DEV Community: naison The latest articles on DEV Community by naison (@wencaiwulue). https://dev.to/wencaiwulue https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1377614%2F82a9b93e-bcf8-447e-9545-46c23c7e5868.jpeg DEV Community: naison https://dev.to/wencaiwulue en KubeVPN: Revolutionizing Kubernetes Local Development naison Mon, 24 Feb 2025 10:57:41 +0000 https://dev.to/wencaiwulue/kubevpn-revolutionizing-kubernetes-local-development-24go https://dev.to/wencaiwulue/kubevpn-revolutionizing-kubernetes-local-development-24go <h2> Why KubeVPN? </h2> <p>In the Kubernetes era, developers face a critical conflict between <strong>cloud-native complexity</strong> and <strong>local development<br> agility</strong>. Traditional workflows force developers to:</p> <ol> <li>Suffer frequent <code>kubectl port-forward</code>/<code>exec</code> operations</li> <li>Set up mini Kubernetes clusters locally (e.g., minikube)</li> <li>Risk disrupting shared dev environments</li> </ol> <p>KubeVPN solves this through <strong>cloud-native network tunneling</strong>, seamlessly extending Kubernetes cluster networks to<br> local machines with three breakthroughs:</p> <ul> <li>🚀 <strong>Zero-Code Integration</strong>: Access cluster services without code changes</li> <li>💻 <strong>Real-Environment Debugging</strong>: Debug cloud services in local IDEs</li> <li>🔄 <strong>Bidirectional Traffic Control</strong>: Route specific traffic to local or cloud</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bycsxjp1h9mjnjcgjpi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bycsxjp1h9mjnjcgjpi.png" alt="KubeVPN Architecture" width="800" height="266"></a></p> <h2> Core Capabilities </h2> <h3> 1. Direct Cluster Networking </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn connect </code></pre> </div> <p>Instantly gain:</p> <ul> <li>✅ Service name access (e.g., <code>productpage.default.svc</code>)</li> <li>✅ Pod IP connectivity</li> <li>✅ Native Kubernetes DNS resolution </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ curl productpage:9080 <span class="c"># Direct cluster access</span> &lt;<span class="o">!</span>DOCTYPE html&gt; &lt;html&gt;...&lt;/html&gt; </code></pre> </div> <h3> 2. Smart Traffic Interception </h3> <p>Precision routing via header conditions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn proxy deployment/productpage <span class="nt">--headers</span> <span class="nv">user</span><span class="o">=</span>dev-team </code></pre> </div> <ul> <li>Requests with <code>user=dev-team</code> → Local service</li> <li>Others → Original cluster handling</li> </ul> <h3> 3. Multi-Cluster Mastery </h3> <p>Connect two clusters simultaneously:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn connect <span class="nt">-n</span> dev <span class="nt">--kubeconfig</span> ~/.kube/cluster1 <span class="c"># Primary</span> kubevpn connect <span class="nt">-n</span> prod <span class="nt">--kubeconfig</span> ~/.kube/cluster2 <span class="nt">--lite</span> <span class="c"># Secondary</span> </code></pre> </div> <h3> 4. Local Containerized Dev </h3> <p>Clone cloud pods to local Docker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn dev deployment/authors <span class="nt">--entrypoint</span> sh </code></pre> </div> <p>Launched containers feature:</p> <ul> <li>🌐 Identical network namespace</li> <li>📁 Exact volume mounts</li> <li>⚙️ Matching environment variables</li> </ul> <h2> Technical Deep Dive </h2> <p>KubeVPN's three-layer architecture:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Function</th> <th>Core Tech</th> </tr> </thead> <tbody> <tr> <td><strong>Traffic Manager</strong></td> <td>Cluster-side interception</td> <td>MutatingWebhook + iptables</td> </tr> <tr> <td><strong>VPN Tunnel</strong></td> <td>Secure local-cluster channel</td> <td>tun device + WireGuard</td> </tr> <tr> <td><strong>Control Plane</strong></td> <td>Config/state sync</td> <td>gRPC streaming + CRDs</td> </tr> </tbody> </table></div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>graph TD Local[Local Machine] --&gt;|Encrypted Tunnel| Tunnel[VPN Gateway] Tunnel --&gt;|Service Discovery| K8sAPI[Kubernetes API] Tunnel --&gt;|Traffic Proxy| Pod[Workload Pods] subgraph K8s Cluster K8sAPI --&gt; TrafficManager[Traffic Manager] TrafficManager --&gt; Pod end </code></pre> </div> <h2> Performance Benchmark </h2> <p>100QPS load test results:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Latency</th> <th>CPU Usage</th> <th>Memory</th> </tr> </thead> <tbody> <tr> <td>Direct Access</td> <td>28ms</td> <td>12%</td> <td>256MB</td> </tr> <tr> <td>KubeVPN Proxy</td> <td>33ms</td> <td>15%</td> <td>300MB</td> </tr> <tr> <td>Telepresence</td> <td>41ms</td> <td>22%</td> <td>420MB</td> </tr> </tbody> </table></div> <p>KubeVPN outperforms alternatives in overhead control.</p> <h2> Getting Started </h2> <h3> Installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># macOS/Linux</span> brew <span class="nb">install </span>kubevpn <span class="c"># Windows</span> scoop <span class="nb">install </span>kubevpn <span class="c"># Via Krew</span> kubectl krew <span class="nb">install </span>kubevpn/kubevpn </code></pre> </div> <h3> Sample Workflow </h3> <ol> <li> <strong>Connect Cluster</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn connect <span class="nt">--namespace</span> dev </code></pre> </div> <ol> <li> <strong>Develop &amp; Debug</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start local service</span> ./my-service &amp; <span class="c"># Intercept debug traffic</span> kubevpn proxy deployment/frontend <span class="nt">--headers</span> x-debug<span class="o">=</span><span class="nb">true</span> </code></pre> </div> <ol> <li> <strong>Validate</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-H</span> <span class="s2">"x-debug: true"</span> frontend.dev.svc/cluster-api </code></pre> </div> <h2> Ecosystem </h2> <p>KubeVPN's growing toolkit:</p> <ul> <li>🔌 <strong>VS Code Extension</strong>: Visual traffic management</li> <li>🧩 <strong>CI/CD Pipelines</strong>: Automated testing/deployment</li> <li>📊 <strong>Monitoring Dashboard</strong>: Real-time network metrics</li> </ul> <p>Join developer community:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Contribute your first PR</span> git clone https://github.com/kubenetworks/kubevpn.git make kubevpn </code></pre> </div> <blockquote> <p>Project URL: <a href="https://github.com/kubenetworks/kubevpn" rel="noopener noreferrer">https://github.com/kubenetworks/kubevpn</a><br><br> Documentation: <a href="https://github.com/kubenetworks/kubevpn/wiki" rel="noopener noreferrer">Complete Guide</a><br><br> Support: <a href="https://kubevpn.slack.com" rel="noopener noreferrer">Slack</a></p> </blockquote> <p>With KubeVPN, developers finally enjoy cloud-native debugging while sipping coffee ☕️🚀</p> kubernetes devops aws cloud KubeVPN offers a Cloud-Native Dev Environment that seamlessly connects to your Kubernetes cluster network. naison Sat, 23 Mar 2024 15:40:52 +0000 https://dev.to/wencaiwulue/kubevpn-offers-a-cloud-native-dev-environment-that-seamlessly-connects-to-your-kubernetes-cluster-network-1a4a https://dev.to/wencaiwulue/kubevpn-offers-a-cloud-native-dev-environment-that-seamlessly-connects-to-your-kubernetes-cluster-network-1a4a <h1> KubeVPN </h1> <p><a href="//README_ZH.md">中文</a> | <a href="//README.md">English</a> | <a href="https://github.com/kubenetworks/kubevpn/wiki/Architecture" rel="noopener noreferrer">Wiki</a></p> <p>KubeVPN offers a Cloud-Native Dev Environment that seamlessly connects to your Kubernetes cluster network. </p> <p>Gain access to the Kubernetes cluster network effortlessly using service names or Pod IP/Service IP. Facilitate the interception of inbound traffic from remote Kubernetes cluster services to your local PC through a service mesh and more. </p> <p>For instance, you have the flexibility to run your Kubernetes pod within a local Docker container, ensuring an identical environment, volume, and network setup. <br> With KubeVPN, empower yourself to develop applications entirely on your local PC!</p> <h2> Content </h2> <ol> <li><a href="//./README.md#quickstart">QuickStart</a></li> <li><a href="//./README.md#functions">Functions</a></li> <li><a href="//./README.md#faq">FAQ</a></li> <li><a href="//./README.md#architecture">Architecture</a></li> </ol> <h2> QuickStart </h2> <h4> Install from GitHub release </h4> <p><a href="https://github.com/kubenetworks/kubevpn/releases/latest" rel="noopener noreferrer">LINK</a></p> <h4> Install from custom krew index </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span> kubectl krew index add kubevpn https://github.com/kubenetworks/kubevpn.git <span class="o">&amp;&amp;</span> <span class="se">\</span> kubectl krew <span class="nb">install </span>kubevpn/kubevpn <span class="o">&amp;&amp;</span> kubectl kubevpn <span class="o">)</span> </code></pre> </div> <h4> Install from build it manually </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span> git clone https://github.com/kubenetworks/kubevpn.git <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="nb">cd </span>kubevpn <span class="o">&amp;&amp;</span> make kubevpn <span class="o">&amp;&amp;</span> ./bin/kubevpn <span class="o">)</span> </code></pre> </div> <h3> Install bookinfo as demo application </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubenetworks/kubevpn/master/samples/bookinfo.yaml </code></pre> </div> <p>For clean up after test<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl delete <span class="nt">-f</span> https://raw.githubusercontent.com/kubenetworks/kubevpn/master/samples/bookinfo.yaml </code></pre> </div> <h2> Functions </h2> <h3> Connect to k8s cluster network </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn connect Password: start to connect get cidr from cluster info... get cidr from cluster info ok get cidr from cni... <span class="nb">wait </span>pod cni-net-dir-kubevpn to be running <span class="nb">timeout</span>, reason , ignore get cidr from svc... get cidr from svc ok get cidr successfully traffic manager not exist, try to create it... label namespace default create serviceAccount kubevpn-traffic-manager create roles kubevpn-traffic-manager create roleBinding kubevpn-traffic-manager create service kubevpn-traffic-manager create deployment kubevpn-traffic-manager pod kubevpn-traffic-manager-66d969fd45-9zlbp is Pending Container Reason Message control-plane ContainerCreating vpn ContainerCreating webhook ContainerCreating pod kubevpn-traffic-manager-66d969fd45-9zlbp is Running Container Reason Message control-plane ContainerRunning vpn ContainerRunning webhook ContainerRunning Creating mutatingWebhook_configuration <span class="k">for </span>kubevpn-traffic-manager update ref count successfully port forward ready tunnel connected dns service ok +---------------------------------------------------------------------------+ | Now you can access resources <span class="k">in </span>the kubernetes cluster, enjoy it :<span class="o">)</span> | +---------------------------------------------------------------------------+ ➜ ~ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status 0 full ccijorbccotmqodvr189g /Users/naison/.kube/config default Connected ➜ ~ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubectl get pods <span class="nt">-o</span> wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES authors-dbb57d856-mbgqk 3/3 Running 0 7d23h 172.29.2.132 192.168.0.5 &lt;none&gt; &lt;none&gt; details-7d8b5f6bcf-hcl4t 1/1 Running 0 61d 172.29.0.77 192.168.104.255 &lt;none&gt; &lt;none&gt; kubevpn-traffic-manager-66d969fd45-9zlbp 3/3 Running 0 74s 172.29.2.136 192.168.0.5 &lt;none&gt; &lt;none&gt; productpage-788df7ff7f-jpkcs 1/1 Running 0 61d 172.29.2.134 192.168.0.5 &lt;none&gt; &lt;none&gt; ratings-77b6cd4499-zvl6c 1/1 Running 0 61d 172.29.0.86 192.168.104.255 &lt;none&gt; &lt;none&gt; reviews-85c88894d9-vgkxd 1/1 Running 0 24d 172.29.2.249 192.168.0.5 &lt;none&gt; &lt;none&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ ping 172.29.2.134 PING 172.29.2.134 <span class="o">(</span>172.29.2.134<span class="o">)</span>: 56 data bytes 64 bytes from 172.29.2.134: <span class="nv">icmp_seq</span><span class="o">=</span>0 <span class="nv">ttl</span><span class="o">=</span>63 <span class="nb">time</span><span class="o">=</span>55.727 ms 64 bytes from 172.29.2.134: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>63 <span class="nb">time</span><span class="o">=</span>56.270 ms 64 bytes from 172.29.2.134: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>63 <span class="nb">time</span><span class="o">=</span>55.228 ms 64 bytes from 172.29.2.134: <span class="nv">icmp_seq</span><span class="o">=</span>3 <span class="nv">ttl</span><span class="o">=</span>63 <span class="nb">time</span><span class="o">=</span>54.293 ms ^C <span class="nt">---</span> 172.29.2.134 ping statistics <span class="nt">---</span> 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev <span class="o">=</span> 54.293/55.380/56.270/0.728 ms </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubectl get services <span class="nt">-o</span> wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE SELECTOR authors ClusterIP 172.21.5.160 &lt;none&gt; 9080/TCP 114d <span class="nv">app</span><span class="o">=</span>authors details ClusterIP 172.21.6.183 &lt;none&gt; 9080/TCP 114d <span class="nv">app</span><span class="o">=</span>details kubernetes ClusterIP 172.21.0.1 &lt;none&gt; 443/TCP 319d &lt;none&gt; kubevpn-traffic-manager ClusterIP 172.21.2.86 &lt;none&gt; 8422/UDP,10800/TCP,9002/TCP,80/TCP 2m28s <span class="nv">app</span><span class="o">=</span>kubevpn-traffic-manager productpage ClusterIP 172.21.10.49 &lt;none&gt; 9080/TCP 114d <span class="nv">app</span><span class="o">=</span>productpage ratings ClusterIP 172.21.3.247 &lt;none&gt; 9080/TCP 114d <span class="nv">app</span><span class="o">=</span>ratings reviews ClusterIP 172.21.8.24 &lt;none&gt; 9080/TCP 114d <span class="nv">app</span><span class="o">=</span>reviews </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl 172.21.10.49:9080 &lt;<span class="o">!</span>DOCTYPE html&gt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;title&gt;Simple Bookstore App&lt;/title&gt; &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"utf-8"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"IE=edge"</span><span class="o">&gt;</span> &lt;meta <span class="nv">name</span><span class="o">=</span><span class="s2">"viewport"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"width=device-width, initial-scale=1"</span><span class="o">&gt;</span> </code></pre> </div> <h3> Domain resolve </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl productpage.default.svc.cluster.local:9080 &lt;<span class="o">!</span>DOCTYPE html&gt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;title&gt;Simple Bookstore App&lt;/title&gt; &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"utf-8"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"IE=edge"</span><span class="o">&gt;</span> &lt;meta <span class="nv">name</span><span class="o">=</span><span class="s2">"viewport"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"width=device-width, initial-scale=1"</span><span class="o">&gt;</span> </code></pre> </div> <h3> Short domain resolve </h3> <p>To access the service in the cluster, service name or you can use the short domain name, such<br> as <code>productpage</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl productpage:9080 &lt;<span class="o">!</span>DOCTYPE html&gt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;title&gt;Simple Bookstore App&lt;/title&gt; &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"utf-8"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"IE=edge"</span><span class="o">&gt;</span> ... </code></pre> </div> <p><strong><em>Disclaimer:</em></strong> This only works on the namespace where kubevpn-traffic-manager is deployed. Otherwise, use <a href="//./README.md#domain-resolve">Domain resolve</a></p> <h3> Connect to multiple kubernetes cluster network </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status 0 full ccijorbccotmqodvr189g /Users/naison/.kube/config default Connected </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn connect <span class="nt">-n</span> default <span class="nt">--kubeconfig</span> ~/.kube/dev_config <span class="nt">--lite</span> start to connect got cidr from cache get cidr successfully update ref count successfully traffic manager already exist, reuse it port forward ready tunnel connected adding route... dns service ok +---------------------------------------------------------------------------+ | Now you can access resources <span class="k">in </span>the kubernetes cluster, enjoy it :<span class="o">)</span> | +---------------------------------------------------------------------------+ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn status ID Mode Cluster Kubeconfig Namespace Status 0 full ccijorbccotmqodvr189g /Users/naison/.kube/config default Connected 1 lite ccidd77aam2dtnc3qnddg /Users/naison/.kube/dev_config default Connected ➜ ~ </code></pre> </div> <h3> Reverse proxy </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn proxy deployment/productpage already connect to cluster start to create remote inbound pod <span class="k">for </span>deployment/productpage workload default/deployment/productpage is controlled by a controller rollout status <span class="k">for </span>deployment/productpage Waiting <span class="k">for </span>deployment <span class="s2">"productpage"</span> rollout to finish: 1 old replicas are pending termination... Waiting <span class="k">for </span>deployment <span class="s2">"productpage"</span> rollout to finish: 1 old replicas are pending termination... deployment <span class="s2">"productpage"</span> successfully rolled out rollout status <span class="k">for </span>deployment/productpage successfully create remote inbound pod <span class="k">for </span>deployment/productpage successfully +---------------------------------------------------------------------------+ | Now you can access resources <span class="k">in </span>the kubernetes cluster, enjoy it :<span class="o">)</span> | +---------------------------------------------------------------------------+ ➜ ~ </code></pre> </div> <p>For local testing, save the following code as <code>hello.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"io"</span> <span class="s">"net/http"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">writer</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">request</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="n">io</span><span class="o">.</span><span class="n">WriteString</span><span class="p">(</span><span class="n">writer</span><span class="p">,</span> <span class="s">"Hello world!"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"&gt;&gt;Received request: %s %s from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">Method</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">RequestURI</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">RemoteAddr</span><span class="p">)</span> <span class="p">})</span> <span class="n">_</span> <span class="o">=</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":9080"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>and compile it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go build hello.go </code></pre> </div> <p>then run it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./hello &amp; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">selector</span><span class="o">=</span>productpage <span class="nb">export </span><span class="nv">pod</span><span class="o">=</span><span class="sb">`</span>kubectl get pods <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span><span class="k">${</span><span class="nv">selector</span><span class="k">}</span> <span class="nt">-n</span> default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="sb">`</span> <span class="nb">export </span><span class="nv">pod_ip</span><span class="o">=</span><span class="sb">`</span>kubectl get pod <span class="nv">$pod</span> <span class="nt">-n</span> default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.status.podIP}'</span><span class="sb">`</span> curl <span class="nt">-v</span> <span class="nt">-H</span> <span class="s2">"a: 1"</span> http://<span class="nv">$pod_ip</span>:9080/health </code></pre> </div> <p>response would like below<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❯ curl -v -H "a: 1" http://$pod_ip:9080/health * Trying 192.168.72.77:9080... * Connected to 192.168.72.77 (192.168.72.77) port 9080 (#0) &gt; GET /health HTTP/1.1 &gt; Host: 192.168.72.77:9080 &gt; User-Agent: curl/7.87.0 &gt; Accept: */* &gt; a: 1 &gt; &gt;&gt;Received request: GET /health from xxx.xxx.xxx.xxx:52974 * Mark bundle as not supporting multiuse &lt; HTTP/1.1 200 OK &lt; Date: Sat, 04 Nov 2023 10:19:50 GMT &lt; Content-Length: 12 &lt; Content-Type: text/plain; charset=utf-8 &lt; * Connection #0 to host 192.168.72.77 left intact Hello world! </code></pre> </div> <p>also you can access via service name<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl productpage:9080 Hello world!% ➜ ~ curl productpage.default.svc.cluster.local:9080 Hello world!% </code></pre> </div> <h3> Reverse proxy with mesh </h3> <p>Support HTTP, GRPC and WebSocket etc. with specific header <code>"a: 1"</code> will route to your local machine<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn proxy deployment/productpage <span class="nt">--headers</span> <span class="nv">a</span><span class="o">=</span>1 already connect to cluster start to create remote inbound pod <span class="k">for </span>deployment/productpage patch workload default/deployment/productpage with sidecar rollout status <span class="k">for </span>deployment/productpage Waiting <span class="k">for </span>deployment <span class="s2">"productpage"</span> rollout to finish: 1 old replicas are pending termination... Waiting <span class="k">for </span>deployment <span class="s2">"productpage"</span> rollout to finish: 1 old replicas are pending termination... deployment <span class="s2">"productpage"</span> successfully rolled out rollout status <span class="k">for </span>deployment/productpage successfully create remote inbound pod <span class="k">for </span>deployment/productpage successfully +---------------------------------------------------------------------------+ | Now you can access resources <span class="k">in </span>the kubernetes cluster, enjoy it :<span class="o">)</span> | +---------------------------------------------------------------------------+ ➜ ~ </code></pre> </div> <p>first access without header "a: 1", it will access existing pod on kubernetes cluster.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl productpage:9080 &lt;<span class="o">!</span>DOCTYPE html&gt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;title&gt;Simple Bookstore App&lt;/title&gt; &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"utf-8"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"IE=edge"</span><span class="o">&gt;</span> &lt;meta <span class="nv">name</span><span class="o">=</span><span class="s2">"viewport"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"width=device-width, initial-scale=1"</span><span class="o">&gt;</span> ... </code></pre> </div> <p>Now let's access local service with header <code>"a: 1"</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ curl productpage:9080 <span class="nt">-H</span> <span class="s2">"a: 1"</span> <span class="o">&gt;&gt;</span>Received request: GET / from xxx.xxx.xxx.xxx:51296 Hello world! </code></pre> </div> <p>If you want to cancel proxy, just run command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn leave deployments/productpage leave workload deployments/productpage workload default/deployments/productpage is controlled by a controller leave workload deployments/productpage successfully </code></pre> </div> <h3> Dev mode in local Docker 🐳 </h3> <p>Run the Kubernetes pod in the local Docker container, and cooperate with the service mesh to intercept the traffic with<br> the specified header to the local, or all the traffic to the local.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn dev deployment/authors <span class="nt">--headers</span> <span class="nv">a</span><span class="o">=</span>1 <span class="nt">-it</span> <span class="nt">--rm</span> <span class="nt">--entrypoint</span> sh connectting to cluster start to connect got cidr from cache get cidr successfully update ref count successfully traffic manager already exist, reuse it port forward ready tunnel connected dns service ok start to create remote inbound pod <span class="k">for </span>Deployment.apps/authors patch workload default/Deployment.apps/authors with sidecar rollout status <span class="k">for </span>Deployment.apps/authors Waiting <span class="k">for </span>deployment <span class="s2">"authors"</span> rollout to finish: 1 old replicas are pending termination... Waiting <span class="k">for </span>deployment <span class="s2">"authors"</span> rollout to finish: 1 old replicas are pending termination... deployment <span class="s2">"authors"</span> successfully rolled out rollout status <span class="k">for </span>Deployment.apps/authors successfully create remote inbound pod <span class="k">for </span>Deployment.apps/authors successfully <span class="nb">tar</span>: removing leading <span class="s1">'/'</span> from member names /var/folders/30/cmv9c_5j3mq_kthx63sb1t5c0000gn/T/4563987760170736212:/var/run/secrets/kubernetes.io/serviceaccount <span class="nb">tar</span>: Removing leading <span class="sb">`</span>/<span class="s1">' from member names tar: Removing leading `/'</span> from hard <span class="nb">link </span>targets /var/folders/30/cmv9c_5j3mq_kthx63sb1t5c0000gn/T/4044542168121221027:/var/run/secrets/kubernetes.io/serviceaccount create docker network 56c25058d4b7498d02c2c2386ccd1b2b127cb02e8a1918d6d24bffd18570200e Created container: nginx_default_kubevpn_a9a22 Wait container nginx_default_kubevpn_a9a22 to be running... Container nginx_default_kubevpn_a9a22 is running on port 80/tcp:80 8888/tcp:8888 9080/tcp:9080 now WARNING: The requested image<span class="s1">'s platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested Created main container: authors_default_kubevpn_a9a22 /opt/microservices # ls app /opt/microservices # ps -ef PID USER TIME COMMAND 1 root 0:00 nginx: master process nginx -g daemon off; 29 101 0:00 nginx: worker process 30 101 0:00 nginx: worker process 31 101 0:00 nginx: worker process 32 101 0:00 nginx: worker process 33 101 0:00 nginx: worker process 34 root 0:00 {sh} /usr/bin/qemu-x86_64 /bin/sh sh 44 root 0:00 ps -ef /opt/microservices # apk add curl fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz (1/4) Installing brotli-libs (1.0.9-r5) (2/4) Installing nghttp2-libs (1.43.0-r0) (3/4) Installing libcurl (8.0.1-r0) (4/4) Installing curl (8.0.1-r0) Executing busybox-1.33.1-r3.trigger OK: 8 MiB in 19 packages /opt/microservices # ./app &amp; /opt/microservices # 2023/09/30 13:41:58 Start listening http port 9080 ... /opt/microservices # curl localhost:9080/health {"status":"Authors is healthy"} /opt/microservices # echo "continue testing pod access..." continue testing pod access... /opt/microservices # exit prepare to exit, cleaning up update ref count successfully tun device closed leave resource: deployments.apps/authors workload default/deployments.apps/authors is controlled by a controller leave resource: deployments.apps/authors successfully clean up successfully prepare to exit, cleaning up update ref count successfully clean up successfully ➜ ~ </span></code></pre> </div> <p>You can see that it will start up two containers with docker, mapping to pod two container, and share port with same<br> network, you can use <code>localhost:port</code><br> to access another container. And more, all environment、volume and network are the same as remote kubernetes pod, it is<br> truly consistent with the kubernetes runtime. Makes develop on local PC come true.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES afdecf41c08d naison/authors:latest <span class="s2">"sh"</span> 37 seconds ago Up 36 seconds authors_default_kubevpn_a9a22 fc04e42799a5 nginx:latest <span class="s2">"/docker-entrypoint.…"</span> 37 seconds ago Up 37 seconds 0.0.0.0:80-&gt;80/tcp, 0.0.0.0:8888-&gt;8888/tcp, 0.0.0.0:9080-&gt;9080/tcp nginx_default_kubevpn_a9a22 ➜ ~ </code></pre> </div> <p>Here is how to access pod in local docker container<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">authors_pod</span><span class="o">=</span><span class="sb">`</span>kubectl get pods <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>authors <span class="nt">-n</span> default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="sb">`</span> <span class="nb">export </span><span class="nv">authors_pod_ip</span><span class="o">=</span><span class="sb">`</span>kubectl get pod <span class="nv">$authors_pod</span> <span class="nt">-n</span> default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.status.podIP}'</span><span class="sb">`</span> curl <span class="nt">-kv</span> <span class="nt">-H</span> <span class="s2">"a: 1"</span> http://<span class="nv">$authors_pod_ip</span>:80/health </code></pre> </div> <p>Verify logs of nginx container<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker logs <span class="si">$(</span>docker ps <span class="nt">--format</span> <span class="s1">'{{.Names}}'</span> | <span class="nb">grep </span>nginx_default_kubevpn<span class="si">)</span> </code></pre> </div> <p>If you just want to start up a docker image, you can use a simple way like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubevpn dev deployment/authors <span class="nt">--no-proxy</span> <span class="nt">-it</span> <span class="nt">--rm</span> </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn dev deployment/authors <span class="nt">--no-proxy</span> <span class="nt">-it</span> <span class="nt">--rm</span> connectting to cluster start to connect got cidr from cache get cidr successfully update ref count successfully traffic manager already exist, reuse it port forward ready tunnel connected dns service ok <span class="nb">tar</span>: removing leading <span class="s1">'/'</span> from member names /var/folders/30/cmv9c_5j3mq_kthx63sb1t5c0000gn/T/5631078868924498209:/var/run/secrets/kubernetes.io/serviceaccount <span class="nb">tar</span>: Removing leading <span class="sb">`</span>/<span class="s1">' from member names tar: Removing leading `/'</span> from hard <span class="nb">link </span>targets /var/folders/30/cmv9c_5j3mq_kthx63sb1t5c0000gn/T/1548572512863475037:/var/run/secrets/kubernetes.io/serviceaccount create docker network 56c25058d4b7498d02c2c2386ccd1b2b127cb02e8a1918d6d24bffd18570200e Created container: nginx_default_kubevpn_ff34b Wait container nginx_default_kubevpn_ff34b to be running... Container nginx_default_kubevpn_ff34b is running on port 80/tcp:80 8888/tcp:8888 9080/tcp:9080 now WARNING: The requested image<span class="s1">'s platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested Created main container: authors_default_kubevpn_ff34b 2023/09/30 14:02:31 Start listening http port 9080 ... </span></code></pre> </div> <p>Now the main process will hang up to show you log.</p> <p>If you want to specify the image to start the container locally, you can use the parameter <code>--docker-image</code>. When the<br> image does not exist locally, it will be pulled from the corresponding mirror warehouse. If you want to specify startup<br> parameters, you can use <code>--entrypoint</code> parameter, replace it with the command you want to execute, such<br> as <code>--entrypoint /bin/bash</code>, for more parameters, see <code>kubevpn dev --help</code>.</p> <h3> DinD ( Docker in Docker ) use kubevpn in Docker </h3> <p>If you want to start the development mode locally using Docker in Docker (DinD), because the program will read and<br> write the <code>/tmp</code> directory, you need to manually add the parameter <code>-v /tmp:/tmp</code> (outer docker) and another thing is you<br> need to special parameter <code>--network</code> (inner docker) for sharing network and pid</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-it</span> <span class="nt">--privileged</span> <span class="nt">--sysctl</span> net.ipv6.conf.all.disable_ipv6<span class="o">=</span>0 <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock <span class="nt">-v</span> /tmp:/tmp <span class="nt">-v</span> ~/.kube/config:/root/.kube/config <span class="nt">--platform</span> linux/amd64 naison/kubevpn:v2.0.0 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ docker run <span class="nt">-it</span> <span class="nt">--privileged</span> <span class="nt">--sysctl</span> net.ipv6.conf.all.disable_ipv6<span class="o">=</span>0 <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock <span class="nt">-v</span> /tmp:/tmp <span class="nt">-v</span> ~/.kube/vke:/root/.kube/config <span class="nt">--platform</span> linux/amd64 naison/kubevpn:v2.0.0 Unable to find image <span class="s1">'naison/kubevpn:v2.0.0'</span> locally v2.0.0: Pulling from naison/kubevpn 445a6a12be2b: Already exists bd6c670dd834: Pull <span class="nb">complete </span>64a7297475a2: Pull <span class="nb">complete </span>33fa2e3224db: Pull <span class="nb">complete </span>e008f553422a: Pull <span class="nb">complete </span>5132e0110ddc: Pull <span class="nb">complete </span>5b2243de1f1a: Pull <span class="nb">complete </span>662a712db21d: Pull <span class="nb">complete </span>4f4fb700ef54: Pull <span class="nb">complete </span>33f0298d1d4f: Pull <span class="nb">complete </span>Digest: sha256:115b975a97edd0b41ce7a0bc1d8428e6b8569c91a72fe31ea0bada63c685742e Status: Downloaded newer image <span class="k">for </span>naison/kubevpn:v2.0.0 root@d0b3dab8912a:/app# kubevpn dev deployment/authors <span class="nt">--headers</span> <span class="nv">user</span><span class="o">=</span>naison <span class="nt">-it</span> <span class="nt">--entrypoint</span> sh <span class="nt">----------------------------------------------------------------------------------</span> Warn: Use <span class="nb">sudo </span>to execute <span class="nb">command </span>kubevpn can not use user <span class="nb">env </span>KUBECONFIG. Because of <span class="nb">sudo </span>user <span class="nb">env </span>and user <span class="nb">env </span>are different. Current <span class="nb">env </span>KUBECONFIG value: <span class="nt">----------------------------------------------------------------------------------</span> <span class="nb">hostname </span>is d0b3dab8912a connectting to cluster start to connect got cidr from cache get cidr successfully update ref count successfully traffic manager already exist, reuse it port forward ready tunnel connected dns service ok start to create remote inbound pod <span class="k">for </span>Deployment.apps/authors patch workload default/Deployment.apps/authors with sidecar rollout status <span class="k">for </span>Deployment.apps/authors Waiting <span class="k">for </span>deployment <span class="s2">"authors"</span> rollout