Skip to content

kube-hetzner/boringproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github
.github
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
auth.go
auth.go
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 
probes.go
probes.go
 
 
proxy.go
proxy.go
 
 
utils.go
utils.go
 
 

Repository files navigation

Boring Proxy - HTTP Proxy for Kubernetes Network Integration

This project provides an HTTP proxy designed to integrate host operating system (OS) network traffic into a Kubernetes cluster. By routing OS traffic through this proxy, users can inspect and control the traffic using their preferred Kubernetes CNI (e.g. Cilium). This allows for enhanced security, observability, and control over network traffic flowing through the cluster.

Features

  • Proxy traffic: Forward both HTTP and HTTPS traffic through Kubernetes.
  • Basic Authentication: Secure the proxy with Basic Authentication using the Proxy-Authorization header.
  • Kubernetes Readiness and Liveness Probes: Ensure the proxy is running and ready for traffic with dedicated health endpoints.

Environment Variables

The proxy is highly configurable using the following environment variables:

Environment Variable Default Value Description
PORT_PROXY 31280 The port on which the proxy server listens for traffic.
PORT_PROBES 31281 The port on which the probe server (health and readiness) listens.
SHUTDOWN_TIMEOUT 5 The timeout duration in seconds for graceful shutdown of the server.
READINESS_URL https://cloudflare.com/cdn-cgi/trace The URL to check for network readiness (internet connection check).
USERNAME proxy The username for Basic Authentication on the proxy.
PASSWORD secret The password for Basic Authentication on the proxy.

Usage

This proxy is designed to run within a Kubernetes cluster to integrate OS-level network traffic into the Kubernetes network. By directing OS traffic through this proxy, users can leverage the capabilities of their chosen CNI (e.g., Cilium) to inspect, filter, or control the network traffic.

Deployment in Kubernetes

  1. Create a Kubernetes Deployment: You can deploy the proxy in a Kubernetes cluster with a configuration that routes OS traffic into the proxy service.

  2. Integrate with the Host's OS Traffic: Configure your host or containers to send their network traffic through the proxy service. You may choose to redirect traffic using iptables or other routing mechanisms.

  3. Leverage the CNI: Once OS traffic is routed through the proxy, your CNI plugin (e.g., Cilium) can inspect and control the traffic. This allows you to apply network policies, observe traffic flows, or implement security measures directly at the OS level.

Example curl Command with Proxy Authentication

To test the proxy and ensure it's working as expected with Basic Authentication:

curl -x "http://localhost:31280" -U "proxy:secret" "http://example.com"

Acknowledgements

This project is heavily inspired by dumbproxy.

License

This project is licensed under the Apache v2.0 License. See the LICENSE file for details.

About

A boring HTTP proxy written in pure Go stdlib.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 7

v0.0.7 Latest
Nov 8, 2024
+ 6 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors 2

  •  
  •  

Languages