Giter Site home page Giter Site logo

mikesmithgh / simple-proxy Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dvdalilue/proxy-go

0.0 1.0 0.0 30 KB

Simple service to reverse proxy requests inside a K8s cluster

Home Page: https://mjsmith1028.github.io/simple-proxy/

License: GNU General Public License v3.0

Dockerfile 6.19% Go 32.69% Makefile 20.01% Smarty 41.10%

simple-proxy's Introduction

Simple-proxy

Purpose

Simple-proxy is a simple deployment that proxies requests to K8s. The specific use case that Simple-proxy was designed for is to expose link-local IP addresses to enable AAD Pod Identity testing locally with Telepresence.

K8s supports services without selectors, however, this does not allow link-local IP addresses. See https://kubernetes.io/docs/concepts/services-networking/service/#services-without-selectors.

AAD Pod Identity runs a daemonset for the NMI service responsible for requesting tokens on the address 169.254.169.254. Simple-proxy allows you to proxy requests to 169.254.169.254 when you are port-forwarding, ultimately allowing you to request tokens from your local machine.

Although Simple-proxy was written for this specific case, it is hopefully generic enough to be used for other similar use cases. Feel free to open PRs or Issues for new features.

Install

  • helm repo add simple-proxy https://mjsmith1028.github.io/simple-proxy/
  • helm repo update
  • helm install simple-proxy simple-proxy/simple-proxy

Uninstall

  • helm uninstall simple-proxy

Customize

The following command will deploy simple-proxy in your desired namespace and set the desired azure identity binding to the pod. See helm chart for additional configuration values.

  • helm install simple-proxy simple-proxy/simple-proxy --namespace <your-namespace> --set namespace=<your-namespace>,podLabels.aadpodidbinding=<your-identity>

Example

The purpose of this example is to provide a high level guide for exposing AAD Pod Identity in K8s locally. This assumes you have knowledge of both Telepresence and AAD Pod Identity, and has only been tested on OSX.

  • Install Simple-proxy to K8s in namespace demo-ns and the identity demo-user
    • helm install simple-proxy simple-proxy/simple-proxy --namespace demo-ns --set namespace=demo-ns,podLabels.aadpodidbinding=demo-user
  • Create an alias for 169.254.169.254 to send requests to localhost on your host machine
    • sudo ifconfig lo0 169.254.169.254 alias
  • Port forward local requests to 169.254.169.254 to Simple-proxy
    • sudo kubectl port-forward -n demo-ns deployment/simple-proxy 80:8080 --address=169.254.169.254
  • Send a request locally and confirm a token is successfully returned
    • curl http://169.254.169.254/metadata/identity/oauth2/token/?resource=https://management.core.windows.net/
  • Execeute the telepresence intercept command and debug your application which uses AAD Pod Identity
    • telepresence intercept <your-app>

simple-proxy's People

Contributors

dvdalilue avatar mikesmithgh avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.