to finish: 1 old replicas are pending termination... Waiting <span class="k">for </span>deployment <span class="s2">"authors"</span> rollout to finish: 1 old replicas are pending termination... deployment <span class="s2">"authors"</span> successfully rolled out rollout status <span class="k">for </span>Deployment.apps/authors successfully create remote inbound pod <span class="k">for </span>Deployment.apps/authors successfully <span class="nb">tar</span>: removing leading <span class="s1">'/'</span> from member names /tmp/6460902982794789917:/var/run/secrets/kubernetes.io/serviceaccount <span class="nb">tar</span>: Removing leading <span class="sb">`</span>/<span class="s1">' from member names tar: Removing leading `/'</span> from hard <span class="nb">link </span>targets /tmp/5028895788722532426:/var/run/secrets/kubernetes.io/serviceaccount network mode is container:d0b3dab8912a Created container: nginx_default_kubevpn_6df63 Wait container nginx_default_kubevpn_6df63 to be running... Container nginx_default_kubevpn_6df63 is running now WARNING: The requested image<span class="s1">'s platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested Created main container: authors_default_kubevpn_6df5f /opt/microservices # ps -ef PID USER TIME COMMAND 1 root 0:00 {bash} /usr/bin/qemu-x86_64 /bin/bash /bin/bash 14 root 0:02 {kubevpn} /usr/bin/qemu-x86_64 /usr/local/bin/kubevpn kubevpn dev deployment/authors --headers 25 root 0:01 {kubevpn} /usr/bin/qemu-x86_64 /usr/local/bin/kubevpn /usr/local/bin/kubevpn daemon 37 root 0:04 {kubevpn} /usr/bin/qemu-x86_64 /usr/local/bin/kubevpn /usr/local/bin/kubevpn daemon --sudo 53 root 0:00 nginx: master process nginx -g daemon off; (4/4) Installing curl (8.0.1-r0) Executing busybox-1.33.1-r3.trigger OK: 8 MiB in 19 packagesnx: worker process /opt/microservices # /opt/microservices # cat &gt; hello.go &lt;&lt;EOF package main import ( "fmt" "io" "net/http" ) func main() { http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { _, _ = io.WriteString(writer, "Hello world!") fmt.Println("&gt;&gt; Container Received request: %s %s from %s\n", request.Method, request.RequestURI, request.RemoteAddr) }) fmt.Println("Start listening http port 9080 ...") _ = http.ListenAndServe(":9080", nil) } EOF /opt/microservices # go build hello.go /opt/microservices # //opt/microservices # ls -alh total 12M drwxr-xr-x 1 root root 26 Nov 4 10:29 . drwxr-xr-x 1 root root 26 Oct 18 2021 .. -rwxr-xr-x 1 root root 6.3M Oct 18 2021 app -rwxr-xr-x 1 root root 5.8M Nov 4 10:29 hello -rw-r--r-- 1 root root 387 Nov 4 10:28 hello.go /opt/microservices # /opt/microservices # apk add curl OK: 8 MiB in 19 packages /opt/microservices # ./hello &amp; /opt/microservices # Start listening http port 9080 ... [2]+ Done ./hello /opt/microservices # curl localhost:9080 &gt;&gt; Container Received request: GET / from 127.0.0.1:41230 Hello world!/opt/microservices # /opt/microservices # curl authors:9080/health -H "a: 1" &gt;&gt;Received request: GET /health from 223.254.0.109:57930 Hello world!/opt/microservices # /opt/microservices # curl localhost:9080/health {"status":"Authors is healthy"}/opt/microservices # exit prepare to exit, cleaning up update ref count successfully tun device closed leave resource: deployments.apps/authors workload default/deployments.apps/authors is controlled by a controller leave resource: deployments.apps/authors successfully clean up successfully prepare to exit, cleaning up update ref count successfully clean up successfully root@d0b3dab8912a:/app# exit exit ➜ ~ </span></code></pre> </div> <p>during test, check what container is running<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>➜ ~ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1cd576b51b66 naison/authors:latest "sh" 4 minutes ago Up 4 minutes authors_default_kubevpn_6df5f 56a6793df82d nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes nginx_default_kubevpn_6df63 d0b3dab8912a naison/kubevpn:v2.0.0 "/bin/bash" 5 minutes ago Up 5 minutes upbeat_noyce ➜ ~ </code></pre> </div> <ul> <li>For clean up after test </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl delete <span class="nt">-f</span> https://raw.githubusercontent.com/kubenetworks/kubevpn/master/samples/bookinfo.yaml </code></pre> </div> <h3> Multiple Protocol </h3> <ul> <li>TCP</li> <li>UDP</li> <li>ICMP</li> <li>GRPC</li> <li>WebSocket</li> <li>HTTP</li> <li>...</li> </ul> <h3> Cross-platform </h3> <ul> <li>macOS</li> <li>Linux</li> <li>Windows</li> </ul> <p>on Windows platform, you need to<br> install <a href="https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.2" rel="noopener noreferrer">PowerShell</a><br> in advance</p> <h2> FAQ </h2> <h3> 1, What should I do if the dependent image cannot be pulled, or the inner environment cannot access docker.io? </h3> <p>Answer: here are two solutions to solve this problem</p> <ul> <li>Solution 1: In the network that can access docker.io, transfer the image in the command <code>kubevpn version</code> to your own private image registry, and then add option <code>--image</code> to special image when starting the command. Example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn version KubeVPN: CLI Version: v2.0.0 DaemonVersion: v2.0.0 Image: docker.io/naison/kubevpn:v2.0.0 Branch: feature/daemon Git commit: 7c3a87e14e05c238d8fb23548f95fa1dd6e96936 Built <span class="nb">time</span>: 2023-09-30 22:01:51 Built OS/Arch: darwin/arm64 Built Go version: go1.20.5 </code></pre> </div> <p>Image is <code>docker.io/naison/kubevpn:v2.0.0</code>, transfer this image to private docker registry<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker pull docker.io/naison/kubevpn:v2.0.0 docker tag docker.io/naison/kubevpn:v2.0.0 [docker registry]/[namespace]/[repo]:[tag] docker push [docker registry]/[namespace]/[repo]:[tag] </code></pre> </div> <p>Then you can use this image, as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>➜ ~ kubevpn connect --image [docker registry]/[namespace]/[repo]:[tag] got cidr from cache traffic manager not exist, try to create it... pod [kubevpn-traffic-manager] status is Running ... </code></pre> </div> <ul> <li>Solution 2: Use options <code>--transfer-image</code>, enable this flags will transfer image from default image to <code>--image</code> special address automatically。 