I’ve published a new kubectl plugin called kubectl-plugin-socks5-proxy. This is a kubectl plugin that creates a local SOCKS5 proxy through which you can access to Services or Pods in a Kubernetes cluster.
What the plugin actually does is that it create a SOCKS proxy server Pod in a Kubernetes cluster and forwards a local port (default:1080) to the proxy. So you can access to Servcies or Pods in Kuberenetes cluster by using the local port as SOCKS5 proxy like this:
curl --socks5-hostname localhost:1080 http://httpbin.default.svc.cluster.local/headers
Installation
This is a way to install the plugin through krew. After installing krew by following this, you can install the plugin like this:
kubectl krew install socks5-proxy
You can search the plugin with a keyword like this:
kubectl krew search socks5
NAME DESCRIPTION INSTALLED
socks5-proxy SOCKS5 proxy to Services or Pods in the cluster no
After installed the plugin, you can run the plugin like this:
kubectl socks5-proxy
How to use
Usage
Usage:
kubectl socks5-proxy
Options:
-n, --namespace <namespace> Namespace to create SOCKS5 proxy server in
-p, --port <local port> Local port to be forwarded to the SOCKS5 proxy server (Pod).
A client connects to this port, then the connection is forwarded to the
SOCKS5 proxy server, which is then forwareded to the destination server
--skip-cleanup-proxy Skip cearning up SOCKS5 proxy pod
Default: Cleaning up SOCKS5 proxy pod at the end
-h, --help Show this message
Deploy an sample app and Create SOCKS5 proxy
Suppose you deploy a sample app in a Kubernetes cluster like this
git clone https://github.com/yokawasa/kubectl-plugin-socks5-proxy.git
cd kubectl-plugin-socks5-proxy
kubectl apply -f sample-apps/party-clippy.yaml
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 96d
party-clippy ClusterIP 10.0.5.226 <none> 80/TCP 1m
First of all, create a local SOCKS5 proxy (default: 1080 port) by running kubectl socks5-proxy
like this:
kubectl socks5-proxy
using: namespace=default
using: port=1080
Creating Socks5 Proxy (Pod)...
pod/socks5 created
Forwarding from 127.0.0.1:1080 -> 1080
Forwarding from [::1]:1080 -> 1080
Use SOCKS5 Proxy in Curl
Now you can access Srvices or Pods in the Kubernetes cluster from a local machine by using the local port as SOCKS proxy in Curl
# Service name
curl --socks5-hostname localhost:1080 party-clippy
# Service name
curl --socks5-hostname localhost:1080 http://party-clippy
# FQDN
curl --socks5-hostname localhost:1080 http://party-clippy.default.svc.cluster.local
_________________________________
/ It looks like you're building a \
\ microservice. /
---------------------------------
\
\
__
/ \
| |
@ @
| |
|| | /
|| ||
|\_/|
\___/
Use SOCKS5 Proxy in Google Chrome browser
First, let’s configuring your Chrome browser to use SOCKS5 proxy like this:
Linux
/usr/bin/google-chrome \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="socks5://localhost:1080"
macOS
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="socks5://localhost:1080"
Windows
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\proxy-profile" ^
--proxy-server="socks5://localhost:1080"
See also How to Set up SSH SOCKS Tunnel for Private Browsing
NOTE: The –proxy-server=“socks5://yourproxy:1080” flag tells Chrome to send all http:// and https:// URL requests through the SOCKS proxy server “yourproxy:1080”, using version 5 of the SOCKS protocol. The hostname for these URLs will be resolved by the proxy server, and not locally by Chrome. ref: Configuring a SOCKS proxy server in Chrome
Now you are ready to access Services or Pods in the Kubernetes cluster with your Chrome browser
Enjoy the plugin!!