What does fit in a low resources namespace? 3rd part. Inlets

Published in

K8Spin

4 min readAug 8, 2019

This is the third part of a series of stories that shows what kind of software could be deployed in a free tier namespace at K8Spin.cloud.

Inlets

Inlets combine a reverse proxy and WebSocket tunnels to expose your internal and development endpoints to the public Internet via an exit-node.

Similar tools such as ngrok or Argo Tunnel from Cloudflare are closed-source, have limited built-in and can work out expensive. ngrok is also often banned by corporate firewall policies meaning it can be unusable.

inlets is brought to you by Alex Ellis. Alex is a CNCF Ambassador and the founder of OpenFaaS.

TL;DR

Inlets allow you to expose local endpoint through a secure URL. You can use k8spin as an exit node as it provides a free platform whit external customizable URL, auto-renew TLS/SSL certificates and a kubernetes native experience.

The code

We created a repository containing the code we use in this story. Download the repo locally, you will need it later:

$ cd $(mktemp -d)
$ pwd
/tmp/tmp.HHnDXYthMr
$ git clone https://gitlab.com/k8spin-open/examples/inlets.git
Cloning into 'inlets'...
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 15 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (15/15), done.

K8Spin Namespace

To get into K8Spin you just need to sign with your Google or Github account in the K8Spin console. Then create a namespace:

This namespace costs 3.51€ but it’s free for our free tier users.

K8Spin provides you a free tier namespace with 100m CPU Cores (0,1 Core) and 128Mb of RAM in an unlimited time for free (no credit card required).

Download the kubeconfig file.

Move inlets.config (kubeconfig) file to the temp path we created earlier.

$ pwd
/tmp/tmp.HHnDXYthMr
$ mv ~/Downloads/inlets.config .

Let’s deploy it

First, configure the kubectl credentials:

$ export KUBECONFIG=/tmp/tmp.HHnDXYthMr/inlets.config

Create a kubernetes secret with a token to run inlets securely:

$ kubectl create secret generic inlets --from-literal=TOKEN=PUT_YOUR_SECURE_TOKEN_HERE

Now, change the deploy/ingress.yml file. Modify the certmanager.k8s.io/issuer annotation to your issuer name. You can find it running:

$ kubectl get issuer
NAME                            AGE
angelbarrerasanchez-gmail-com   30m

Open the k8spin console, look for the assigned ingress domain, it should be something like: *.angelbarrerasanchez.apps.k8spin.cloud.

Then, choose a hostname to create the ingress resource: inlets.angelbarrerasanchez.apps.k8spin.cloud will works.

Finally, modify hosts attributes (tls)(rules) in the deploy/ingress.yml file.

Your ingress should look like:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: inlets
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    certmanager.k8s.io/issuer: angelbarrerasanchez-gmail-com
spec:
  tls:
  - hosts:
    - inlets.angelbarrerasanchez.apps.k8spin.cloud
    secretName: inlets-certificate
  rules:
  - host: inlets.angelbarrerasanchez.apps.k8spin.cloud
    http:
      paths:
      - path: /
        backend:
          serviceName: inlets
          servicePort: 80

Now, we are ready to deploy the exit-node:

$ pwd
/tmp/tmp.HHnDXYthMr/inlets
$ kubectl apply -R -f deploy/
deployment.apps/inlets created
ingress.extensions/inlets created
service/inlets created

After a while, the inlet’s exit node will be ready.

Use it!

Run a simple service in your local machine. For example, run Python’s built-in HTTP server:

$ mkdir -p /tmp/inlets-test/
$ cd /tmp/inlets-test/
$ echo "# Hello inlets at k8spin.cloud" > README.md
$ python -m SimpleHTTPServer 3000
Serving HTTP on 0.0.0.0 port 3000 ...

Then install inlets:

# Install to local directory
curl -sLS https://get.inlets.dev | sh# Install to /usr/local/bin/
curl -sLS https://get.inlets.dev | sudo sh

And start the inlets client:

$ inlets client --remote="wss://inlets.angelbarrerasanchez.apps.k8spin.cloud" --upstream="localhost:3000" --token=PUT_YOUR_SECURE_TOKEN_HERE --print-token=false
2019/08/07 12:25:46 Upstream:  => localhost:3000
map[X-Inlets-Id:[1df2ffd28f85463085e86a7068dc0ca9] X-Inlets-Upstream:[=localhost:3000] Authorization:[Bearer -.-]]
INFO[0000] Connecting to proxy                           url="wss://inlets.angelbarrerasanchez.apps.k8spin.cloud/tunnel"

Let’s dig into the inlets client command flags:

--remote Points to the ingress hostname we choose.
--upstream Local service will be exposed through the exit node. In this example, python web server created before.
--token Secret token created before.

Then visit: https://inlets.angelbarrerasanchez.apps.k8spin.cloud and you will see your local server through an exit node on top of k8spin namespace.

Exit node request on top of k8spin.cloud

Deployment resources utilization details

This deployment runs with 5m (0,005 CPU Cores) and 16Mb of RAM by default.

There is a lot of free resources that could be used for other applications.

Conclusions

This is the third example that we want to show you. There will be more like this. We just want to demonstrate how powerful could be our free tier.

We designed this tier focusing on personal side projects. The unlocked tier is also a good option to deploy a personal side project, it unlocks the power of using dynamic namespaces. Remember the story about Ephemeral Kubernetes environments on CI/CD systems.

We would love to hear from you about your use cases. Don’t forget to join our slack community at slack.k8spin.cloud