Feature/k8s auth proxy#91
Open
shyam0904a wants to merge 3 commits intonetbirdio:mainfrom
Open
Conversation
This adds a Kubernetes API authentication proxy that: - Embeds the NetBird client to join the mesh network - Authenticates incoming requests using WhoIs peer identity lookup - Maps NetBird user/groups to Kubernetes impersonation headers - Provides identity-aware RBAC for kubectl access through NetBird New files: - cmd/auth-proxy/main.go: Auth proxy binary with embedded NetBird client - Dockerfile.auth-proxy: Multi-arch container build - helm/kubernetes-operator/templates/auth-proxy-*.yaml: Helm templates Configuration (values.yaml): - authProxy.enabled: Enable/disable the auth proxy - authProxy.setupKey: NetBird setup key for the proxy peer - authProxy.hostname: Peer hostname in NetBird network - authProxy.dnsDomain: NetBird DNS domain for TLS cert generation - authProxy.managementURL: NetBird management server URL RBAC: - ClusterRole with impersonate permissions for users, groups, serviceaccounts - Dedicated ServiceAccount for the auth proxy Requires: netbird with client/embed package support
shyam0904a
force-pushed
the
feature/k8s-auth-proxy
branch
from
5ed5a4f to
acf7f61
Compare
|
This seems like a feature we'd love, love, love to use! Any idea when it might be merged & released? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add Kubernetes API Auth Proxy feature that provides identity-aware access to the Kubernetes API through NetBird.
New files:
cmd/auth-proxy/main.go: Auth proxy binary with embedded NetBird clientDockerfile.auth-proxy: Multi-arch container buildhelm/kubernetes-operator/templates/auth-proxy-*.yaml: Helm templates for deployment, RBAC, and secretConfiguration (values.yaml):
authProxy.enabled: Enable/disable the auth proxyauthProxy.setupKey: NetBird setup key for the proxy peerauthProxy.hostname: Peer hostname in NetBird networkauthProxy.dnsDomain: NetBird DNS domain for TLS certauthProxy.managementURL: NetBird management server URLRequires: netbird with
client/embedpackage support