Documentation PortalBack to Self Assist PortalBack
Documentation Portal
Contents

CloudOne Stunnel Client - V 1

CloudOne DevOps Stunnel Client

If you would like to connect from your to your database instance that is running on Kubernetes, you need to make a tunnel connection from your local system to your database.

We created a utility that allows you to connect to your databases hosted in CloudOne DevOps. The only requirement to use this utility is Docker. This utility makes an stunnel connection between your local system and the database running on the Kubernetes cluster. You can then access the database through this tunnel on your local system.

Enable TCP Ingress

This requires that you enable Kong TCP Ingress. To enable Kong, set the following YAML values to true in the Helm chart values (for example, in a values.yaml file):

Example

kong:
  tls:
    secret:
  dbaas:
    enabled: true
    domain:

*NOTE: The values of kong.dbaas.domain and kong.tls.secret are left empty in the Helm chart as these are supplied by variables defined in variable groups in Azure DevOps based on the workspace or dataspace to which the database is deployed by the CI/CD pipeline.*

Determining your database hostname

The ambassador generated hostname format will be like <service name>-<namespace name>.prd<cluster id>d.cloudone.netapp.com

Once you enable ambassador and deploy your database, you can capture the generated hostname from the 'host' value in your TCPIngress in your Kubernetes dataspace namespace.

Start an stunnel connection

On your local system, log in to Artifactory with your SSO and pull the latest image

docker login docker-dxp.repo.east1.ncloud.netapp.com
docker pull docker-dxp.repo.east1.ncloud.netapp.com/cloudone-stunnel-client

Modify the DB_HOST, DB_PORT, and -p {local_port}:{remote_port} as needed.

docker run --name stunnel -e DB_HOST=mariadb-1-stg-jjj-db-mariadb-1-stg.prd06d.cloudone.netapp.com -e DB_PORT=3306 -p 3306:3306 --rm -d docker-dxp.repo.east1.ncloud.netapp.com/cloudone-stunnel-client

You can view the stunnel logs with:

docker logs -f stunnel

Connect to your instance

You can use your standard GUI-based tools an connect to localhost on the local port that you specified or connect via cli with the same.

Example

docker run --rm -it --network host mariadb:10.3 mysql -p -h 127.0.0.1 -u dbuser

Stop stunnel connection

You can reference the --name that you gave the container during runtime.

You can get a list of containers with docker ps -a.

docker rm -f stunnel