CloudOne Stunnel Client - V 1
CloudOne DevOps Stunnel Client
If you would like to connect from your to your database instance that is running on Kubernetes, you need to make a tunnel connection from your local system to your database.
We created a utility that allows you to connect to your databases hosted in CloudOne DevOps. The only requirement to use this utility is Docker. This utility makes an stunnel connection between your local system and the database running on the Kubernetes cluster. You can then access the database through this tunnel on your local system.
Enable TCP Ingress
This requires that you enable Kong TCP Ingress. To enable Kong, set the following YAML values to true in the Helm chart values (for example, in a values.yaml file):
Example
kong:
tls:
secret:
dbaas:
enabled: true
domain:
*NOTE: The values of kong.dbaas.domain and kong.tls.secret are left empty in the Helm chart as these are supplied by variables defined in variable groups in Azure DevOps based on the workspace or dataspace to which the database is deployed by the CI/CD pipeline.*
Determining your database hostname
The ambassador generated hostname format will be like <service name>-<namespace name>.prd<cluster id>d.cloudone.netapp.com
Once you enable ambassador and deploy your database, you can capture the generated hostname from the 'host' value in your TCPIngress in your Kubernetes dataspace namespace.
Start an stunnel connection
On your local system, log in to Artifactory with your SSO and pull the latest image
docker login docker-dxp.repo.east1.ncloud.netapp.com
docker pull docker-dxp.repo.east1.ncloud.netapp.com/cloudone-stunnel-client
Modify the DB_HOST
, DB_PORT
, and -p {local_port}:{remote_port}
as needed.
docker run --name stunnel -e DB_HOST=mariadb-1-stg-jjj-db-mariadb-1-stg.prd06d.cloudone.netapp.com -e DB_PORT=3306 -p 3306:3306 --rm -d docker-dxp.repo.east1.ncloud.netapp.com/cloudone-stunnel-client
You can view the stunnel logs with:
docker logs -f stunnel
Connect to your instance
You can use your standard GUI-based tools an connect to localhost on the local port that you specified or connect via cli with the same.
Example
docker run --rm -it --network host mariadb:10.3 mysql -p -h 127.0.0.1 -u dbuser
Stop stunnel connection
You can reference the --name
that you gave the container during runtime.
You can get a list of containers with docker ps -a
.
docker rm -f stunnel