This blog runs on my Raspberry Pi

栏目: IT技术 · 发布时间: 4年前

内容简介:"Inlets is a Cloud Native Tunnel written in Go, you can use it to connect services to other networks like the Internet through NAT, firewall and restrictive networks.inlets creates a tunnel between two networks using a web-socket and optional TLS for encry

What is Inlets

"Inlets is a Cloud Native Tunnel written in Go, you can use it to connect services to other networks like the Internet through NAT, firewall and restrictive networks.

inlets creates a tunnel between two networks using a web-socket and optional TLS for encryption. The main use-case for inlets is to expose a private API or service on the Internet, or to gain incoming network access (ingress) to a private network." - docs.inlets.dev

Let's get to the setup!

What I'll be demoing today is a flavour of Inlets which is open-source and can offer a L7-tunnel for HTTP/HTTPS, but if you want to expose your local server to L4 (or raw TCP traffic) with automatic encryption with TLS, then you can use inlets-pro and opt in for a free 14-day trial license.

The web service

For demo purposes I'll be creating the standard demo react-app, so make sure you have the latest version of node and npm installed on your machine

# Install create-react-app with npm
npm install -g create-react-app

# Create and run a react app
create-react-app hello-utsav
cd hello-utsav
npm start
This blog runs on my Raspberry Pi
The react app starts up in a new window, running on port 3000 by default

Download inletsctl and inlets

In this demo we're going to use a tool called inletsctl which under the inlets umbrella and helps you to download inlets/inlets-pro, provision a instance automatically with the help of a user provided service account and gives example commands that helps you delete the instance aka the exit-node when you're done with it. To download inletsctl simply run:

# Download and install inletsctl
sudo curl -sLSf https://inletsctl.inlets.dev | sh

# Download and install inlets
sudo inletsctl download
This blog runs on my Raspberry Pi
We have inletsctl and inlets installed!

Get a service account key file from Google Cloud Platform

Now we want set up ourselves with a service account key credential which is authorized to create an exit-node on Google Compute Engine.

We can use inletsctl to provision exit-nodes on almost every major cloud platform like Google Cloud Platform , AWS , Azure , DigitalOcean , Civo , Scaleway and Packet .

But I'm going to use Google Cloud Platform today, more specifically GCE because I love GCP + I'm also the one responsible for writing the Google Compute Engine provisioner :heart:

We can get the service account key file by using the Google Cloud Console as well as by using the gcloud command line tool for Google Cloud if you have that setup already configured with your account and project (If you don't you can follow the instructions here ).

Getting the service account key file from Google Cloud Console:

Step 1: Navigate to console.cloud.google.com and select the project you want to use

This blog runs on my Raspberry Pi

Step 2: Click on the Hamburger icon and go to IAM & Admin > Service Accounts and click on " + Create Service Account"

Step 3: Put in a service account name and a description and click Create

This blog runs on my Raspberry Pi

Step 4: Assign the Service Account User role and Compute Admin role to the service account and click Continue

This blog runs on my Raspberry Pi

Step 5: Now in the Create key (optional) section click on the " + CREATE KEY" button. A right pane will appear, choose JSON from the radio button as the key type and click CREATE to download it, then click on " DONE"

MAKE SURE NOT TO SHARE THIS SERVICE ACCOUNT KEY FILE WITH ANYONE!

This blog runs on my Raspberry Pi
This blog runs on my Raspberry Pi

Get a service account key file from gcloud CLI

We can get the service account key file by using gcloud just as we did with the cloud console. I have documented the instructions for creating the service account file as a PR in the official inletsctl repo which you can find here , but I'm going to document the same here anyway!

# Get current projectID
export PROJECTID=$(gcloud config get-value core/project 2>/dev/null)

# Create a service account
gcloud iam service-accounts create inlets \
--description "inlets-operator service account" \
--display-name "inlets"

# Get service account email
export SERVICEACCOUNT=$(gcloud iam service-accounts list | grep inlets | awk '{print $2}')

# Assign appropriate roles to inlets service account
gcloud projects add-iam-policy-binding $PROJECTID \
--member serviceAccount:$SERVICEACCOUNT \
--role roles/compute.admin

gcloud projects add-iam-policy-binding $PROJECTID \
--member serviceAccount:$SERVICEACCOUNT \
--role roles/iam.serviceAccountUser

# Create inlets service account key file
gcloud iam service-accounts keys create key.json \
--iam-account $SERVICEACCOUNT

Now lets use inletsctl to provision our exit node!

Since we already have the service account key file from using either the Google Cloud Console or gcloud cli, now we're going to run inletsctl to provision our exit-node. Even though the exit-node should be chosen to be provisioned at the nearest geographical zone from you, I'm going to use the us-central1-a zone to provision my exit-node for demo purposes because at the time of writing this post you get 720 hrs free every month with the default machine type used by the inletsctl GCE provisioner code i.e., a f1-micro machine, making it run for almost free!

