Skip to main content

Before you start

To get the most out of this guide, you will need to:

Features

The table below outlines the features available for this type of connection.
  • Native - This refers to when a database client connects through a specific protocol, such as an IDE or client libraries through hoop connect <connection-name>.
  • One Off - This term refers to accessing this connection from hoop web panel.
FeatureNativeOne OffDescription
TLS Termination ProxyThe local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.
AuditThe gateway stores and audits the queries being issued by the client.
Data Masking (Google DLP)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Data Masking (MS Presidio)A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Credentials OffloadThe user authenticates via SSO instead of using database credentials.
Interactive AccessInteractive access is available when using an IDE or connecting via a terminal to perform analysis exploration.

Configuration

NameTypeRequiredDescription
KUBECONFIGfilesystemyesA Kubeconfig File with permission to access the cluster
KUBERNETES_RESOURCEenv-varyesThe Kubernetes resource to target for interactive access (e.g., deployment/myapp, pod/mypod, statefulset/myapp)

Connection Setup

Interactive access can be achieved by using the kubectl exec command with the --stdin and --tty flags. 
  hoop admin create conn myapp -a <agent> \
	-e KUBECONFIG=file://$HOME/.kube/config \
	-e KUBERNETES_RESOURCE=deployment/myapp \
	-- kubectl exec --stdin --tty $KUBERNETES_RESOURCE --
To narrow down the scope to a specific command, you can use the name of the command you want to run. E.g.: -- bash or -- rails console.In this example users could use any runtime command inside the specified Kubernetes resource.
This will allow users to open an interactive shell inside the specified Kubernetes resource. This is useful for debugging or running commands interactively inside a container.

Command Line Usage Examples

  # Open an interactive session with the deployment myapp using 'bash'
  hoop connect myapp -- bash
  # Open an interactive session with the deployment myapp using 'rails console'
  hoop connect myapp -- rails console
Note that kubectl exec is used with -tty and --stdin arguments. These flags are required when using hoop connect