Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tunnel-server: add basic deployment guide #405

Merged
merged 2 commits into from
Feb 11, 2024
Merged

Conversation

royra
Copy link
Collaborator

@royra royra commented Jan 25, 2024

[Is this a bugfix/feature/doc-improvement?]

This is a

  • Bug fix
  • Feature
  • Doc improvement

By submitting this pull request I confirm I've read and complied with the below requirements 🖖

  • I have used Preevy for a while and am familiar with the function it provides.

If this is a bug fix or feature:

  • I tested the proposed change on my cloud provider: Please specify which provider
  • I tested the proposed change on a local Kubernetes cluster.

## Requirements

- A Kubernetes cluster
- An ingress solution to make K8S Services accesible from your network (e.g, Traefik). In this example, we'll use your cloud provider's load balancer.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "An ingress solution" might be confusing here due to the ambiguity with k8s ingress resources.
Since Traefik and cloud provider load balancer (based on k8s service-> loadbalancer) work at different layers (l4 vs l7), and the sentence imply that we're using the cloud provider's load balancer instead (which is incorrect, since we'll need service->loadbalancer endpoint to expose traefik if we were to use it).
In addition, cloud providers has both solutions for l4 and l7 integrated with Kubernetes (via k8s service->loadbalancer and k8s gateway/ingress) so it's not clear which one are we referring to.

- Google Cloud: [GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer)
- Azure: [AKS](https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard)

Another approach would be to use a 3rd-party ingress solution like [Traefik](https://doc.traefik.io/traefik/user-guides/crd-acme/).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Traefik CRD won't solve the problem of configuring dns.
In k8s, there's external dns (https://github.com/kubernetes-sigs/external-dns) which works with many dns providers, but I didn't see wildcard support

Copy link
Contributor

@Yshayy Yshayy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks awesome, added few notes.

In the future, it might be worth having an example with k8s gateway APIs which means there's no need for stunnel/sslh.

TLSRoute can be used for the ssh traffic, and HTTPRoute for the HTTP traffic. (although in this case routing will be based on hostname and not on ALPN)

@royra royra force-pushed the tunnel-server-deployment-docs branch from f409353 to 77de072 Compare February 11, 2024 13:43
@royra royra merged commit 66c0be3 into main Feb 11, 2024
8 checks passed
@royra royra deleted the tunnel-server-deployment-docs branch February 11, 2024 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants