Comments (4)
This has been fixed in 0.17.1 - thanks for your feedback and for using inlets.
from inlets-operator.
Hi thanks for trying out inlets
As far as I knew, the additional ports were already being added as part of the security group configuration. You can check the code if you'd like to see it over at - https://github.com/inlets/cloud-provision/blob/master/provision/ec2.go#L250 - it may potentially need a tweak. Although if you want to use this sooner, you can of course edit the security group manually too.
Can you share the following output please?
Run kubectl get svc -wide
in the namespace where the service exists
And also kubectl get svc/NAME -n NAMESPACE -o yaml
For example, if I create an nginx-ingress controller with a TCP routing config, I wouldn't expect the operator to pick that up.
Any LoadBalancer will be picked up - that's the design.
However, you can change this behaviour with the only annotated feature - then you just annotate the LoadBalancers that you want inlets-operator to cater to.
Alex
from inlets-operator.
Output you asked for below, with some pieces redacted. Anytime you see XX.XX.XX.XX
that's the EC2 instance's IP address.
kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP
PORT(S) AGE SELECTOR
ingress-nginx-bd37f03e-controller LoadBalancer 10.103.54.90 XX.XX.XX.XX,XX.XX.XX.XX 80:32264/TCP,443:30611/TCP,27017:32396/TCP 33m app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx-bd37f03e,app.kubernetes.io/name=ingress-nginx
kubectl get svc/NAME -n NAMESPACE -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: ingress-nginx-bd37f03e
meta.helm.sh/release-namespace: REDACTED
creationTimestamp: "2023-05-02T21:57:50Z"
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx-bd37f03e
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
helm.sh/chart: ingress-nginx-4.6.0
name: ingress-nginx-bd37f03e-controller
namespace: REDACTED
resourceVersion: "1578992"
uid: ffe92ee5-3815-43bf-b170-821e07adc684
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 10.103.54.90
clusterIPs:
- 10.103.54.90
externalIPs:
- XX.XX.XX.XX
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
nodePort: 32264
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
nodePort: 30611
port: 443
protocol: TCP
targetPort: https
- name: 27017-tcp
nodePort: 32396
port: 27017
protocol: TCP
targetPort: 27017-tcp
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx-bd37f03e
app.kubernetes.io/name: ingress-nginx
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: XX.XX.XX.XX
from inlets-operator.
Thanks for sharing this output.
So I had a look at the provisioning code again.
If we pass in an extra flag to the library it will open up the security group from 1024 to 65535. If there is nothing listening on these ports, it's probably not as "insecure" as you suggest.
Alternatively, we could update the library to take in a number of ports from the LB.
The reason for the wider range being available is that when using the inletsctl tool to create tunnel VMs outside of the operator, you don't know what ports the user will need, so all are available - and then as and when the client connects - the ports are opened on the server.
Both inletsctl and inlets-operator use the same library.
So we could either trigger the existing code to open up 1024 to 65535 - or we could do some additional work to pass in a list of ports, that is only used when called by inlets-operator
from inlets-operator.
Related Issues (20)
- Add new Hetnzer provisioner to operator HOT 2
- Change to inlets-pro HOT 3
- tunnel-client pod won't start, "exec: "inlets-pro": executable file not found in $PATH" HOT 5
- GCE provisioner does not show when the VM fails to be created HOT 10
- DigitalOcean has deleted the Ubuntu 16.04 image HOT 1
- Update OS images to Ubuntu 18.04 for provisioners HOT 9
- Support custom plan for provisioner HOT 1
- Update provider pricing grid HOT 2
- Format Error: JWT Token for license-file HOT 4
- Known issue: connection refused due to IPVS HOT 5
- Getting 401 Unable to Authenticate from Digital Ocean HOT 2
- Linode provider with Arkade ingress-nginx - label too long HOT 2
- Update codegen and generate-crd script for Go modules
- Add plan to Inlets Operator Helm chart HOT 1
- Update build status image to use GitHub Actions HOT 2
- bugfix: Docs for installation overlook the access-key
- question: is the inletsProLicense field of the helm chart different than the lic key received in email HOT 6
- digitalocean image ubuntu-18-04-x64 is no longer available HOT 5
- Is there a free version of inlets? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inlets-operator.