ProxyInjector - A Kubernetes controller to inject an authentication proxy container to relevant pods - [✩Star] if you're using it!

  •        6

This controller will continuously watch deployments in specific or all namespaces, and automatically add a sidecar container for the authentication proxy. Configuration for the proxy is managed through annotations of the respective deployment or with ConfigMap of the ProxyInjector. Add configuration to the ProxyInjector The following arguments can either be added to the proxy injector config.yaml in the ConfigMap for centralized configuration, or as annotations on the individual target deployments with a authproxy.stakater.com/ prefix. In case of both, the deployment annotation values will override the central configuration.

https://www.stakater.com/projects-overview.html
https://github.com/stakater/ProxyInjector

Tags
Implementation
License
Platform

   




Related Projects

kubeadm-ha - Kubernetes high availiability deploy based on kubeadm (for v1

  •    Smarty

kube-apiserver: exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally – that is, it scales by deploying more instances. etcd: is used as Kubernetes’ backing store. All cluster data is stored here. Always have a backup plan for etcd’s data for your Kubernetes cluster. kube-scheduler: watches newly created pods that have no node assigned, and selects a node for them to run on. kube-controller-manager: runs controllers, which are the background threads that handle routine tasks in the cluster. Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. kubelet: is the primary node agent. It watches for pods that have been assigned to its node (either by apiserver or via local configuration file) kube-proxy: enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding. keepalived cluster config a virtual IP address (192.168.20.10), this virtual IP address point to k8s-master01, k8s-master02, k8s-master03. nginx service as the load balancer of k8s-master01, k8s-master02, k8s-master03's apiserver. The other nodes kubernetes services connect the keepalived virtual ip address (192.168.20.10) and nginx exposed port (16443) to communicate with the master cluster's apiservers.

keycloak-gatekeeper - A OpenID / Keycloak Proxy service

  •    Go

Keycloak Gatekeeper is an adapter which, at the risk of stating the obvious, integrates with the Keycloak authentication service. The Gatekeeper is most happy in the company of Keycloak, but is also able to make friends with other OpenID Connect providers. The service supports both access tokens in browser cookie or bearer tokens.

Telepresence - Local development against a remote Kubernetes or OpenShift cluster

  •    Python

Telepresence substitutes a two-way network proxy for your normal pod running in the Kubernetes cluster. This pod proxies data from your Kubernetes environment (e.g., TCP connections, environment variables, volumes) to the local process. The local process has its networking transparently overridden so that DNS calls and TCP connections are routed through the proxy to the remote Kubernetes cluster.

kubefwd - Bulk port forwarding Kubernetes services for local development.

  •    Go

Read Kubernetes Port Forwarding for Local Development for background and a detailed guide to kubefwd. kubefwd is a command line utility built to port forward some or all pods within a Kubernetes namespace. kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation. kubefwd temporally adds domain entries to your /etc/hosts file with the service names it forwards.

origin - Enterprise Kubernetes for Developers

  •    Go

OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OpenShift adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams.For questions or feedback, reach us on IRC on #openshift-dev on Freenode or post to our mailing list.


strimzi-kafka-operator - Apache Kafka running on Kubernetes and OpenShift

  •    Java

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. See our website for more details about the project. Documentation to the current master branch as well as all releases can be found on our website.

kubeadm-dind-cluster - A Kubernetes multi-node test cluster based on kubeadm

  •    Shell

A Kubernetes multi-node cluster for developer of Kubernetes and projects that extend Kubernetes. Based on kubeadm and DIND (Docker in Docker). Supports both local workflows and workflows utilizing powerful remote machines/cloud instances for building Kubernetes, starting test clusters and running e2e tests.

