What does fit in a low resources namespace? 3rd part. Inlets
This is the third part of a series of stories that shows what kind of software could be deployed in a free tier namespace at K8Spin.cloud.
Inlets
Inlets combine a reverse proxy and WebSocket tunnels to expose your internal and development endpoints to the public Internet via an exit-node.
Similar tools such as ngrok or Argo Tunnel from Cloudflare are closed-source, have limited built-in and can work out expensive. ngrok is also often banned by corporate firewall policies meaning it can be unusable.
inlets is brought to you by Alex Ellis. Alex is a CNCF Ambassador and the founder of OpenFaaS.
TL;DR
Inlets allow you to expose local endpoint through a secure URL. You can use k8spin as an exit node as it provides a free platform whit external customizable URL, auto-renew TLS/SSL certificates and a kubernetes native experience.
The code
We created a repository containing the code we use in this story. Download the repo locally, you will need it later:
$ cd $(mktemp -d)
$ pwd
/tmp/tmp.HHnDXYthMr
$ git clone https://gitlab.com/k8spin-open/examples/inlets.git
Cloning into 'inlets'...
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 15 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (15/15), done.
K8Spin Namespace
To get into K8Spin you just need to sign with your Google or Github account in the K8Spin console. Then create a namespace:
K8Spin provides you a free tier namespace with 100m CPU Cores (0,1 Core) and 128Mb of RAM in an unlimited time for free (no credit card required).
Download the kubeconfig file.
Move inlets.config (kubeconfig) file to the temp path we created earlier.
$ pwd
/tmp/tmp.HHnDXYthMr
$ mv ~/Downloads/inlets.config .
Let’s deploy it
First, configure the kubectl credentials:
$ export KUBECONFIG=/tmp/tmp.HHnDXYthMr/inlets.config
Create a kubernetes secret with a token to run inlets securely:
$ kubectl create secret generic inlets --from-literal=TOKEN=PUT_YOUR_SECURE_TOKEN_HERE
Now, change the deploy/ingress.yml
file. Modify the certmanager.k8s.io/issuer
annotation to your issuer name. You can find it running:
$ kubectl get issuer
NAME AGE
angelbarrerasanchez-gmail-com 30m
Open the k8spin console, look for the assigned ingress domain
, it should be something like: *.angelbarrerasanchez.apps.k8spin.cloud
.
Then, choose a hostname to create the ingress
resource: inlets.angelbarrerasanchez.apps.k8spin.cloud
will works.
Finally, modify hosts
attributes (tls)(rules)
in the deploy/ingress.yml
file.
Your ingress
should look like:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: inlets
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
certmanager.k8s.io/issuer: angelbarrerasanchez-gmail-com
spec:
tls:
- hosts:
- inlets.angelbarrerasanchez.apps.k8spin.cloud
secretName: inlets-certificate
rules:
- host: inlets.angelbarrerasanchez.apps.k8spin.cloud
http:
paths:
- path: /
backend:
serviceName: inlets
servicePort: 80
Now, we are ready to deploy the exit-node:
$ pwd
/tmp/tmp.HHnDXYthMr/inlets
$ kubectl apply -R -f deploy/
deployment.apps/inlets created
ingress.extensions/inlets created
service/inlets created
After a while, the inlet’s exit node will be ready.
Use it!
Run a simple service in your local machine. For example, run Python’s built-in HTTP server:
$ mkdir -p /tmp/inlets-test/
$ cd /tmp/inlets-test/
$ echo "# Hello inlets at k8spin.cloud" > README.md
$ python -m SimpleHTTPServer 3000
Serving HTTP on 0.0.0.0 port 3000 ...
Then install inlets:
# Install to local directory
curl -sLS https://get.inlets.dev | sh# Install to /usr/local/bin/
curl -sLS https://get.inlets.dev | sudo sh
And start the inlets client
:
$ inlets client --remote="wss://inlets.angelbarrerasanchez.apps.k8spin.cloud" --upstream="localhost:3000" --token=PUT_YOUR_SECURE_TOKEN_HERE --print-token=false
2019/08/07 12:25:46 Upstream: => localhost:3000
map[X-Inlets-Id:[1df2ffd28f85463085e86a7068dc0ca9] X-Inlets-Upstream:[=localhost:3000] Authorization:[Bearer -.-]]
INFO[0000] Connecting to proxy url="wss://inlets.angelbarrerasanchez.apps.k8spin.cloud/tunnel"
Let’s dig into the inlets client
command flags:
--remote
Points to the ingress hostname we choose.--upstream
Local service will be exposed through the exit node. In this example, python web server created before.--token
Secret token created before.
Then visit: https://inlets.angelbarrerasanchez.apps.k8spin.cloud
and you will see your local server through an exit node on top of k8spin namespace.
Deployment resources utilization details
This deployment runs with 5m (0,005 CPU Cores) and 16Mb of RAM by default.
There is a lot of free resources that could be used for other applications.
Conclusions
This is the third example that we want to show you. There will be more like this. We just want to demonstrate how powerful could be our free tier.
We designed this tier focusing on personal side projects. The unlocked tier is also a good option to deploy a personal side project, it unlocks the power of using dynamic namespaces. Remember the story about Ephemeral Kubernetes environments on CI/CD systems.
We would love to hear from you about your use cases. Don’t forget to join our slack community at slack.k8spin.cloud