Dear Colleagues,
I am writing to share a noteworthy use case that exemplifies the seamless integration of secure remote access within Kubernetes environments. This accomplishment was achieved within the context of a dedicated educational laboratory setup. The success of this endeavor was realized through the adept utilization of Harmony Connect, an innovative solution that streamlines secure connectivity and efficient communication among diverse services within Kubernetes frameworks.
The Challenge:
Within the educational laboratory environment, a key challenge emerged: the need to ensure both transparent and secure remote access for users who sought interaction with applications hosted on a Kubernetes infrastructure. The primary goal was to establish a solution that could provide unhindered and safeguarded entry to applications, all while maintaining the highest standards of security.
The Solution:
To overcome this challenge, I harnessed the power of the Harmony Connect platform by deploying it directly within the Kubernetes environment. This strategic deployment served as the foundation for the creation of two distinct access solutions: client-based and clientless.
Client-Based Solution: The client-based approach facilitated direct communication with an AI system that was locally hosted within the Kubernetes environment. This seamless interaction between developers and the AI API infrastructure enabled enhanced collaboration and engagement.
Clientless Solution: Conversely, the clientless solution was meticulously tailored to grant secure access to three crucial applications: Jira, Jenkins, and an AI frontend web server. This design ensured that remote users could effortlessly engage with these applications without necessitating specialized client software.
Implementation Specifics:
The realization of this solution demanded a methodical execution of the following steps:
Deployment of Harmony Connect:
The deployment of Harmony Connect was inaugurated within the designated namespace. This step was pivotal in ensuring flawless communication between the platform's pods and the essential services.
Clientless Integration:
A dedicated site was established within the Harmony Connect interface, exclusively allocated for Tel Aviv. Consequently, critical deployment parameters, encompassing the Docker image, ODO_ENV configuration, and Secret, were extracted and meticulously managed.
For instance, the Docker image found its origin in: adanite/odo_connector:eu_v3 Simultaneously, the ODO_ENV parameter was meticulously configured to align with the European region (eu).
curl --silent https://assets.checkpoint.security/connector-scripts/ConnectorOSValidator.sh | bash -s && docker run -d -e ODO_ENV=eu --cap-add=NET_ADMIN --sysctl net.ipv4.ip_forward=1 --device /dev/net/tun --restart=always --log-opt max-size=1g -e Secret=eyJhbGciOiJFUzM4NCJ9.jgAAAAVjb25uZWN0b3JfaWQAEAAAAAAAAAAAAAAAAAAAAAAAAAAABXNpdGVfaWQAEAAAAAAFayGcnURGMorx2bGEpN9vEGludGVybmFsX3NpdGVfaWQA9hMAAAV0ZW5hbnRfaWQAEAAAAAB2epzjTiFCppAPfh9gJo8uAnNpdGVfbmFtZQADAAAAYWEAAA.9uLqbmmtcLUr-pZDpbtoTvZO4jc_aEjy8zPhmoumzqNZMI8slxImf6CX455hQiyQAzUa5Q3IsmsN7lgt4hCZkzCS1TMh95E2GWDNWUGki5OpZE_-NEsGyW1qm7x5X3NY adanite/odo_connector:eu_v3
Significantly, within the laboratory context, Kubernetes Secrets were judiciously employed for sensitive data management. However, in a production environment, the recommendation is to opt for more robust alternatives such as open-source secret managers or cloud provider secrets managers.
Kubernetes Deployment:
The culminating stage involved the orchestrated deployment of the solution's components through meticulously crafted Kubernetes manifests. This comprehensive process encompassed the definition of namespaces, secrets, and a StatefulSet configuration tailored for Harmony Connect.
The resultant deployment harmoniously synchronized the components, yielding an impeccably orchestrated infrastructure. This framework ensured the seamless operation of secure remote access to applications hosted within the Kubernetes environment.
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Namespace
metadata:
name: ns-applications
---
apiVersion: v1
kind: Secret
metadata:
name: "connectorsecret"
namespace: ns-applications
type: Opaque
data:
connectorsecret: ZXlKaGJHY2lPaUpGVXpNNE5DSjkuamdBQUFBVmpiMjV1WldOMGIzSmZhV1FBRUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUJYTnBkR1ZmYVdRQUVBQUFBQUFGYXlHY25VUkdNb3J4MmJHRXBOOXZFR2x1ZEdWeWJtRnNYM05wZEdWZmFXUUE5aE1BQUFWMFpXNWhiblJmYVdRQUVBQUFBQUIyZXB6alRpRkNwcEFQZmg5Z0pvOHVBbk5wZEdWZmJtRnRaUUFEQUFBQVlXRUFBQS45dUxxYm1tdGNMVXItcFpEcGJ0b1R2Wk80amNfYUVqeTh6UGhtb3VtenFOWk1JOHNseEltZjZDWDQ1NWhRaXlRQXpVYTVRM0lzbXNON2xndDRoQ1prekNTMVRNaDk1RTJHV0ROV1VHa2k1T3BaRV8tTkVzR3lXMXFtN3g1WDNOWSA=
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: harmonyconnect-connector
namespace: ns-applications
labels:
app: harmonyconnect
app_group: applications
spec:
selector:
matchLabels:
app: harmonyconnect-connector
replicas: 5
template:
metadata:
labels:
app: harmonyconnect-connector
spec:
nodeSelector: # Specify node selector if required
affinity: # Add affinity rules if required
tolerations: # Add tolerations if required
containers:
- name: harmonyconnect-connector
image: "adanite/odo_connector:eu_v3"
imagePullPolicy: Always
resources: {}
securityContext:
capabilities:
drop:
- all
add: ["NET_ADMIN"]
privileged: false
volumeMounts:
- mountPath: /dev/net/tun
name: devnet
env:
- name: Secret
valueFrom:
secretKeyRef:
name: connectorsecret
key: connectorsecret
- name: ODO_ENV
value: eu
restartPolicy: Always
volumes:
- name: devnet
hostPath:
path: /dev/net/tun
volumeClaimTemplates: [] # Add PVC templates if required
EOF
In Conclusion:
In conclusion, this illustrative use case stands as a testament to the prowess of Harmony Connect in facilitating secure and transparent remote access to Kubernetes-hosted applications. By strategically deploying the platform and intricately configuring its components, a robust and secure solution was crafted to meet the rigorous demands of educational settings.
The innate compatibility of client-based and clientless access methods underscores the versatility of Harmony Connect, rendering it an appealing choice for organizations seeking to enhance remote accessibility to their Kubernetes applications.