k8s-conformance - CNCF K8s Conformance Working Group

  •    

Over the last 3 years Kubernetes has seen wide-scale adoption by a vibrant and diverse community of platform providers. In fact, there are now more than 50 Kubernetes platforms and distributions. One of the goals of the project has always been consistency and portability. Kubernetes sits on top of the infrastructure and enables you to describe your workload in a common format. Kubernetes makes it easy to move workloads from one place to another, or combine disjointed environments with a shared control plane.

kubernetes-security-best-practice - Kubernetes Security - Best Practice Guide

  •    

This document acts as a best practice guide to Kubernetes security. K8s is a powerful platform which can be abused in many ways if not configured properly. The authors of this guide are running Kubernetes in production and worked on several K8s projects to learn about security flaws the hard way. The severity or importance of each topic is indicated by an emoji in the topic name.

kubernetes-client - Java client for Kubernetes & OpenShift 3

  •    Java

This client provides access to the full Kubernetes & OpenShift 3 REST APIs via a fluent DSL.Using the DSL is the same for all resources.

odo - OpenShift Do - Fast, iterative OpenShift development

  •    Go

OpenShift Do (odo) is a fast, iterative, and straightforward CLI tool for developers who write, build, and deploy applications on OpenShift. Existing tools such as oc are more operations-focused and require a deep-understanding of Kubernetes and OpenShift concepts. odo abstracts away complex Kubernetes and OpenShift concepts, thus allowing developers to focus on what is most important to them: code.

odo - OpenShift Command line for Developers

  •    Go

OpenShift Do (Odo) is a CLI tool for developers who are writing, building, and deploying applications on OpenShift. With Odo, developers get an opinionated CLI tool that supports fast, iterative development which abstracts away Kubernetes and OpenShift concepts, thus allowing them to focus on what's most important to them: code. Odo was created to improve the developer experience with OpenShift. We understand that, as developers, you want tools that help you be productive. What do you don't want, is to have to change the way you work or have to become an expert in Kubernetes or OpenShift just to get your work done.

python - Official Python client library for kubernetes

  •    Python

Python client for the kubernetes API. client-python follows semver, so until the major version of client-python gets increased, your code will continue to work with explicitly supported versions of Kubernetes clusters.

Kong - The Microservice API Gateway

  •    Lua

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.

k8s-on-raspbian - Kubernetes on Raspbian (Raspberry Pi)

  •    Shell

This guide is part of a larger blog post: Build your own bare-metal ARM cluster. Once you're up and running please share your clusters on Twitter with @alexellisuk.

k3s - Lightweight Kubernetes. 5 less than k8s.

  •    Go

Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 40mb. At this point, you can run the agent as a separate process or not run it on this node at all.

ambassador - open source Kubernetes-native API gateway for microservices built on the Envoy Proxy

  •    Python

Ambassador is an open source Kubernetes-native API Gateway built on Envoy, designed for microservices. Ambassador essentially serves as an Envoy ingress controller, but with many more features. Ambassador deploys the Envoy Proxy for L7 traffic management. Configuration of Ambassador is via Kubernetes annotations. Ambassador relies on Kubernetes for scaling and resilience. For more on Ambassador's architecture and motivation, read this blog post.

minishift - Run OpenShift locally

  •    Go

Minishift is a tool that helps you run OpenShift locally by running a single-node OpenShift cluster inside a VM. You can try out OpenShift or develop with it, day-to-day, on your local host. Minishift uses libmachine for provisioning VMs, and OpenShift Origin for running the cluster. The code base is forked from the Minikube project.

containerdns - a full cache DNS for kubernetes

  •    C

ContainerDNS is used as internal DNS server for k8s cluster, and use DNS library : https://github.com/miekg/dns. containerdns-kubeapi will monitor the services in k8s cluster,when the service is created and has been assigned with external ips, the user(docker)in cluster can access the service with the domain. When the domain has multiple ips, the containerdns will choose one actived for the user randomly, it seems like a load balancer. Also the containerdns offer "session persistence", that means we query one domain from one user ip, then the user access the domain later, the user will get the same service ip.