Hello,
I’m new to Istio. And k8s.
I want to be able to locally debug applications that are running in the cluster.
I found a pretty nice setup that allows me to redirect my Virtual service traffic to my local computer. I can do breakpoints and all. It’s great.
It’s all good until the service needs to communicate with another one.
So I’m looking for a way that my locally running app could somehow resolve and communicate with services that are running in the cluster. In other words, I’m looking for a way to transparently run a local app that would behave exactly like it would be part of the cluster.
I’ve set up a 2 nodes + 1 master rk8s cluster on aws.
I’ve set up an OIDC provider with single sign on (Keycloak)
I have a service (say BookingService), behind a VirtualService.
In the Deployment template, I have
- the BookingService container running the app,
- Keyclaok Gatekeeper (an OIDC proxy).
Whenever I reach for booking.example.com, I get redirected to keycloak if I’m not signed in, otherwise I can reach the service.
For development:
I have ngrok running on my local machine. Say aihdjawihjd.ngrok.com that points to my localhost.
I’ve set up the Keycloak Gatekeeper upstream to be aihdjawihjd.ngrok.com.
In effect, Gatekeeper adds an nginx proxy_pass clause pointing to aihdjawihjd.ngrok.com.
On my local machine, I have my application running in debug mode, listening to port 5000. This works great. If I reach booking.example.com, I can see that traffic is redirected to my local machine. I even successfully get the Keycloak Bearer token.
Now let’s say that the BookingService must send an HTTP request to BlaService, which is running in the cluster and not exposed through a Gateway. When I’m not debugging the app locally (when the app is running in the cluster), it would work as envoy would do that for me.
But since the application is running locally, there’s no way that if my app sends a request to http://bla , that it would magically communicate with a service within the mesh.
Is there a way that I could somehow tunnel into the cluster, so that my locally running BookingService app on localhost:5000 could talk to some service into the cluster? Is there some clever networking trick that I could use?
The problem is twofold. The inbound traffic needs to land on my local machine. And outbound traffic from my local app needs to land on a service in the cluster. I solved the inbound part. But I need help to solve the outbound part…