README
¶
kube-gateway
Kube gateway allow web applications running inside (or outside) a k8s cluster to use autheticated calls to k8s API.
Kube gateway can provide a filtering layer on top of k8s RABC that filter requests by validating time of request and object name before passing them to k8s RBAC for final proccessing.
Kube gateway can provide a login authentication interface with OAuth2 authentication issuer.
(gopher network image - egonelbre/gophers)
Install
Using go install:
go install github.com/yaacov/kube-gateway/cmd/kube-gateway
What can I do with it ?
- Create web applications that use k8s API securly.
- Use temporary JWT keys to access k8s API.
- Use OAuth2 Issuer to access k8s API.
- Use k8s service account tokens to access k8s API.
Demo: use JWT access key to none-interactivly login into a k8s web application
Deploy the noVNC web application on a minikube cluster. Use admin token to generate a JWT that can access a kubevirt virtuall machine for 1h. Use the JWT access key to login into the noVNC web application.
Demo: use OAuth2 Issuer to interactivly login into a k8s web application
Deploy the demo web application on a CRC cluster. Use OAuth2 Issuer to login into the demo web application.
Deploy
See deployment examples for minikube and code-ready-containrs in deploy
git clone git@github.com:yaacov/kube-gateway.git
cd kube-gateway
make deploy
Proxy server endpoints
| endpoint | description |
|---|---|
| / | web application static files |
| /auth/login | login path to start OAuth2 authentication process |
| /auth/callback | OAuth2 authentication callback endpoint |
| /auth/token | endpoint for setting session cookie |
| /auth/gettoken | endpoint for generating JWT access keys |
Directories