README
¶
random-ingress-operator
A Kubernetes operator to manage randomly named Ingresses with a maximum duration. When that duration is reached, the ingress is updated with a new random name.
Example
Taking this RandomIngress resource:
apiVersion: networking.backmarket.io/v1alpha1
kind: RandomIngress
metadata:
name: example
spec:
ingressTemplate:
spec:
rules:
# The controller will enforce that a |RANDOM| tag is present in every host, and refuse to create the Ingress otherwise
- host: "|RANDOM|.example.com"
http:
paths:
- backend:
service:
name: example-service
port:
number: 80
The operator will create this Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: exampleingress-123456ab12ef
annotations:
networking.backmarket.io/expires-at: 2021-09-02T21:08:08Z
spec:
rules:
- host: "a2e7a42e-3be2-4921-b187-0f067dbd6520.example.com"
http:
paths:
- backend:
serviceName: example-service
port:
number: 80
The UUID will be changed periodically (by default every eight hours).
Keeping the ingresses really hidden
If you expose HTTPS endpoints, you should avoid creating one certificate per ingress, and use a wildcard instead. Public certificate creation is recorded in Certificate Transparency Logs nowadays, which can be queried by anyone and can be used by someone to find the names of your random ingresses.
Using a wildcard certificate instead will avoid this exposure.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1alpha1
Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group +kubebuilder:object:generate=true +groupName=networking.backmarket.io
|
Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group +kubebuilder:object:generate=true +groupName=networking.backmarket.io |
|
mocks
Package mock_client is a generated GoMock package.
|
Package mock_client is a generated GoMock package. |
Click to show internal directories.
Click to hide internal directories.