https://github.com/rueian/aerial
Combination of Cilium Golang Envoy Filter and TCP tunnel to build Visual Studio Bridge To Kubernetes.
https://github.com/rueian/aerial
cilium kubernetes networkpolicy
Last synced: 6 months ago
JSON representation
Combination of Cilium Golang Envoy Filter and TCP tunnel to build Visual Studio Bridge To Kubernetes.
- Host: GitHub
- URL: https://github.com/rueian/aerial
- Owner: rueian
- Created: 2020-08-25T18:46:07.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2020-11-15T04:04:09.000Z (almost 5 years ago)
- Last Synced: 2023-08-13T10:08:00.671Z (about 2 years ago)
- Topics: cilium, kubernetes, networkpolicy
- Language: Go
- Homepage:
- Size: 5.44 MB
- Stars: 26
- Watchers: 4
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Aerial
Combination of [Cilium Golang Envoy Filter](https://docs.cilium.io/en/v1.9/concepts/security/proxy/envoy/#go-extensions)
and TCP tunnel to build [Visual Studio Bridge To Kubernetes](https://devblogs.microsoft.com/visualstudio/bridge-to-kubernetes-ga/).
# Why rebuild Bridge To Kubernetes?
The current version of Bridge To Kubernetes has some limitations, for example:
1. Can't have multiple pods behind a k8s service.
2. Can't have multiple container in a pod.
3. Can't have TLS between pods.
And these limitations can solved by the help of CNI.
Full slides: https://speakerdeck.com/rueian/ciliums-envoy-filter-and-vs-bridge-to-kubernetes
# Example Setup
## Prepare
* gcloud cli
* helm cli
```shell script
# build tunnel client binary
make
# create the example GKE cluster
export GCP_PROJECT=your-project
./example/gke.sh
# apply example services
kubectl apply -f example/kube.yaml
# make tunnel server accessible from local
kubectl port-forward svc/aerial-tunnel 8080
# redirect http /v1 traffic into service-c from cluster to local 9090 port
./bin/aerial link \
--addr 127.0.0.1:8080 \
--bind 127.0.0.1:9090 \
--svc service-c:80 --param PathRegex=/v1
```