Hacker News new | ask | show | jobs
by lvh 2310 days ago
How do you do the forwarding? (That’s an interesting question to me by itself, but I ask because it seems like that feature is just as good outside of k8s too :))
5 comments
vindarel 2310 days ago
Generally, here's how to connect to a remote running lisp image, and send changes from one's comfortable editor: https://lispcookbook.github.io/cl-cookbook/debugging.html#re...
link
simiones 2310 days ago
With k8s, you just create a service of type NodePort and it assigns a free external port for that service, which is mapped back to a specific port in the Lisp container.
link
atgreen 2310 days ago
Don't do this... You only need the connection for development purposes, so use "kubectl port-forward", which gives you the auth you'll need as well.
link
lvh 2310 days ago
I know of NodePort, but last i checked it’s a low-level constrict that doesn’t do anything like, say, authn—so that doesn’t seem like a complete answer.
link
ohithereyou 2310 days ago
What sort of encryption and authentication can I expect if I do that? Can anybody who guesses the port dump code into my running Lisp instance?
link
e12e 2310 days ago
This is entirely to hard to find the answer to in the kubernetes/kubectl documentation. Apparently the forward is done via socat over tls:

https://stackoverflow.com/questions/50645059/is-kubectl-port...

And socat is mentioned in:

https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/po...

I didn't actually manage to find out what or how socat is called - but I'm also on mobile, so it's a little convoluted to browse source code.

Anyone know where the call to socat happens, after kubectl port-forward?

link
simiones 2309 days ago
The encryption and authentication that the Lisp image exposes :)

Someone else mentioned that kubectl port-forward also adds these for you, so if you are not in a private cluster, it may be a better option.

link
ivan4th 2310 days ago
kubectl port-forward my-lisp-pod 4005:4005

then M-x slime-connect localhost 4005

link
messe 2310 days ago
Outside of k8s, which I'm not familiar with, ssh can do port forwarding.
link
lvh 2310 days ago
Sure, I know general techniques and k8s-specific ones (and have used production SSH-to-programming environment REPLs with twisted). I’m asking partially because my job these days is to secure setups like these :)
link
atgreen 2310 days ago
ivan4th had the right answer. Use the "kubectl port-forward" command.

BTW, here's a k8s-hosted app I wrote using this approach: https://github.com/atgreen/red-light-green-light

link