Example </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ kubevpn connect <span class="nt">--transfer-image</span> <span class="nt">--image</span> nocalhost-team-docker.pkg.coding.net/nocalhost/public/kubevpn:v2.0.0 v2.0.0: Pulling from naison/kubevpn Digest: sha256:450446850891eb71925c54a2fab5edb903d71103b485d6a4a16212d25091b5f4 Status: Image is up to <span class="nb">date </span><span class="k">for </span>naison/kubevpn:v2.0.0 The push refers to repository <span class="o">[</span>nocalhost-team-docker.pkg.coding.net/nocalhost/public/kubevpn] ecc065754c15: Preparing f2b6c07cb397: Pushed 448eaa16d666: Pushed f5507edfc283: Pushed 3b6ea9aa4889: Pushed ecc065754c15: Pushed feda785382bb: Pushed v2.0.0: digest: sha256:85d29ebb53af7d95b9137f8e743d49cbc16eff1cdb9983128ab6e46e0c25892c size: 2000 start to connect got cidr from cache get cidr successfully update ref count successfully traffic manager already exist, reuse it port forward ready tunnel connected dns service ok +---------------------------------------------------------------------------+ | Now you can access resources <span class="k">in </span>the kubernetes cluster, enjoy it :<span class="o">)</span> | +---------------------------------------------------------------------------+ ➜ ~ </code></pre> </div> <h3> 2, When use <code>kubevpn dev</code>, but got error code 137, how to resolve? </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dns service ok tar: Removing leading `/' from member names tar: Removing leading `/' from hard link targets /var/folders/30/cmv9c_5j3mq_kthx63sb1t5c0000gn/T/7375606548554947868:/var/run/secrets/kubernetes.io/serviceaccount Created container: server_vke-system_kubevpn_0db84 Wait container server_vke-system_kubevpn_0db84 to be running... Container server_vke-system_kubevpn_0db84 is running on port 8888/tcp: 6789/tcp:6789 now $ Status: , Code: 137 prepare to exit, cleaning up port-forward occurs error, err: lost connection to pod, retrying update ref count successfully ref-count is zero, prepare to clean up resource clean up successfully </code></pre> </div> <p>This is because of your docker-desktop required resource is less than pod running request resource, it OOM killed, so<br> you can add more resource in your docker-desktop setting <code>Preferences --&gt; Resources --&gt; Memory</code></p> <h3> 3, Using WSL( Windows Sub Linux ) Docker, when use mode <code>kubevpn dev</code>, can not connect to cluster network, how to solve this problem? </h3> <p>Answer:</p> <p>this is because WSL'Docker using Windows's Network, so if even start a container in WSL, this container will not use WSL<br> network, but use Windows network</p> <p>Solution:</p> <ul> <li>1): install docker in WSL, not use Windows Docker-desktop</li> <li>2): use command <code>kubevpn connect</code> on Windows, and then startup <code>kubevpn dev</code> in WSL</li> <li>3): startup a container using command <code>kubevpn connect</code> on Windows, and then startup <code>kubevpn dev --network container:$CONTAINER_ID</code> in WSL</li> </ul> <h3> 4,After use command <code>kubevpn dev</code> enter develop mode,but can't assess kubernetes api-server,occur error <code>172.17.0.1:443 connect refusued</code>,how to solve this problem? </h3> <p>Answer:</p> <p>Maybe k8s network subnet is conflict with docker subnet</p> <p>Solution:</p> <ul> <li>Use option <code>--connect-mode container</code> to startup command <code>kubevpn dev</code> </li> <li>Modify <code>~/.docker/daemon.json</code>, add not conflict subnet, eg: <code>"bip": "172.15.0.1/24"</code>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ <span class="nb">cat</span> ~/.docker/daemon.json <span class="o">{</span> <span class="s2">"builder"</span>: <span class="o">{</span> <span class="s2">"gc"</span>: <span class="o">{</span> <span class="s2">"defaultKeepStorage"</span>: <span class="s2">"20GB"</span>, <span class="s2">"enabled"</span>: <span class="nb">true</span> <span class="o">}</span> <span class="o">}</span>, <span class="s2">"experimental"</span>: <span class="nb">false</span>, <span class="s2">"features"</span>: <span class="o">{</span> <span class="s2">"buildkit"</span>: <span class="nb">true</span> <span class="o">}</span>, <span class="s2">"insecure-registries"</span>: <span class="o">[</span> <span class="o">]</span>, <span class="o">}</span> </code></pre> </div> <p>add subnet not conflict, eg: 172.15.0.1/24<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ ~ <span class="nb">cat</span> ~/.docker/daemon.json <span class="o">{</span> <span class="s2">"builder"</span>: <span class="o">{</span> <span class="s2">"gc"</span>: <span class="o">{</span> <span class="s2">"defaultKeepStorage"</span>: <span class="s2">"20GB"</span>, <span class="s2">"enabled"</span>: <span class="nb">true</span> <span class="o">}</span> <span class="o">}</span>, <span class="s2">"experimental"</span>: <span class="nb">false</span>, <span class="s2">"features"</span>: <span class="o">{</span> <span class="s2">"buildkit"</span>: <span class="nb">true</span> <span class="o">}</span>, <span class="s2">"insecure-registries"</span>: <span class="o">[</span> <span class="o">]</span>, <span class="s2">"bip"</span>: <span class="s2">"172.15.0.1/24"</span> <span class="o">}</span> </code></pre> </div> <p>restart docker and retry</p> <h2> Architecture </h2> <p>Architecture can be found <a href="///docs/en/Architecture.md">here</a>.</p> kubernetes devops cloud aws