Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With k8s, you just create a service of type NodePort and it assigns a free external port for that service, which is mapped back to a specific port in the Lisp container.


Don't do this... You only need the connection for development purposes, so use "kubectl port-forward", which gives you the auth you'll need as well.


I know of NodePort, but last i checked it’s a low-level constrict that doesn’t do anything like, say, authn—so that doesn’t seem like a complete answer.


What sort of encryption and authentication can I expect if I do that? Can anybody who guesses the port dump code into my running Lisp instance?


This is entirely to hard to find the answer to in the kubernetes/kubectl documentation. Apparently the forward is done via socat over tls:

https://stackoverflow.com/questions/50645059/is-kubectl-port...

And socat is mentioned in:

https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/po...

I didn't actually manage to find out what or how socat is called - but I'm also on mobile, so it's a little convoluted to browse source code.

Anyone know where the call to socat happens, after kubectl port-forward?


The encryption and authentication that the Lisp image exposes :)

Someone else mentioned that kubectl port-forward also adds these for you, so if you are not in a private cluster, it may be a better option.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: