Ktunnels

Kubernetes controller for port-forwarding from your machine to remote hosts via Envoy TCP proxy

Generate Convert Improve

Install / Use

/learn @int128/Ktunnels

About this skill

Quality Score

0/100

README

ktunnels

This is a Kubernetes controller to set up an Envoy Proxy for port-forwarding from your computer to remote hosts.

Purpose

For local development, it is nice to develop an application using a real database. If a database is running in a private network and outside a cluster, such as Amazon RDS or Azure Database, it is unreachable from your computer.

This allows you to connect from your computer to a host outside a cluster. You just run kubectl port-forward and set up your application to connect to localhost.

diagram

This solution is an alternative of SSH or SOCKS bastion. You no longer maintain your bastion servers.

Getting Started

For administrator

Deploy the controller.

kubectl apply -f https://github.com/int128/ktunnels/releases/download/v0.9.2/ktunnels.yaml

For user

Create a Proxy resource and Tunnel resource.

# kubectl apply -f proxy.yaml
apiVersion: ktunnels.int128.github.io/v1
kind: Proxy
metadata:
  name: default

# kubectl apply -f tunnel.yaml
apiVersion: ktunnels.int128.github.io/v1
kind: Tunnel
metadata:
  name: backend-db
spec:
  host: backend-db.staging
  port: 5432
  proxy:
    name: default

Run port-forward on your computer.

kubectl port-forward svc/backend-db 5432:5432

You can connect to the database via localhost:5432.

How it works

This controller sets up a set of Deployment and ConfigMap for each proxy.

% kubectl tree proxy default
NAMESPACE  NAME                                               READY  REASON  AGE
default    Proxy/default                                      -              5m9s
default    ├─ConfigMap/ktunnels-proxy-default                 -              5m9s
default    └─Deployment/ktunnels-proxy-default                -              5m9s
default      └─ReplicaSet/ktunnels-proxy-default-5db5d68b6c   -              5m9s
default        └─Pod/ktunnels-proxy-default-5db5d68b6c-wnncc  True           5m9s

It also sets up a Service for each tunnel.

% k tree tunnel main-db
NAMESPACE  NAME                             READY  REASON  AGE
default    Tunnel/main-db                   -              32m
default    └─Service/main-db                -              32m
default      └─EndpointSlice/main-db-cxx65  -              32m

Contributions

This is an open source software licensed under Apache License 2.0. Feel free to open issues and pull requests for improving code and documents.

Related Skills

node-connect

338.7k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

xurl

338.7k

A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.

frontend-design

83.6k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

338.7k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).