*-workspace-user.USER.pair.sharing.io ingress route from mgmt cluster to created cluster

sharingio / coder

Remote development environments on your infrastructure provisioned with Terraform

https://coder.com

GNU Affero General Public License v3.0

0 stars 1 forks source link

*-workspace-user.USER.pair.sharing.io ingress route from mgmt cluster to created cluster #12

Closed hh closed 1 year ago

hh commented 1 year ago

Outcluster using *.USER.pair.sharing.io

Kubevirt clusters should have a *-workspace-user.USER.pair.sharing.io ingress route from outer cluster to inner. The inner cluster can be plain http for now.

hh commented 1 year ago

Should be able to route to kuberenetes api as well.

hh commented 1 year ago

From https://hackmd.io/MYsKUFclTCyU57UU-zKlVQ?both#SSL-ingress

BobyMCbobs commented 1 year ago

Giving a go and basic exposing of services out of the Kubevirt VM by using NodePorts. According to the docs, it appears that services running on ports on the VM can be exposed through Kubernetes services. I figure that a chain of code-server container listening process -> NodePort on VM -> Service on management cluster -> Ingress on management cluster

There is a service defined like this active

apiVersion: v1
kind: Service
metadata:
  name: nc-nodeport
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: nodeport
    nodePort: 31000 # 30000-32767
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: code-server
  type: NodePort

and it is accessible in the code-server container on 8080.

But running into this right now, where a process is showing as listening with ss but not via nc

I'm running nc -l 8080 in the coder-server container and a NodePort service going from 8080 to 31000

BobyMCbobs commented 1 year ago

Using while true; do nc -l 8080; done instead and it is working! Forgot the behaviour of nc.

BobyMCbobs commented 1 year ago

I've figured out how to link processes running processes running inside a pod in the cluster to be accessible on the host cluster, via multiple services.

I'm unsure what specifically is meant to be routed. Is it meant to be processes? or what?

BobyMCbobs commented 1 year ago

If it's meant to be processes, we'll need a web components

a process running in the same PID namespace as the pairing container, exporting ports and processes (environment-exporter)
a controller to create NodePort services, inside the Kubevirt cluster, including a label (something new)
a controller on the management cluster, creating Services which are pointed to the Pod where the Kubevirt machine VM is running and an Ingress pointing to that service configured with TLS (kinda like environment-exposer, but with modifications)

BobyMCbobs commented 1 year ago

Considering that Coder supports port exposing, is such an truly implementation necessary?

github-actions[bot] commented 1 year ago

This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity.