kic: fix minikube tunnel for mac

[medyagh]

for kic on mac the tunnel doesnt seem to work.
it might be we need to do bridge like hyperkit

minikube/pkg/minikube/tunnel/tunnel.go

Line 153 in 2d97a0d

if h.DriverName == driver.HyperKit {

on linux it works fine:

medya@medya:~$ kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
deployment.apps/hello-minikube1 created

medya@medya:~$ kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
service/hello-minikube1 exposed

medya@medya:~$ kubectl get svc 
NAME              TYPE           CLUSTER-IP    EXTERNAL-IP   PORT(S)          AGE
hello-minikube1   LoadBalancer   10.96.29.87   10.96.29.87   8080:30223/TCP   7s
kubernetes        ClusterIP      10.96.0.1     <none>        443/TCP          3m3s

medya@medya:~$ curl 10.96.29.87:8080
CLIENT VALUES:
client_address=10.244.0.1
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://10.96.29.87:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
host=10.96.29.87:8080
user-agent=curl/7.66.0
BODY:
-no body in request-medya@medya:~$ 

[medyagh]

hint comment from @josedonizetti

kic for mac there's another layer, right?
tunnel -> hyperkit -> k8s
tunnel -> docker -> hyperkit -> k8s
kic is the second

[josedonizetti]

docker for mac has a bunch of network limitations. I don't think we can get tunnel working like we have for linux, by exposing the cluster IP to the host. Docker for mac currently doesn't allow the host to ping containers, the recommend approach is exposing a container port on the host:

eg:

docker run --publish 8000:80 --name webserver nginx

But this also doesn't work for Kic, because we don't know before hand which ports will be exposed by a service, and docker for mac only allow ports expositions when creating the container.

The best solution I think we should do here, is use the exposing port concept, but using ssh to create a tunnel for it on a running kic container:

eg:

minikube start --vm-driver=docker

kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080

kubectl get svc # get the CLUSTER-IP here
docker ps # get KIC SSH PORT
ssh -f [email protected] -p <KIC-SSH-PORT> -i ~/.minikube/machines/minikube/id_rsa -L 8080:<CLUSTER-IP>:8080  -N

curl LOCALHOST:8080 # this should work

The tunnel can be managed by minikube tunnel, it will keep checking for exposed service on the cluster and creating/closing ssh tunnels on the host for it.

@medyagh what do you think?

I can implement this, but considering my free time now, it would take me 2 weeks to finish. Is that okay?

[medyagh]

I think think this is a smiple solution and we take advantage of our openssh server inside the container. I talked to @tstromberg about this. one limitation is if we could do service DNS using this approach.

and do alternatvies to this solution (creating a hyperkit vm for the tunnel) have the same service dns limitation ?

[medyagh]

fixed by #6460