https://linen.dev logo
Join Slack
Powered by
Hello all. I've deployed Airbyte in our GKE enviro...
# feedback-and-requests
k
Hello all. I've deployed Airbyte in our GKE environment, but cannot access the webapp via 
kubectl --proxy
- which is how we access internal-use webpages under our security model. I honestly wasn't sure if this should be a bug or a feature request. I submitted this ticket as a bug since it's affecting our ability to use the product. Please let me know if I can help
u
Hmm I'm not familiar with kubectl proxy, I usually use kubectl port-forward
u
what is the exact command you are using?
k
The way our environment is setup we pull the google cloud sdk 
FROM google/cloud-sdk:323.0.0
in our 
Dockerfile
and then deploy a proxy service in our 
docker-compose.yaml
Copy code
# enable kubectl proxy
  kube-dash:
    build: .
    working_dir: /our-ops-project
    ports:
     - "8001:8001"
    volumes:
      - local-gcp-data-volume:/root/.config
      - local-kube-data-volume:/root/.kube
      - .:/our-ops-project
    entrypoint: ["kubectl", "proxy", "--address=0.0.0.0"]
volumes:
  local-gcp-data-volume: {}
  local-kube-data-volume: {}
u
This runs the 
kubectl proxy
command in the background and we then access web-based services by appending the 
proxy
verb to the k8s api url like so 
<http://localhost:8001/api/v1/namespaces/airbyte/services/airbyte-webapp-svc/proxy/>
u
so you don't have direct access to the kubernetes cluster?
u
I'm not very familiar with this set up - it seems quite non-standard - most examples I see use 
kubectl --port-forward
in the command line without any containers
u
looks like the 
proxy
flag starts a proxy server to the K8s control api instead of the airbyte webapp pod - https://kubernetes.io/docs/tasks/extend-kubernetes/http-proxy-access-api/#using-kubectl-to-start-a-proxy-server
u
The idea behind our setup is not to have to install anything other than go, git, and Docker. This keeps our ops self-contained so all we have to do is pull the ops repo, run docker-compose, and we're up and running. So we access our cluster via a google cloud SDK container. We routinely use the proxy for accessing internal webpages such as Adminer.
u
Got it. Can you double check that the proxy is hitting the webapp pod? I don't see any indication in the above example that it's configured to do so
k
It is. There's a special 
/proxy
that you append to the end of the URL that allows you to hit the underlying service. I believe this is a relative path issue. I can do View->Source and see that there is html being downloaded. For example the URL for the favicon shows up as 
href="/api/v1/namespaces/airbyte/services/airbyte-webapp-svc/proxy/favicon.ico"
, but the javascript for the application fails with 404 
GET <http://localhost:8001/static/js/1.687a2971.chunk.js> net::ERR_ABORTED 404 (Not Found)
u
I'm not a web developer, but I hack around a bit. I found this 
<link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
u
from the documentation it looks like this approach only supports serving static content -
Copy code
Creates a proxy server or application-level gateway between localhost and the Kubernetes API server. It also allows serving static content over specified HTTP path.
Our webapp isn't static - there is an Nginx in there, so I'm guessing that's why this is failing
u
what if we replace the proxy command with a port-forward to the webapp svc in the docker compose file?
u
We’ve never tried that honestly. This method worked for the thing we needed it for three years ago. I can investigate if we can get port forward to work on our system
u
It looks like there’s an option to bind to “0.0.0.0” - which is the critical part for us
u
@Davin Chia (Airbyte) Do you happen to know off hand if specifying the namespace is required for 
port forward
?
k
Only if the namespace isn't the default namespace
u
Well ho-lee $#!t
u
This did it
u
Copy code
entrypoint: ["kubectl", "port-forward", "--address=0.0.0.0", "--namespace=airbyte", "svc/airbyte-webapp-svc", "8000:80"]
u
THANK YOU @Davin Chia (Airbyte)
u
You are welcome 🙂
k
Can you comment on the above issue and close it?
u
No prob
u
Thanks!
2 Views
Open in Slack
PreviousNext
Powered by