GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kubernetes-sigs → apiserver-network-proxy

kubernetes-sigs / apiserver-network-proxy

Licence: Apache-2.0 license
No description or website provided.

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects
Dockerfile
14818 projects

Labels

k8s-sig-cloud-provider

Projects that are alternatives of or similar to apiserver-network-proxy

cloud-provider-huaweicloud
HUAWEI CLOUD Controller Manager is an external cloud controller manager for running kubernetes in a HUAWEI CLOUD cluster.
Stars: ✭ 19 (-91.2%)
Mutual labels:  k8s-sig-cloud-provider
cloud-provider-sample
Sample of how to build a cloud provider repo. This will build a Kubernetes image which deploys on bare metal. It uses the fake cloud provider. It consumes the K8s/K8s build artifact and adds to it the Cloud Controller Manager and CSI Daemon Set.
Stars: ✭ 15 (-93.06%)
Mutual labels:  k8s-sig-cloud-provider
vsphere-csi-driver
vSphere storage Container Storage Interface (CSI) plugin
Stars: ✭ 176 (-18.52%)
Mutual labels:  k8s-sig-cloud-provider
cloud-provider
cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider.
Stars: ✭ 152 (-29.63%)
Mutual labels:  k8s-sig-cloud-provider
legacy-cloud-providers
This repository hosts the legacy in-tree cloud providers. Out-of-tree cloud providers can consume packages in this repo to support legacy implementations of their Kubernetes cloud provider.
Stars: ✭ 43 (-80.09%)
Mutual labels:  k8s-sig-cloud-provider

apiserver-network-proxy

Created due to kubernetes/org#715.

See the KEP proposal for architecture and details.

Community, discussion, contribution, and support

Learn how to engage with the Kubernetes community on the community page.

You can reach the maintainers of this project at:

Code of conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.

Build

Please make sure you have the REGISTRY and PROJECT_ID environment variables set. For local builds these can be set to anything. For image builds these determine the location of your image. For GCE the registry should be gcr.io and PROJECT_ID should be the project you want to use the images in.

Mockgen

The mockgen tool must be installed on your system.

Protoc

Proto definitions are compiled with protoc. Please ensure you have protoc installed (Instructions) and the proto-gen-go library at the appropriate version.

Currently we are using [email protected]

go get github.com/golang/protobuf/[email protected]

Local builds

make clean
make certs
make gen
make build

Build images

make docker-build

Examples

The current examples run two actual services as well as a sample client on one end and a sample destination for requests on the other.

  • Proxy service: The proxy service takes the API server requests and forwards them appropriately.
  • Agent service: The agent service connects to the proxy and then allows traffic to be forwarded to it.

GRPC Client using mTLS Proxy with dial back Agent

Frontend client =HTTP over GRPC=> (:8090) proxy (:8091) <=GRPC= agent =HTTP=> http-test-server(:8000)
  |                                                               ^
  |                               Tunnel                          |
  +---------------------------------------------------------------+
  • Start Simple test HTTP Server (Sample destination)
./bin/http-test-server
  • Start proxy service
./bin/proxy-server --server-ca-cert=certs/frontend/issued/ca.crt --server-cert=certs/frontend/issued/proxy-frontend.crt --server-key=certs/frontend/private/proxy-frontend.key --cluster-ca-cert=certs/agent/issued/ca.crt --cluster-cert=certs/agent/issued/proxy-frontend.crt --cluster-key=certs/agent/private/proxy-frontend.key
  • Start agent service
./bin/proxy-agent --ca-cert=certs/agent/issued/ca.crt --agent-cert=certs/agent/issued/proxy-agent.crt --agent-key=certs/agent/private/proxy-agent.key
  • Run client (mTLS enabled sample client)
./bin/proxy-test-client --ca-cert=certs/frontend/issued/ca.crt --client-cert=certs/frontend/issued/proxy-client.crt --client-key=certs/frontend/private/proxy-client.key

GRPC+UDS Client using Proxy with dial back Agent

Frontend client =HTTP over GRPC+UDS=> (/tmp/uds-proxy) proxy (:8091) <=GRPC= agent =HTTP=> SimpleHTTPServer(:8000)
  |                                                                            ^
  |                                     Tunnel                                 |
  +----------------------------------------------------------------------------+
  • Start Simple test HTTP Server (Sample destination)
./bin/http-test-server
  • Start proxy service
./bin/proxy-server --server-port=0 --uds-name=/tmp/uds-proxy --cluster-ca-cert=certs/agent/issued/ca.crt --cluster-cert=certs/agent/issued/proxy-frontend.crt --cluster-key=certs/agent/private/proxy-frontend.key
  • Start agent service
./bin/proxy-agent --ca-cert=certs/agent/issued/ca.crt --agent-cert=certs/agent/issued/proxy-agent.crt --agent-key=certs/agent/private/proxy-agent.key
  • Run client (mTLS enabled sample client)
./bin/proxy-test-client --proxy-port=0 --proxy-uds=/tmp/uds-proxy --proxy-host=""

HTTP-Connect Client using mTLS Proxy with dial back Agent (Either curl OR test client)

Frontend client =HTTP-CONNECT=> (:8090) proxy (:8091) <=GRPC= agent =HTTP=> SimpleHTTPServer(:8000)
  |                                                             ^
  |                              Tunnel                         |
  +-------------------------------------------------------------+
  • Start SimpleHTTPServer (Sample destination)
./bin/http-test-server
  • Start proxy service
./bin/proxy-server --mode=http-connect --server-ca-cert=certs/frontend/issued/ca.crt --server-cert=certs/frontend/issued/proxy-frontend.crt --server-key=certs/frontend/private/proxy-frontend.key --cluster-ca-cert=certs/agent/issued/ca.crt --cluster-cert=certs/agent/issued/proxy-frontend.crt --cluster-key=certs/agent/private/proxy-frontend.key
  • Start agent service
./bin/proxy-agent --ca-cert=certs/agent/issued/ca.crt --agent-cert=certs/agent/issued/proxy-agent.crt --agent-key=certs/agent/private/proxy-agent.key
  • Run client (mTLS & http-connect enabled sample client)
./bin/proxy-test-client --mode=http-connect  --proxy-host=127.0.0.1 --ca-cert=certs/frontend/issued/ca.crt --client-cert=certs/frontend/issued/proxy-client.crt --client-key=certs/frontend/private/proxy-client.key
  • Run curl client (curl using a mTLS http-connect proxy)
curl -v -p --proxy-key certs/frontend/private/proxy-client.key --proxy-cert certs/frontend/issued/proxy-client.crt --proxy-cacert certs/frontend/issued/ca.crt --proxy-cert-type PEM -x https://127.0.0.1:8090  http://localhost:8000/success

Running on kubernetes

See following README.md

Clients

apiserver-network-proxy components are intended to run as standalone binaries and should not be imported as a library. Clients communicating with the network proxy can import the konnectivity-client module.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].