pre { background: #333; white-space: pre; word-wrap: break-word; overflow: auto; }
Topics
/
Sidecar Testing
/
Test Endpoint Setup - Part Three

Test Endpoint Setup - Part Three

The final step in test endpoint setup is to deploy the Hopr Sidecar to your Kubernetes pod and test its connection to the Hopr test endpoint.

NAME                        READY   STATUS    RESTARTS   AGEhopr-p2p-6d4687599c-w9p9b   4/4     Running   0          60s
Chat icon
Transcript

Test Deployment

Finally, the deployment section is shown. This YAML deploys three (3) containers into the namespace.

  • curl-test: This container simulates a client. On an interval, it contacts the xtra-router container which should encrypt and proxy the communication out to the XTRA test endpoint on the Internet. The URL environment variable may need to be changed if the Envoy listener configuration is modified.
  • xtra-router: This container proxies network communication inside the Pod. It can be configured in many ways to accomplish a desired result via the ConfigMap shown previously. This ConfigMap is mounted as the /etc/envoy/envoy.yaml file in the container, which is loaded and used as the running configuration by Envoy.
  • xtra-keyserver: This container is used by plugin within the xtra-router container. It provides a rotating key to the router on demand, which will be used to encrypt/decrypt network communication. The license secret is used by this container as environment variable. The CHIPS algorithm shown is the default for the public XTRA test endpoint, but can be changed for scenarios where the remote endpoint uses a different one.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hopr-test
  namespace: hopr-test
  labels:
    app: hopr-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hopr-test
  template:
    metadata:
      labels:
        app: hopr-test
    spec:
      containers:
        - name: curl-test
          image: chips.hopr.exoffic.io/hopr/continuouscurl:v0.1.1
          env:
            - name: CURLARGS
              value: "-s"
            - name: URL
              value: "http://localhost:18001"
        - name: xtra-router
          image: chips.hopr.exoffic.io/hopr/xtra-wasm-filter:v0.3.0
          volumeMounts:
            - name: envoy-config
              mountPath: /etc/envoy/envoy.yaml
              subPath: envoy.yaml
        - name: xtra-keyserver
          image: chips.hopr.exoffic.io/hopr/xtra:v0.6.3
          env:
            - name: POP_LOG_LEVEL
              value: "DEBUG"
            - name: CHIPS_ALGORITHM
              value: "0A1KN0A2RYD2NHA0PZLI06RUM24HBEA7"
            - name: HOPR_LICENSE
              valueFrom:
                secretKeyRef:
                  name: hopr-license
                  key: HOPR_LICENSE
            - name: HOPR_KEY
              valueFrom:
                secretKeyRef:
                  name: hopr-license
                  key: HOPR_KEY
          volumeMounts:
          - name: hopr-maid
            mountPath: /maid
      imagePullSecrets:
      - name: hopr-registrycreds
      volumes:
      - name: envoy-config
        configMap:
          name: hopr-envoyconfig
      - name: hopr-maid
        persistentVolumeClaim:
          claimName: hopr-maid-storage

Installation

1. Test access to your Kubernetes cluster:

kubectl get nodes

2. Deploy the hopr-test.yaml resources:

kubectl apply -f hopr-test.yaml

Output from the command:

namespace/hopr-test created
configmap/hopr-envoyconfig created
secret/hopr-registrycreds created
secret/hopr-license created
deployment.apps/hopr-test created

3. Check that the pod has all containers running

kubectl get pods -n hopr-test

Output from the command:

NAME                         READY   STATUS    RESTARTS   AGE
hopr-test-6d4687599c-w9p9b   3/3     Running   0          33s

4. Check the logs for the curl-test container, which is attempting to contact the XTRA test endpoint via encrypted communication. Use the pod name from the command output above.

kubectl logs -n hopr-test hopr-test-6d4687599c-w9p9b -c curl-test

Output from the command:

Congratulations. XTRA is configured correctly.

Sleeping 30 ...

Removal

1. Remove the hopr-test.yaml resources:

kubectl delete -f hopr-test.yaml

Email icon

Still need help?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris eget urna nisi. Etiam vehicula scelerisque pretium.
Contact support
Use CasesHow It WorksUnique FeaturesHopr ConnectHopr Connect GatewayPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr enables on-demand, verified-trust, ultra-secure application networking across clouds, organizations, and ecosystems.

Our Zero Trust and quantum-proof solutions form a future ready Cloud Native Automated Moving Target Defense (AMTD) around workloads, APIs, and data in transit.

Hopr easily and securely networks applications located in any environment, proactively disrupts cyber attacks, and strengthens cyber resilience.
copyright 2021-2024 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ technology, and the MAID™ and SEE™ protocols
are protected by US Patents and patents pending.