube and visit them in my browser. But I want to use the private IP's and not exposing it.

How can I visit (vpn/proxy wize) private ip's of services in minikube?

-- DenCowboy
kubernetes
minikube

1 Answer

4/24/2018

Minikube is Kubernetes with only one node and master server running on this node. It provides the possibility to learn how it works with minimum hardware required. It's ideal for testing purposes and seamless running on a laptop. Minikube is still software with mature network stack from Kubernetes. This means that ports are exposed to services and virtually services are communicating with pods.

To understand what is communicating, let me explain what ClusterIP does - it exposes the service on an internal IP in the cluster. This type makes service only reachable from within the cluster.

Cluster IP you can get by the command:

kubectl get services test_service

So, after you create a new service, you like to establish connections to ClusterAPI.

Basically, there are three ways to connect to backend resource:

1/ use kube-proxy - this proxy reflects services as defined in the Kubernetes API and simple stream TCP and UDP to backend or set of them in advanced configuration. Service cluster IPs and ports are currently found through Docker compatible environment variables specifying ports opened by the service proxy. There is an optional addon that provides cluster DNS for these cluster IPs. The user must create a service with the apiserver API to configure the proxy.

Example shows how can we use nodeselectors to define connection to port 5000 on ClusterIP - config.yaml may consist of:

kind: Service 
apiVersion: v1
metadata:
  name: jenkins-discovery
  namespace: ci spec:
type: ClusterIP
selector: 
  app: master 
  ports: 
  - protocol: TCP
   port: 50000
  targetPort: 50000

   name: slaves

2/ use port forwarding to access application - first check if kubectl command-line tool to communicate with your minikube cluster works, then if true find service port from ClusterIP configuration.

kubectl get svc | grep test_service

Let assume service test_service works on port 5555 so to do port forwarding run the command:

kubectl port-forward pods/test_service 5555:5555

After that, you service will be available on the localhost:5555

3/ If you are familiar with the concept of pods networking you cat declare public ports in the pod’s manifest file. A user can connect to pods network defining manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 8080

When the container is starting with manifest file like above host port TCP port 8080 will be forwarded to pod port 8080.

Please keep in the mind that ClusterIP is the use of a lot of services regarding to proper works of the cluster. I think it is not good practice to deal with ClusterIP as a regular network service - on worst scenario, it breaks a cluster soon, by invalid internal network state of connections.

-- d0bry
Source: StackOverflow