README
¶
Intro
AWS Securitygroup Manager is a Go program that lets Kubernetes cluster nodes connect to an AWS Security Group. It can be run inside a cluster as a regular Deployment/Pod or from outside the cluster as long as it is given a valid Kubernetes context to use.
Usage
The app assumes that the following environment variables have been set. The app exits with an error message if any of them are missing:
| Variable name | Description |
|---|---|
| AWS_ACCESS_KEY_ID | AWS Access Key ID |
| AWS_SECRET_ACCESS_KEY | AWS Access Key secret |
| AWS_VPC_ID | AWS VPC ID |
| AWS_SECURITY_GROUP_ID | AWS Security Group ID |
| AWS_DEFAULT_REGION | AWS Default Region |
| AWS_REGION | AWS Region |
| AWS_SGMANAGER_OWNER_ID | Used to mark firewall rules for ownership |
| FROM_PORT | Start port range for firewall rules |
| TO_PORT | Ending port range for firewall rules |
| PROTOCOL | Protocl (either tcp or udp) |
Kubernetes
The deployment directory of this project contains a Kustomize manifest that
you can use to deploy this application into your cluster. Simply
edit the file at deployment/overlays/sample/secrets/env with the desired
values and then apply the manifest to your cluster.
kubectl apply -k deployment/overlays/sample
Building
To build the application, simply run the following:
go build -o aws-securitygroup-manager cmd/aws-securitygroup-manager.go
You can also use the provided Dockerfile to build a docker image:
docker build . -t aws-securitygroup-manager:latest
Note that building isn't necessary as docker images are automatically built
and pushed to docker hub under triggerhappy/aws-securitygroup-manager:latest.
Directories