sidecar-security

command module

v0.0.0-...-720a7c6 Latest Latest Go to latest Published: Mar 14, 2020 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubesure/sidecar-security

Links

Open Source Insights

README ¶

sidecar-security

Security sidecar forwards authenticated http/REST request to origin. The sidecar is a proxy forwarding all requests to origin on port 80.

Deploy sample serivce POD (sidecare + origin service app) in Kubernetes

This example deploys the sidecare with origin as https://httpbin.org.

kubectl apply -f deploy/deployment.yaml

Test the Sidecar

Deploy the test curl client in cluster

kubectl run curl --image=radial/busyboxplus:curl -i --tty

Note the cluster IP of deployed Sidecar service

kubectl get svc origin-httpbin

Jump in the curl pod to test

kubectl exec curl-69c656fd45-wtfx6 -it -- sh

Test sidecare with IP and valid credentials

curl -v -H "user: foo" http://10.102.69.227:8000/anything
> GET /anything HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 10.102.69.227:8000
> Accept: */*
> user: foo
> 
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Length: 422
< Content-Type: application/json
< Date: Sun, 01 Mar 2020 07:43:25 GMT
< Server: gunicorn/19.9.0
< 
{
  "args": {}, 
  "data": "", 
  "files": {}, 
  "form": {}, 
  "headers": {
    "Accept": "*/*", 
    "Accept-Encoding": "gzip", 
    "Host": "10.102.69.227:8000", 
    "User": "foo", 
    "User-Agent": "curl/7.35.0", 
    "X-Forwarded-Host": "10.102.69.227:8000", 
    "X-Origin-Host": "localhost:80"
  }, 
  "json": null, 
  "method": "GET", 
  "origin": "172.17.0.6", 
  "url": "http://10.102.69.227:8000/anything"
}

curl -v -H "user: foo" http://origin-httpbin:8000/anything
> GET /anything HTTP/1.1
> User-Agent: curl/7.35.0
> Host: origin-httpbin:8000
> Accept: */*
> user: foo
> 
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Length: 425
< Content-Type: application/json
< Date: Sun, 01 Mar 2020 07:43:40 GMT
< Server: gunicorn/19.9.0
< 
{
  "args": {}, 
  "data": "", 
  "files": {}, 
  "form": {}, 
  "headers": {
    "Accept": "*/*", 
    "Accept-Encoding": "gzip", 
    "Host": "origin-httpbin:8000", 
    "User": "foo", 
    "User-Agent": "curl/7.35.0", 
    "X-Forwarded-Host": "origin-httpbin:8000", 
    "X-Origin-Host": "localhost:80"
  }, 
  "json": null, 
  "method": "GET", 
  "origin": "172.17.0.6", 
  "url": "http://origin-httpbin:8000/anything"
}

Test with Invalid creds


curl -v -H "user: foobar" http://10.102.69.227:8000/anything
> GET /anything HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 10.102.69.227:8000
> Accept: */*
> user: foobar
> 
< HTTP/1.1 403 Forbidden
< Date: Sun, 01 Mar 2020 07:48:20 GMT
< Content-Length: 0


curl -v -H "user: foobar" http://origin-httpbin:8000/anything
> GET /anything HTTP/1.1
> User-Agent: curl/7.35.0
> Host: origin-httpbin:8000
> Accept: */*
> user: foobar
> 
< HTTP/1.1 403 Forbidden
< Date: Sun, 01 Mar 2020 07:45:01 GMT
< Content-Length: 0
<

Building from source

Clone repo
change TAG_HUB to your container repp.
run make dpush

Generate proto client

  protoc --proto_path=./api --go_out=plugins=grpc:./api ./api/customer.proto

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api Package customer is a generated GoMock package.	Package customer is a generated GoMock package.
middleware
proxy
routing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL