search

Skatteetaten / vagrant-hashistack

Vagrant box with the complete hashistack. Use for demo and development.
Apache License 2.0
25 stars 9 forks source link

Expose internal services to host #464

Closed oschistad closed 3 years ago

oschistad commented 3 years ago

Feature description

Add some mechanism for exposing Consul Connect services outside of Vagrant environment

Why is it needed?

When developing modules that create online services you sometimes need to access that service, or a user interface in the application hosting the service, from the developers interactive environment.

Suggestion(s)/solution(s) [Optional]

To expose connect-enabled services you have two separate challenges:

  1. Mesh / ingress gateway to the enclosed service. Can be solved using the commandline consul proxy functionality
  2. Exposing a TCP port to the host OS where vagrant runs. May require IP Tables forwarding rules because of the separate isolated network used for Docker containers.

Definition of done

A developer can by reading some documentation and making some simple configurations get access to one or more interfaces hosted as containerized nomad jobs from their laptop browser or API client.

Checklist (after created issue)

pdmthorsrud commented 3 years ago

We have created a barebones structure for exposing a running consul connect enabled service to our local machine https://github.com/fredrikhgrelland/terraform-nomad-minio/blob/master/Makefile#L77-L79

This would expose the service registered as minio in consul on port 9000 on localhost of the machine running vagrant.

I haven't read your issue deeply just yet (in a meeting), but from my initial understanding this would cover

"get access to one or more interfaces hosted as containerized nomad jobs from their laptop browser or API client"

oschistad commented 3 years ago

We have created a barebones structure for exposing a running consul connect enabled to our local machine https://github.com/fredrikhgrelland/terraform-nomad-minio/blob/master/Makefile#L77-L79

This would expose the service registered as minio in consul on port 9000 on localhost of the machine running vagrant.

I haven't read your issue deeply just yet (in a meeting), but from my initial understanding this would cover

"get access to one or more interfaces hosted as containerized nomad jobs from their laptop browser or API client"

Thank you, I will test and update.

oschistad commented 3 years ago

A quick test and it turns out that a local consul proxy can reach the service inside vagrant. I did not think this network was accessible externally, but it is and so this works. This is a good solution for now so I'll close the issue. Thank you!

pdmthorsrud commented 3 years ago

A quick test and it turns out that a local consul proxy can reach the service inside vagrant. I did not think this network was accessible externally, but it is and so this works. This is a good solution for now so I'll close the issue. Thank you!

Sweet, good to hear!

I realised we have no good documentation for this (other than in our already created modules), so I have created an issue in vagrant-hashistack-template to add a section on this in the doc.