This is an easy way to access any of the pod services or pods from an external network. Below are instructions on how to setup a SOCK5 proxy server and then how to configure Firefox running on a desktop to use the proxy server.
The SOCK5 proxy server app is the ssh “Dynamic port forwarding” feature. To enable it, a ssh session must be created with a pod using the ‘-D’ option. The below instructions where tested in ONAP Amsterdam and use the portal-vnc pod.
First connect to your portal-vnc pod.
kubectl exec -it $(kubectl get pod -lapp=portal-vnc -o jsonpath="{..metadata.name}") bash
On the portal-vnc pod Install openssh-server and just use the factory settings
apt update apt install openssh-server service ssh start
On the portal-vnc pod, copy over a public ssh key. For details on ssh key pair see https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
mkdir /root/.ssh cat >> /root/.ssh/authorized_keys << EOF put the public key here EOF
To be able to create a ssh session from a client external to kubernetes, a NodePort must be created for the session to pass through. So on a box running the kubectl client , Create the following file and fill in the NAMESPACE and NODE-PORT.
cat > portal-vnc-service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: portal-vnc-ssh
labels:
app: portal-vnc-ssh
namespace: NAMESPACE
spec:
ports:
- name: portal-3
nodePort: NODE-PORT
port: 22
protocol: TCP
targetPort: 22
selector:
app: portal-vnc
type: NodePort
EOF
Create the Service in kubernetes
kubectl create -f ./portal-vnc-service.yaml
Start the sock 5 proxy server by opening a ssh session to the portal-vnc with Dynamic port forwarding enabled (-D).
On the host where the ssh private key resides, executed the following command with the appropriate values. The address of the proxy server will be 'socks5://localhost:PROXY-PORT' where localhost is where the ssh session is initiated from.
ssh -D <PROXY-PORT> -p <NODE-PORT> root@<KUBE-MASTER-NODE-IP>
This will behave like a regular ssh session to portal-vnc.
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.9.78-rancher2 x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Last login: Mon Jun 4 16:56:31 2018 from 10.42.0.0 root@portal-vnc-59679d7f99-gbrlf:~#
Closing the ssh session will close the proxy server too.
Get the service IPs from portal-vnc from its the /etc/hosts file.
cat /etc/hosts 10.43.142.185 sdc.api.be.simpledemo.onap.org 10.43.180.235 portal.api.simpledemo.onap.org 10.43.227.25 sdc.api.simpledemo.onap.org 10.43.8.165 vid.api.simpledemo.onap.org 10.42.0.149 aai.api.simpledemo.onap.org
Then add host ip mappings to the /etc/hosts where the ssh session was initiated from.
Don't just copy and paste the ip from this block post. The IPs are different on each ONAP deployment
sudo cat >> /etc/hosts << EOF 10.43.142.185 sdc.api.be.simpledemo.onap.org 10.43.180.235 portal.api.simpledemo.onap.org 10.43.227.25 sdc.api.simpledemo.onap.org 10.43.8.165 vid.api.simpledemo.onap.org 10.42.0.149 aai.api.simpledemo.onap.org EOF
The proxy server can be configured with most web bowsers. Here is an easy way to configure it in Firefox. Just open Firefox preferences by typing 'about:preferences' in the address bar. Then search for proxy and click on the settings button that appears. Finally enter the SOCKs details.
The port 32003 in the following screen shot is the-D <PROXY-PORT> it the entered in the ssh command above.
Once configured just enter the 'http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm' and then firefox will open up the ONAP portal. Firefox will have access to any of the onap service IP. Firefox must run on the same host where the ssh session was initiated from and were the /etc/hosts modified.
2 Comments
Hector Anapan-Lavalle
Since portal vnc is not available in Amsterdam anymore, what is the way to do it in Beijing+ releases?
Hector Anapan-Lavalle
Found the answer to my question here, just for reference: Accessing ONAP Portal using OOM and a Kubernetes Cluster