Development#
Environment#
The following provides details on how to run any of the SDC components locally on the developers machine, allowing to use e.g. the debugging mode.
Setup#
Telepresence is used to "highjack" the tcp connection endpoints and redirect it to the development machine. Hence install Telepresence on the development machine.
Install Telepresence on Dev machine#
sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/v2.20.2/telepresence-linux-amd64 -o /usr/local/bin/telepresence
sudo chmod a+x /usr/local/bin/telepresence
sudo bash -c "/usr/local/bin/telepresence completion bash > /etc/bash_completion.d/telepresence"
Install Telepresence in K8s cluster#
telepresence helm install
telepresence helm upgrade --set client.routing.allowConflictingSubnets="{10.0.0.0/8}"
Connect#
Connect to the telepresence service in the cluster, using the namespace network-system.
Intercept Service Traffic#
Config Server#
telepresence intercept config-server-api --workload config-server --service config-server --port 6443:api-service
mounts
telepresence allows for the mounts of the config-server pod to be forwarded via sshfs to the dev machine.
It might be necessary to set the user_allow_other
in the fuse config file /etc/fuse.conf
.
Data Server#
iptables error
Telepresence allows also to intercept only traffic, without adding an init-container. To do that, it is necessary to have named ports, not only numbered ones. Therefore, adding a name to the data-server ports and adding the same name to the data-service will resolve the problem.
Retrieve Config-Server Api-Service Certificate#
kubectl get secrets -n network-system config-server-cert -o jsonpath="{.data['tls\.crt']}" | base64 -d | tee tls.crt
kubectl get secrets -n network-system config-server-cert -o jsonpath="{.data['tls\.key']}" | base64 -d | tee tls.key
Prepare kubeconfig#
# copy actual ~/.kube/config
cp ~/.kube/config ./kubeconfig
# delete the users section via yq
yq -i 'del(.users)' kubeconfig
Retrieve ServiceAccount Token#
Retrieve a 30 day valid ServiceAccount token and put it into the kubeconfig.
kubectl config --kubeconfig ./kubeconfig set-credentials kind-kind --token=$(kubectl create token -n network-system --duration 720h config-server)
Run config-server locally#
The VSCode configuration is as follows. The Data-Server has to be started first, then the Config-Server can be started.
{
"name": "Launch Package",
"type": "go",
"request": "launch",
"mode": "debug",
"program": "${workspaceFolder}/main.go",
"cwd": "${workspaceFolder}",
"args": [
"--tls-cert-file=./tls.crt",
"--tls-private-key-file=./tls.key",
"--audit-log-path=-",
"--audit-log-maxage=0",
"--audit-log-maxbackup=0",
"--secure-port=6443",
"--kubeconfig=./kubeconfig",
"--authorization-kubeconfig=./kubeconfig",
"--authentication-kubeconfig=./kubeconfig",
],
"env": {
"SDC_SCHEMA_SERVER_BASE_DIR": "/tmp/SDC/SchemaBase",
"SDC_CONFIG_DIR": "/tmp/SDC/Config"
},
"console": "integratedTerminal",
}