nsc expose kubernetes

Expose a Kubernetes Load Balancer.

expose kubernetes opens a public ingress to a Load Balancer. The provided service needs to be up and running. For example, it can be created with nsc kubectl expose within an ephemeral instance. The exposed endpoint is encrypted with TLS and secured with Namespace authentication, so whoever has access to the workspace where the ephemeral environment was created in, will also have access to the endpoint.

Note: Only HTTP services can currently be exposed.

Usage

nsc expose kubernetes <instance-id> --namespace <name> --service <name> [--name <ingress-name>] [--port <port>] [--output <plain|json>]

Example

In the example below, we first create an ephemeral instance, start nginx with kubectl run, create a Load Balancer with kubectl expose and then expose it using nsc expose kubernetes.

Create an ephemeral instance:

$ nsc create
  Created new ephemeral environment! ID: 072higp5dg0bg

Start nginx within the created instance:

nsc kubectl 072higp5dg0bg run nginx --image=nginx
pod/nginx created

And create a Load Balancer:

nsc kubectl 072higp5dg0bg expose pod nginx --type=LoadBalancer --port=80
service/nginx exposed

Then, expose port 80 using the nsc expose kubernetes command:

$ nsc expose kubernetes 072higp5dg0bg --namespace=default --service=nginx --name=nginx-foobar
Exported port 80 from default/nginx:
  https://nginx-foobar-072higp5dg0bg.fra1.namespaced.app

Now you can visit the provided URL https://nginx-foobar-072higp5dg0bg.fra1.namespaced.app in your browser and use your Namespace credentials for authentication.

Options

--namespace <namespace>

Specifies the namespace of the exposed Load Balancer. This option is required.

--service <service>

Specifies the name of the exposed Load Balancer. This option is required.

--name <name>

Set the name of the exposed ingress. By default, ingress names will be generated by Namespace.

--port <port>

In case there are multiple ports exported by the Load Balancer, use this flag to select the port to expose.

-o <type>

Specifies the output format. Supported options are json and plain. By default, plain output format is used.

--wait

Wait until the provided service has a valid ingress to expose.

--ingress <rules>

Specify additional rules per ingress. The following effects can be set per route:

  • noauth: Disables authentication on the route.

Rules are defined by specifying method, path regex, using one of the following schemes:

  • <effect>: Applies effect to any method or path.
  • <path_regex>:<effect>: Applies effect to paths that match path_regex (the full path without the query is using for matching.).
  • <method>[,<method>,...]:<path_regex>:<effect>: In addition to matching path, also matches against the HTTP method used.

--wildcard

Expose the service load balancer under a wildcard ingress. The hosting instance needs to be configured to support wildcard ingresses.

Last updated