Kube Web Proxy: Easy access to internal Kubernetes services

about | archive


[ 2020-January-20 12:12 ]

Lots of programs export debugging information via HTTP, such as Go's /debug/pprof/ handler. If you are using Kubernetes, accessing these internal interfaces is a pain. You need to use kubectl port-forward, or SSH to the cluster. This also means you can't share links with your team. I made a proof-of-concept proxy to make this easier. You authenticate with it, and it shows you all the services and ports in your cluster. When you click on one, it proxies the request for you. This is barely working, and I'm not planning on improving it further. I'm just surprised that this doesn't seem to exist yet, since it could be useful with a bit more polish. For example: this lets you share links to internal web apps, without any configuration.

screenshot

If you are curious, see the kubewebproxy github repository. The biggest hack is the proxy needs to know which service/port you want to access. I put /namespace/service/port in the URL path, which means I need to rewrite HTML and redirects. It means JavaScript, cookies, and probably many other web features are broken, but the stuff I wanted to access doesn't use them. It would be better to use a host name, such as https://port.service.namespace.example.com/..., but setting up wildcard DNS and TLS certificates is more complicated than a single host. There were a few interesting lessons in creating this: