README
¶
Whitelister
Problem
We would like to restrict access to servers to specific addresses only and keep audit trail of IP addresses allowed. A tool to manage access to servers based on IP addresses and ports.
Solution
Whitelister can be used to manage security group rules that control access to servers on different ports.
At the moment it supports Kubernetes as an IP Provider and Aws as the cloud provider. You can read more about the configuration options here
Deploying to Kubernetes
You can deploy Whitelister by following methods
Vanilla Manifests
You can apply vanilla manifests by running the following command
kubectl apply -f https://raw.githubusercontent.com/stakater/Whitelister/master/deployments/kubernetes/whitelister.yaml
Whitelister gets deployed in default namespace and searches for ingresses in all namespaces with label name whitelister and label value true. You will have to modify this file and add your credentials to access the cloud provider.
Helm Charts
Alternatively if you have configured helm on your cluster, you can add Whitelister to helm from our public chart repository and deploy it via helm using below mentioned commands
helm repo add stakater https://stakater.github.io/stakater-charts
helm repo update
helm install stakater/whitelister
Note: By default whitelister is installed in default namespace. To run in a specific namespace, please run following command. It will install Whitelister in test namespace.
helm install stakater/whitelister --namespace test
Use Case
-
Let's say that using Scaler, you stop/destroy your dev severs at night and start/create them again in the morning for cost saving. This can cause your servers to have new IP addresses every day and it can be a tedious job to add IP addresses of multiple Servers to multiple Security Groups everyday.
This is where Whitelister comes to the rescue. It can automatically detect new server creation by fetching nodes from Kubernetes and then modify security group of selected Ingress to add Ip addresses of new servers and optionally delete IP Addresses for old servers.
-
Let's say you have a large team and you don't want to share cloud access with everyone. Now in order to still allow them to be able to access IP restricted servers, you can use a GIT repo which maintains a list of allowed IP addresses and users can add and remove the IP addresses there.
Help
Documentation
You can find more documentation here
Have a question?
File a GitHub issue, or send us an email.
Talk to us on Slack
Join and talk to us on Slack for discussing Whitelister
Contributing
Bug Reports & Feature Requests
Please use the issue tracker to report any bugs or file feature requests.
Developing
PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
- Fork the repo on GitHub
- Clone the project to your own machine
- Commit changes to your own branch
- Push your work back up to your fork
- Submit a Pull request so that we can review your changes
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
Changelog
View our closed Pull Requests.
License
Apache2 © Stakater
About
Whitelister is maintained by Stakater. Like it? Please let us know at hello@stakater.com
See our other projects or contact us in case of professional services and queries on hello@stakater.com
Documentation
¶
There is no documentation for this package.
Source Files
Directories