-
Hi gefyra, Thanks for this great software. I did try this on a remote cluster but got a message I don't have rights to create a namespace. Some digging in the source indicated this only works within a 'gefyra' namespace. To me it seems this makes it (currently ?) unable to work inside a cloud-based cluster with namespaces already defined ? Is this correct ? Thanks ! |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 2 replies
-
Hey @sander76 thank you for your question! We're currently on holiday in Germany - the team will get back to you within the next couple of days! Stay tuned! |
Beta Was this translation helpful? Give feedback.
-
Hi @sander76, you're correct, gefyra is currently limited to only work in a |
Beta Was this translation helpful? Give feedback.
-
Hi @tschale , Thanks for the reply. First a thing to know: My knowledge on this matter is intermediate at best. My current work environment is a remote openshift kubernetes cluster with two namespaces: dev and prod. Currently I have two ways of access, both of which are only partly usable: From my local machine I can access our remote services (API http endpoints) by going through an sso login procedure which involves redirects and user interactions inside a browser. This is only useful for "human" interaction with a service: It has no use for an automated test prodedure, where I am unable to go through the login procedure. Another way of access is to exchange keys (using a copy paste action) which involves kubectl port forwarding from local to a remote service. This is -kind of- useful in that it allows access from my local test procedure, but the login is elaborate and involves setting special test endpoints among other hurdles to take. I am familiar with wireguard, so I am/was under the impression that my local machine becomes part of the remote network which could pretty much remove all boundaries of accessing them. Hope this makes sense. |
Beta Was this translation helpful? Give feedback.
-
Hi @sander76
That's it. You run From the latest CLI release (0.7.x) on, Gefyra checks its ability to communicate with the cluster. In case it's not working, Gefyra rolls everything back and you can review the Finally, Gefyra offers you to run any container locally on your local machine (with all the advantages) that behaves as it would be part of the target cluster namespace. For example if you would like to have an Ubunut running in the cluster namespace "dev" you can simply do:
(-i = docker image, -N = name of your local container instance, -n = Kubernetes namespace, -c = command to keep the container instance running) and then:
which will drop you into a bash shell that runs in the Kubernetes namespace "dev". You can confirm it working by installing ( Remove it with Please consider it is intended that Gefyra explicitly does not make your entire development machine to become part of the cluster. Rather your local containers can become part of a Kubernetes namespace by running Installing Gefyra to a specific Kubernetes namespace (let's say like so |
Beta Was this translation helpful? Give feedback.
-
Btw: I took the example from here: https://gefyra.dev/usecases/ubuntu-in-namespace/ |
Beta Was this translation helpful? Give feedback.
-
Hi @sander76 |
Beta Was this translation helpful? Give feedback.
-
Sorry for not responding earlier. I had some days off. This is still on my radar, but it is something I need to discuss with my team first. For starters, I don't have the required privileges. I'll update you asap. Sander. |
Beta Was this translation helpful? Give feedback.
Hi @sander76
Thank you very much for elaborating your setup. In short: Gefyra is supposed to work on remote clusters just as well as on local Kubernetes installations. However, there are two points to consider:
That's it.
You run
gefyra up --endpoint ip:port
with ip:port being the address to one of your cluster nodes. If there is no firewall hiding the cluster nodes from you network, the node port is 31820…