Now we can simply run:

# Running inletsctl create with gce as the provisioner

inletsctl create -p gce --project-id=$PROJECTID -f key.json

# If you want your exit-node to be something else other than the default us-central1-a zone, you can specify it with the `-f` flag as

inletsctl create -p gce --project-id=$PORJECTID -z europe-west4-a

A great thing about using GCE as the provisioner is that the exit nodes provision within seconds! Most of the times in less that 10 seconds!

This blog runs on my Raspberry Pi
Exit node got provisioned within 10 secs!

We get some output from inletsctl that we can simply copy and paste to connect to our exit node! In out case since our upstream server is running on port 3000, we would export the UPSTREAM env var with the value: http://127.0.0.1:3000

➜  ~ inletsctl create -p gce --project-id=$PROJECTID -f key.json
Using provider: gce
Requesting host: xenodochial-goldwasser4 in us-central1-a, from gce
2020/04/25 16:53:30 Creating firewall exists, updating: inlets
Host: xenodochial-goldwasser4|us-central1-a|uts-1382, status: provisioning
[1/500] Host: xenodochial-goldwasser4|us-central1-a|uts-1382, status: STAGING
[2/500] Host: xenodochial-goldwasser4|us-central1-a|uts-1382, status: STAGING
[3/500] Host: xenodochial-goldwasser4|us-central1-a|uts-1382, status: active
Inlets OSS exit-node summary:
  IP: 34.67.138.34
  Auth-token: Xwq1CHYZAsRCQeI9lJL7JYAs7hsNqZiaJV572GUXbySazlBETZgU6ocSd8tX6AWI

Command:
  export UPSTREAM=http://127.0.0.1:8000
  inlets client --remote "ws://34.67.138.34:8080" \
	--token "Xwq1CHYZAsRCQeI9lJL7JYAs7hsNqZiaJV572GUXbySazlBETZgU6ocSd8tX6AWI" \
	--upstream $UPSTREAM

To Delete:
	inletsctl delete --provider gce --id "xenodochial-goldwasser4|us-central1-a|uts-1382"

Lets connect to our exit-node!

export UPSTREAM=http://127.0.0.1:3000
inlets client --remote "ws://34.67.138.34:8080" \
--token "Xwq1CHYZAsRCQeI9lJL7JYAs7hsNqZiaJV572GUXbySazlBETZgU6ocSd8tX6AWI" \
--upstream $UPSTREAM

You would get an output like this :point_down|type_4:

This blog runs on my Raspberry Pi

Now that we're connected, if we visit the external IP address of the exit-node in our browser we get our familiar hello-world react app

This blog runs on my Raspberry Pi

The best part is editing the source code on your workstation also edits the content the external IP live! I have an upcoming feature as PR to inletsctl that will allow for creating a temporary tunnel, something valuable for say a remote web developer who might want to share his work with his clients, and automatically delete the tunnel when he's done previewing!

But now since we don't have that feature yet! Let's delete our tunnel with the output we got from inletsctl while creating our tunnel!

NOTE: Make sure to provide the -f flag with the service account key file as the output command can't know in advance what you named your service account file as

# Delete the exit-node from our Google Cloud Platform project
inletsctl delete --provider gce --id "xenodochial-goldwasser4|us-central1-a|uts-1382" -f key.json

You'll should get an output as under

This blog runs on my Raspberry Pi

My Thoughts

In my opinion inlets is a really powerful tool for developers as well as enterprises who want their edge devices exposed to the internet! We already have many use-cases of inlets being used in production!

Infact this entire blog post that you just read about inlets, is actually running on a two node Raspberry Pi 3 Kubernetes Cluster taking advantage of another umbrella project called inlets-operator. So the only time my blog will be down is when I'm out of power or if my Internet is down!

This blog runs on my Raspberry Pi
Waiting for the lockdown to be over to get this messy setup arranged with some standoffs

I'll write about how I managed to get this setup up and running in a future post!


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

游戏测试精通

游戏测试精通

舒尔茨 / 周学毛 / 清华大学出版社 / 2007-9 / 48.00元

《游戏测试精通》来自3位在游戏测试领域都有着极其丰富经验的专业人员,是亚马逊“五星级”畅销书,也是国内第一本专业级游戏测试经典之作,不仅内容全面、实例丰富,而且讲解透彻、可读性强,并提供多个资源下载和技术支持站点。现如今,游戏产业发展迅猛,游戏测试已成为游戏产品、游戏软件、游戏程序设计与开发不可或缺的环节。《游戏测试精通》主要揭示了如何将软件测试的专业方法运用到游戏产业中,全面涵盖了游戏测试的基本......一起来看看 《游戏测试精通》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

CSS 压缩/解压工具
CSS 压缩/解压工具

在线压缩/解压 CSS 代码

随机密码生成器
随机密码生成器

多种字符组合密码