Use your LoadBalancer with Supply Chain Security Tools - Store

This topic describes how to use your LoadBalancer with Supply Chain Security Tools (SCST) - Store.

Configure LoadBalancer

Note

LoadBalancer is not the recommended service type. Consider the recommended configuration of enabling Ingress.

To configure a LoadBalancer:

  1. Edit /etc/hosts/ to use the external IP address of the metadata-store-app service.

    METADATA_STORE_IP=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
METADATA_STORE_PORT=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.spec.ports[0].port}")
METADATA_STORE_DOMAIN="metadata-store-app.metadata-store.svc.cluster.local"

# Delete any previously added entry
sudo sed -i '' "/$METADATA_STORE_DOMAIN/d" /etc/hosts

echo "$METADATA_STORE_IP $METADATA_STORE_DOMAIN" | sudo tee -a /etc/hosts > /dev/null
    Note

    On EKS, you must get the IP address for the LoadBalancer. Find the IP address by running something similar to the following: dig RANDOM-SHA.us-east-2.elb.amazonaws.com. Where RANDOM-SHA is the EXTERNAL-IP received for the LoadBalancer.

  2. Select one of the IP addresses returned from the dig command and write it to the /etc/hosts file.

Port forwarding

If you want to use port forwarding instead of the external IP address from the LoadBalancer, follow these steps:

Configure port-forwarding for the service so that the curl command can access SCST - Store. You can configure port-forwarding in a separate terminal window or in the background.

From a separate terminal window, run:

kubectl port-forward service/metadata-store-app 8443:8443 -n metadata-store

Alternatively, run the following command in the background:

kubectl port-forward service/metadata-store-app 8443:8443 -n metadata-store &

Edit your /etc/hosts file for port-forwarding

Use the following script to add a new local entry to /etc/hosts:

METADATA_STORE_PORT=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.spec.ports[0].port}")
METADATA_STORE_DOMAIN="metadata-store-app.metadata-store.svc.cluster.local"

# delete any previously added entry
sudo sed -i '' "/$METADATA_STORE_DOMAIN/d" /etc/hosts

echo "127.0.0.1 $METADATA_STORE_DOMAIN" | sudo tee -a /etc/hosts > /dev/null
check-circle-line exclamation-circle-line close-line
Scroll to top icon