[New post] Kubernetes pod as a Bastion Host

Emmanouil Gkatziouras posted: "In Cloud Native apps private networks, databases and services are a reality. An infrastructure can be fully private and only a limited number of entry points can be available. Obviously the more restricted the better. Still there are cases where " Respond to this post by replying above this line New post on Emmanouil Gkatziouras Kubernetes pod as a Bastion Host by Emmanouil Gkatziouras In Cloud Native apps private networks, databases and services are a reality. An infrastructure can be fully private and only a limited number of entry points can be available. Obviously the more restricted the better. Still there are cases where there has not been any infrastructure setup for the private services and ways to link towards them. however if there is access through Kubernetes, HAProxy can help. HAProxy can accept a configuration file. Uploading that file as a configmap and then mount the configmap to a Kubernetes pod will be easy. Then the HAProxy Kubernetes pod will be able to spin up using that configuration and thus establish a proxy connection. Let's start with the ha-proxy configuration. The target would be a MySQL database with a private IP. apiVersion: v1 data: haproxy.cfg: |- global defaults timeout client 30s timeout server 30s timeout connect 30s frontend frontend bind 0.0.0.0:3306 default_backend backend backend backend mode tcp server upstream 10.0.1.7:3306 kind: ConfigMap metadata: creationTimestamp: null name: mysql-haproxy-port-forward On the upstream we just add the ip and the port of the db, on the frontend we specify the local port and address we shall use. By doing the above we have a way to mount the config file to our Kubernetes pod. Now let's create the pod apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: mysql-forward-pod name: mysql-forward-pod spec: containers: - command: - haproxy - -f - /usr/local/etc/haproxy/haproxy.cfg - -V image: haproxy:1.7-alpine name: mysql-forward-pod resources: {} volumeMounts: - mountPath: /usr/local/etc/haproxy/ name: mysql-haproxy-port-forward dnsPolicy: ClusterFirst restartPolicy: Always volumes: - name: mysql-haproxy-port-forward configMap: name: mysql-haproxy-port-forward status: {} On the volume section we set the configmap as a volume. On the container section we mount the configmap to a path thus having access to the file. We use a HAProxy image, and we provide the command to start HAProxy using the file we mounted before. To test that it works, use a kubectl session that has port-forward permissions and do kubectl port-forward mysql-forward-pod 3306:3306 You shall be able to access mysql from your localhost. This post is ad-supported ​ Emmanouil Gkatziouras | September 16, 2021 at 7:12 am | Categories: docker, Kubernetes | URL: https://wp.me/p1EE3y-VV Comment    See all comments    Like Unsubscribe to no longer receive posts from Emmanouil Gkatziouras. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://egkatzioura.com/2021/09/16/kubernetes-pod-as-a-bastion-host/ Thanks for flying with WordPress.com