LucasDevLucasDev

Use the socat proxy in Kubernetes to access remote MySQL in the local environment

Infra
410 words
KubernetesMySQL
This article introduces how to use socat to create a proxy in Kubernetes, allowing the local development environment to seamlessly connect to a remote MySQL that is network-restricted, improving development efficiency while maintaining security.

In modern cloud-native development, we often need to access resources such as cloud databases that are accessed by Kubernetes clusters. For security reasons, these resources are usually subject to very strict network restrictions. This article takes remote access to MySQL as an example to introduce how to use the socat tool to create a proxy in Kubernetes, allowing local machines to access resources that are only open to Kubernetes.

If you simply want to view the database content, you can directly create a temporary mysql-client Pod and use the mysql command inside the Pod:

bash 
kubectl run mysql-client --rm --attach --image=mysql:8.0.35 --restart=Never
kubectl run mysql-client --rm --attach --image=mysql:8.0.35 --restart=Never

However, the purpose of this article is to be able to connect to the remote MySQL using local database management software, providing a more comfortable development experience.

Prerequisites

  • The kubectl tool is installed locally
  • Permissions to create Pods in the Kubernetes cluster
  • The target MySQL database is accessible to the Kubernetes cluster

Basic Principle

k8s-socat-forward

  1. The developer uses a local MySQL client to connect to the local port 13306
  2. The kubectl port-forward command forwards the traffic from the local port 13306 to the 3306 port of the socat-tunnel Pod in the K8s cluster
  3. The socat-tunnel Pod forwards the received traffic to the target MySQL database instance using the socat tool
  4. The entire process forms a secure tunnel, allowing developers to access protected database resources directly with local tools without exposing the database to the public network

Steps

1. Create socat Proxy Pod

Create a file named socat-tunnel.yaml with the following content:

yaml 
apiVersion: v1
kind: Pod
metadata:
  name: socat-tunnel
spec:
  containers:
  - name: socat-tunnel
    image: alpine
    command:
    - sh
    - -c
    - |
      apk add --no-cache socat
      # Start MySQL forwarding (run in the background)
      socat TCP-LISTEN:3306,fork TCP:YOUR_MYSQL_HOST:3306 &
      # More service forwarding can be added...
      # Prevent the container from exiting
      tail -f /dev/null
apiVersion: v1
kind: Pod
metadata:
  name: socat-tunnel
spec:
  containers:
  - name: socat-tunnel
    image: alpine
    command:
    - sh
    - -c
    - |
      apk add --no-cache socat
      # Start MySQL forwarding (run in the background)
      socat TCP-LISTEN:3306,fork TCP:YOUR_MYSQL_HOST:3306 &
      # More service forwarding can be added...
      # Prevent the container from exiting
      tail -f /dev/null

Apply the configuration to the Kubernetes cluster:

bash 
kubectl apply -f ./socat-tunnel.yaml
kubectl apply -f ./socat-tunnel.yaml

2. Set Up Local Port Forwarding

Once the socat-tunnel Pod is started and running, you can use kubectl to set up local port forwarding:

bash 
kubectl port-forward pod/socat-tunnel 13306:3306
kubectl port-forward pod/socat-tunnel 13306:3306

This will forward port 13306 on the local machine to port 3306 of the socat-tunnel Pod, which will in turn forward the traffic to the target MySQL server.

If you are using JetBrains IDE, you can utilize its built-in Kubernetes forward feature, eliminating the need to execute this command manually each time.

intellij-idea

3. Connect to the Database

You can use your local database management tool to connect to the remote MySQL.

Host: localhost or 127.0.0.1
Port: 13306
Username: <database username>
Password: <database password>

4. Clean Up Resources

After completing your work, remember to delete the created resources:

bash 
kubectl delete -f ./socat-tunnel.yaml
kubectl delete -f ./socat-tunnel.yaml

Summary

By deploying a socat proxy in the Kubernetes cluster, we can securely access a remote MySQL database from the local environment without changing the database's network settings or exposing it to the public network. This method is particularly suitable for development, testing, and troubleshooting scenarios, significantly improving development efficiency.

Remember, security is always a priority, so ensure to clean up resources promptly after use to avoid unnecessary security risks.

Related Posts

Comments

Pleaseto continueComments require admin approval before being visible

No comments yet. Be the first to comment!