VOOZH about

URL: https://www.javacodegeeks.com/2021/09/kubernetes-pod-as-a-bastion-host.html

⇱ Kubernetes pod as a Bastion Host - Java Code Geeks

In Cloud Native apps private networks, databases and services are a reality.

An infrastructure can be fully private and only a limited number of entry points can be available.

Obviously the more restricted the better.

Still there are cases where there has not been any infrastructure setup for the private services and ways to link towards them. however if there is access through Kubernetes, HAProxy can help.

HAProxy can accept a configuration file. Uploading that file as a configmap and then mount the configmap to a Kubernetes pod will be easy. Then the HAProxy Kubernetes pod will be able to spin up using that configuration and thus establish a proxy connection.

Let’s start with the ha-proxy configuration. The target would be a MySQL database with a private IP.

apiVersion: v1
data:
 haproxy.cfg: |-
 global
 defaults
 timeout client 30s
 timeout server 30s
 timeout connect 30s

 frontend frontend
 bind 0.0.0.0:3306
 default_backend backend

 backend backend
 mode tcp
 server upstream 10.0.1.7:3306
kind: ConfigMap
metadata:
 creationTimestamp: null
 name: mysql-haproxy-port-forward

On the upstream we just add the ip and the port of the db, on the frontend we specify the local port and address we shall use.

By doing the above we have a way to mount the config file to our Kubernetes pod.

Now let’s create the pod

apiVersion: v1
kind: Pod
metadata:
 creationTimestamp: null
 labels:
 run: mysql-forward-pod
 name: mysql-forward-pod
spec:
 containers:
 - command:
 - haproxy
 - -f
 - /usr/local/etc/haproxy/haproxy.cfg
 - -V
 image: haproxy:1.7-alpine
 name: mysql-forward-pod
 resources: {}
 volumeMounts:
 - mountPath: /usr/local/etc/haproxy/
 name: mysql-haproxy-port-forward
 dnsPolicy: ClusterFirst
 restartPolicy: Always
 volumes:
 - name: mysql-haproxy-port-forward
 configMap:
 name: mysql-haproxy-port-forward
status: {}

On the volume section we set the configmap as a volume. On the container section we mount the configmap to a path thus having access to the file.
We use a HAProxy image, and we provide the command to start HAProxy using the file we mounted before.

To test that it works, use a kubectl session that has port-forward permissions and do

kubectl port-forward mysql-forward-pod 3306:3306

You shall be able to access mysql from your localhost.

Published on Java Code Geeks with permission by Emmanouil Gkatziouras, partner at our JCG program. See the original article here: Kubernetes pod as a Bastion Host

Opinions expressed by Java Code Geeks contributors are their own.

Do you want to know how to develop your skillset to become a Java Rockstar?
Subscribe to our newsletter to start Rocking right now!
To get you started we give you our best selling eBooks for FREE!
1. JPA Mini Book
2. JVM Troubleshooting Guide
3. JUnit Tutorial for Unit Testing
4. Java Annotations Tutorial
5. Java Interview Questions
6. Spring Interview Questions
7. Android UI Design
and many more ....
I agree to the Terms and Privacy Policy

Thank you!

We will contact you soon.

πŸ‘ Photo of Emmanouil Gkatziouras
 Emmanouil GkatziourasSeptember 22nd, 2021Last Updated: September 17th, 2021
0 266 1 minute read

Emmanouil Gkatziouras

He is a versatile software engineer with experience in a wide variety of applications/services.He is enthusiastic about new projects, embracing new technologies, and getting to know people in the field of software.

Related Articles

Subscribe

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Back to top button
Close
wpDiscuz