Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] k8s API proxying? #1

Open
mecampbellsoup opened this issue Feb 2, 2021 · 1 comment
Open

[Question] k8s API proxying? #1

mecampbellsoup opened this issue Feb 2, 2021 · 1 comment

Comments

@mecampbellsoup
Copy link

mecampbellsoup commented Feb 2, 2021
edited
Loading

Hello there, nice project! 👋

Are you using this to proxy access to your public k8s API?

In our case, we have customers that will be using our k8s API server (i.e. we are a multi-tenant, multi-cluster cloud provider) but in addition to having a proxy/gateway in front of Prom, Grafana, et al., we also want to put the k8s API server behind the proxy (for public access/consumption; internal apiserver traffic can still go directly to the internal service).

So I have 2 questions:

  1. Does this sound like a reasonable idea?
  2. How are you provisioning TLS client certificates for the client-server authentication? e.g. when setting up k8s authenticating proxy one is required to configure an API server param --requestheader-client-ca-file=/path/to/client/ca/file. I imagine this pattern has showed up in your proxying patterns somewhere so I am curious if you've written any software to automate it.
@jwalton
Copy link
Owner

jwalton commented Feb 2, 2021

Sorry, closest I've done is to proxy to the K8s dashboard, and I haven't had to deal with client certificates either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jwalton @mecampbellsoup