Huge thanks to Stephen Williams ( @scienteer ) for the inspiration for this feature!
Let’s use Slack’s Nebula VPN rig, nginx, k8s and some magic to enable local development from an EKS cluster!
Cut the cert:
nebula-cert sign -ca-crt /tmp/ca.crt -ca-key /tmp/ca.key -out-crt /tmp/bkroger.crt -out-key /tmp/bkroger.key -name bkroger-local -ip 192.168.100.19/24Nebula config:
Let’s connect!
sudo nebula -config nebula.yamlAssuming the VPN connected, now we need to setup a quick and dirty nginx rig:
docker run -p 80:80 nginxLove how easy docker makes this!
Now let’s make the ingress and service objects in our namespace:
And now we can hit: https://www.fqdn.com/bkroger and land on my local machine.
So here’s the workflow:
- www.fqdn.com ( route53 ) points to an NLB. This is, obviously a L4 LB.
- That NLB forwards to the nginx pod with the various reverse proxy configs setup by using the Ingress objects on the cluster.
- Nginx then reverse proxies to the service, in this case the service is just pointing back to the 192.168.100.19 IP.
- The 192.168.100.19 IP is my nebula host; requests from k8s get handled on my local machine by nginx.
Now I can serve content via our global front end from my local workstation, which makes my development life easier.
