Use your LoadBalancer with Supply Chain Security Tools - Store

This topic tells you how to use your LoadBalancer with Supply Chain Security Tools (SCST) - Store.

Configure LoadBalancer

LoadBalancer is not the recommended service type. Consider the recommended configuration of enabling Ingress instead.

If you still want to configure a LoadBalancer:

  1. Edit /etc/hosts/ to use the external IP address of the metadata-store-app service.

    METADATA_STORE_IP=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
    METADATA_STORE_PORT=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.spec.ports[0].port}")
    METADATA_STORE_DOMAIN="metadata-store-app.metadata-store.svc.cluster.local"
    
    # Delete any previously added entry
    sudo sed -i '' "/$METADATA_STORE_DOMAIN/d" /etc/hosts
    
    echo "$METADATA_STORE_IP $METADATA_STORE_DOMAIN" | sudo tee -a /etc/hosts > /dev/null
    
  2. On Elastic Kubernetes Service (EKS), you must get the IP address for the LoadBalancer. Find the IP address by running:

    dig RANDOM-SHA.us-east-2.elb.amazonaws.com
    

    Where RANDOM-SHA is the EXTERNAL-IP received for the LoadBalancer.

  3. Select one of the IP addresses returned from the dig command and write it to the /etc/hosts file.

Port forwarding

If you want to use port forwarding instead of the external IP address from the LoadBalancer, follow these steps:

Configure port-forwarding for the service so that the curl command can access SCST - Store. You can configure port-forwarding in a separate terminal window or in the background:

  • From a separate terminal window, run:

    kubectl port-forward service/metadata-store-app 8443:8443 -n metadata-store
    
  • Alternatively, in the background run:

    kubectl port-forward service/metadata-store-app 8443:8443 -n metadata-store &
    

Edit your /etc/hosts file for port-forwarding

Use the following script to add a new local entry to /etc/hosts:

METADATA_STORE_PORT=$(kubectl get service/metadata-store-app --namespace metadata-store -o jsonpath="{.spec.ports[0].port}")
METADATA_STORE_DOMAIN="metadata-store-app.metadata-store.svc.cluster.local"

# delete any previously added entry
sudo sed -i '' "/$METADATA_STORE_DOMAIN/d" /etc/hosts

echo "127.0.0.1 $METADATA_STORE_DOMAIN" | sudo tee -a /etc/hosts > /dev/null
check-circle-line exclamation-circle-line close-line
Scroll to top icon