kube-rbac-proxy
kube-rbac-proxy copied to clipboard
brancz
Kubernetes RBAC authorizing HTTP proxy for a single upstream.
For the automatic collection of logs using a service such as Filebeat, it would be helpful if the logs could be output as JSON, e.g. by using a flag. For...
# What Add flag that silences logs for shallow tcp connections that are opened and closed. # Why haproxy makes health probes by opening tcp connections and closing them. kube-rbac-proxy...
### Description This PR extends the feature in https://github.com/brancz/kube-rbac-proxy/pull/104. With a "separator" in the config the header value can be split. e.g. ``` "authorization": "resourceAttributes": "apiVersion": "metrics.k8s.io/v1beta1" "namespace": "{{ .Value...
Add support for the proxing to the upstream via a unix socket. This may help to reduce the number of the ports occupied by the POD which uses `kube-rbac-proxy` (e.g....
Currently the upstream can only be an URL to an http(s) endpoint which is bound to a network address and port. This would be nice to have a dedicated flag...
https://github.com/brancz/kube-rbac-proxy/pull/211 introduced client-cert authentication of the proxy towards upstream. https://github.com/brancz/kube-rbac-proxy/pull/211#pullrequestreview-1199717352 requests an e2e test. The PR already introduces a unit-test that checks that the upstream transport is set up correctly....
- [ ] Consider updating `tls-reload-interaval` with k8s.io/apiserver code as it auto-reloads TLS ([link](https://github.com/brancz/kube-rbac-proxy/pull/162#discussion_r809242286), [link](https://github.com/brancz/kube-rbac-proxy/pull/162#discussion_r840662155)) - [ ] Consider checking for the audience in the token provided ([link](https://github.com/brancz/kube-rbac-proxy/pull/162#discussion_r809245216)). - [...
New k8s client-go forces passing context in function calls. It would be good to pass proper context instead of TODO. This should be considered as a follow-up to https://github.com/brancz/kube-rbac-proxy/pull/95
Right now kube-rbac-proxy can be configured with only one resource request authorization (as described in https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes). It would be useful to specify more than one resource request. We have a...
