GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pedro-r-marques → k8s-service-proxy

pedro-r-marques / k8s-service-proxy

Licence: Apache-2.0 License
HTTP Proxy for kubernetes services

Programming Languages

go
31211 projects - #10 most used programming language
HTML
75241 projects
javascript
184084 projects - #8 most used programming language
Dockerfile
14818 projects

Labels

kubernetesoauth2-proxy

Projects that are alternatives of or similar to k8s-service-proxy

oauth2 proxy
Dockerization of bitly's oauth2_proxy
Stars: ✭ 58 (+205.26%)
Mutual labels:  oauth2-proxy
kubernetes-localdev
Create a local Kubernetes development environment on macOS or Windows and WSL2, including HTTPS/TLS and OAuth2/OIDC authentication.
Stars: ✭ 210 (+1005.26%)
Mutual labels:  oauth2-proxy
IdentityServer4.Contrib.AspNetCore.Testing
Testing framework for ASP.NET Core and Identity-Server 4
Stars: ✭ 16 (-15.79%)
Mutual labels:  oauth2-proxy
Oauth2 Proxy
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Stars: ✭ 4,511 (+23642.11%)
Mutual labels:  oauth2-proxy

k8s-service-proxy

Build Status Go Report Card

HTTP Proxy for kubernetes services

This process implements a simple HTTP proxy based on the golang httputil ReverseProxy class. It auto-discovers the HTTP backends based on Annotations of the Kubernetes Services objects. It can be used in conjunction with an oauth2 proxy (e.g. oauth2) to provide acccess controlled access to services.

For instance, it is common to run internal/debug HTTP ports that need to be access controlled; in in order to provide access to such information, it is useful to be able to expose a single external service that performs authentication and demuxes requests to the backends.

The service proxy expects services to define annotations such as:

apiVersion: v1
kind: Service
metadata:
  name: example
  annotations:
    k8s-svc-proxy.local/path: /example-path/

This would case the proxy to direct all traffic for "/example-path/" to the "example" service. The receiving pods are expected to process requests that include "/example-path/"

For services that expose a single port, the proxy will automatically use the port number defined in the service configuration. Services that expose multiple ports are expected to use the annotation k8s-svc-proxy.local/port to specify the port number for the redirected traffic.

URLs can be remapped by specifying the annotation k8s-svc-proxy.local/map. This causes the path prefix of a request to be replaced with the string specified by map. Note that the HTTP response is not processed in anyway. Any absolute href URLs will be incorrect.

For diagnostic purposes, the proxy serves a status page. The annotation k8s-svc-proxy.local/description can be used to add human readable content to this page.

Endpoints

Services are often implemented by multiple Pods. These pods often have http listeners that provide information specific to the Pod (e.g. /debug). The annotation "k8s-svc-proxy.local/endpoint-port" automatically exposes the specified port in all the endpoints of the service as "/endpoint/<namespace>/<svc-name>/<id>" where id is an index automatically assigned by the alphabetic order of pod names.

Example configuration

  • k8s deployment:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: oauth2-proxy
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: oauth2-proxy
    spec:
      containers:
        - name: oauth2-proxy
          image: oauth2_proxy
          env:
            - name: OAUTH2_PROXY_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: oauth2-proxy
                  key: client-id
            - name: OAUTH2_PROXY_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: oauth2-proxy
                  key: client-secret
          ports:
            - containerPort: 4180
              name: oauth2-proxy
        - name: k8s-svc-proxy
          image: k8s-svc-proxy
          ports:
            - containerPort: 8080
  • etc/oauth2_proxy.cfg
http_address = "0.0.0.0:4180"

email_domains = [
    "example.com"
]

upstreams = [
    "http://localhost:8080/",
]
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].