apiserver-proxy/

directory
v0.0.0-...-1ac4f16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 7, 2019 License: Apache-2.0

README

API Server Proxy

Overview

The Kyma API Server Proxy is a core component that uses JWT authentication to secure access to the Kubernetes API server. It is based on the kube-rbac-proxy project. This Helm chart outlines the component's installation.

Prerequisites

Use these tools to work with the API Server Proxy:

Details

This section describes:

  • How to run the controller locally
  • How to build the Docker image for the production environment
  • How to use the environment variables
  • How to test the Kyma API Server Proxy
Run the component locally

Run Minikube to use the API Server Proxy locally. Run this command to run the application without building the binary:

$ go run cmd/proxy/main.go
API Server Proxy configuration

You can use command-line flags to configure the API Server Proxy. Use these flags to secure the Kubernetes API Server with JWT authentication:

	--upstream="https://kubernetes.default"		 	The upstream URL to proxy to once requests have successfully been authenticated and authorized.
	--oidc-issuer="https://dex.{{ DOMAIN }}"		The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT).
	--oidc-clientID="								The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
	--oidc-ca-file="path/to/cert/file"				If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host's root CA set will be used.

Find more details about available flags here

Test

Run all tests:

$ go test -v ./...

Directories

Path Synopsis
cmd
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL