https://linen.dev logo
#feedback-and-requests
Title
# feedback-and-requests
k

kz

08/17/2021, 12:03 PM
Hello all. I've deployed Airbyte in our GKE environment, but cannot access the webapp via
kubectl --proxy
- which is how we access internal-use webpages under our security model. I honestly wasn't sure if this should be a bug or a feature request. I submitted this ticket as a bug since it's affecting our ability to use the product. Please let me know if I can help
u

user

08/17/2021, 12:10 PM
Hmm I'm not familiar with kubectl proxy, I usually use kubectl port-forward
u

user

08/17/2021, 12:10 PM
what is the exact command you are using?
k

kz

08/17/2021, 12:15 PM
The way our environment is setup we pull the google cloud sdk
FROM google/cloud-sdk:323.0.0
in our
Dockerfile
and then deploy a proxy service in our
docker-compose.yaml
Copy code
# enable kubectl proxy
  kube-dash:
    build: .
    working_dir: /our-ops-project
    ports:
     - "8001:8001"
    volumes:
      - local-gcp-data-volume:/root/.config
      - local-kube-data-volume:/root/.kube
      - .:/our-ops-project
    entrypoint: ["kubectl", "proxy", "--address=0.0.0.0"]
volumes:
  local-gcp-data-volume: {}
  local-kube-data-volume: {}
u

user

08/17/2021, 12:16 PM
This runs the
kubectl proxy
command in the background and we then access web-based services by appending the
proxy
verb to the k8s api url like so
<http://localhost:8001/api/v1/namespaces/airbyte/services/airbyte-webapp-svc/proxy/>
u

user

08/17/2021, 12:25 PM
so you don't have direct access to the kubernetes cluster?
u

user

08/17/2021, 12:27 PM
I'm not very familiar with this set up - it seems quite non-standard - most examples I see use
kubectl --port-forward
in the command line without any containers
u

user

08/17/2021, 12:28 PM
looks like the
proxy
flag starts a proxy server to the K8s control api instead of the airbyte webapp pod - https://kubernetes.io/docs/tasks/extend-kubernetes/http-proxy-access-api/#using-kubectl-to-start-a-proxy-server
u

user

08/17/2021, 12:32 PM
The idea behind our setup is not to have to install anything other than go, git, and Docker. This keeps our ops self-contained so all we have to do is pull the ops repo, run docker-compose, and we're up and running. So we access our cluster via a google cloud SDK container. We routinely use the proxy for accessing internal webpages such as Adminer.
u

user

08/17/2021, 12:33 PM
Got it. Can you double check that the proxy is hitting the webapp pod? I don't see any indication in the above example that it's configured to do so
k

kz

08/17/2021, 12:37 PM
It is. There's a special
/proxy
that you append to the end of the URL that allows you to hit the underlying service. I believe this is a relative path issue. I can do View->Source and see that there is html being downloaded. For example the URL for the favicon shows up as
href="/api/v1/namespaces/airbyte/services/airbyte-webapp-svc/proxy/favicon.ico"
, but the javascript for the application fails with 404
GET <http://localhost:8001/static/js/1.687a2971.chunk.js> net::ERR_ABORTED 404 (Not Found)
u

user

08/17/2021, 12:44 PM
I'm not a web developer, but I hack around a bit. I found this
<link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
u

user

08/17/2021, 12:55 PM
from the documentation it looks like this approach only supports serving static content -
Copy code
Creates a proxy server or application-level gateway between localhost and the Kubernetes API server. It also allows serving static content over specified HTTP path.
Our webapp isn't static - there is an Nginx in there, so I'm guessing that's why this is failing
u

user

08/17/2021, 12:56 PM
what if we replace the proxy command with a port-forward to the webapp svc in the docker compose file?
u

user

08/17/2021, 1:00 PM
We’ve never tried that honestly. This method worked for the thing we needed it for three years ago. I can investigate if we can get port forward to work on our system
u

user

08/17/2021, 1:02 PM
It looks like there’s an option to bind to “0.0.0.0” - which is the critical part for us
u

user

08/17/2021, 1:06 PM
@Davin Chia (Airbyte) Do you happen to know off hand if specifying the namespace is required for
port forward
?
k

kz

08/17/2021, 1:08 PM
Only if the namespace isn't the default namespace
u

user

08/17/2021, 1:14 PM
Well ho-lee $#!t
u

user

08/17/2021, 1:16 PM
This did it
u

user

08/17/2021, 1:16 PM
Copy code
entrypoint: ["kubectl", "port-forward", "--address=0.0.0.0", "--namespace=airbyte", "svc/airbyte-webapp-svc", "8000:80"]
u

user

08/17/2021, 1:19 PM
THANK YOU @Davin Chia (Airbyte)
u

user

08/17/2021, 1:19 PM
You are welcome 🙂
k

kz

08/17/2021, 1:20 PM
Can you comment on the above issue and close it?
u

user

08/17/2021, 1:22 PM
No prob
u

user

08/17/2021, 1:25 PM
Thanks!
2 Views