You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-8Lines changed: 16 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -1,15 +1,17 @@
1
1
# egress-operator
2
+
2
3
An operator to produce egress gateway pods and control access to them with network policies, and a coredns plugin to route egress traffic to these pods.
3
4
4
5
The idea is that instead of authorizing egress traffic with protocol inspection,
5
6
you instead create a internal clusterIP for every external service you use, lock
6
7
it down to only a few pods via a network policy, and then set up your dns server
7
8
to resolve the external service to that clusterIP.
8
9
9
-
Built with kubebuilder: https://book.kubebuilder.io/
10
+
Built with kubebuilder: <https://book.kubebuilder.io/>
10
11
11
12
The operator accepts ExternalService objects, which aren't namespaced, which define a dns name and ports for an external service.
12
13
In the `egress-operator-system` namespace, it creates:
14
+
13
15
- An envoy configmap for a TCP/UDP proxy to that service (UDP not working until the next envoy release that enables it)
14
16
- A deployment for some envoy pods with that config
15
17
- A horizontal pod autoscaler to keep the deployment correctly sized
@@ -31,24 +33,28 @@ In the `egress-operator-system` namespace, it creates:
31
33
```bash
32
34
make run
33
35
```
36
+
34
37
This creates an ExternalService object to see the controller-manager creating managed resources in the remote cluster.
35
38
36
39
### Setting up CoreDNS plugin
37
40
38
41
The CoreDNS plugin rewrites responses for external service hostnames managed by egress-operator.
39
42
40
43
Build a CoreDNS image which contains the plugin:
44
+
41
45
```bash
42
46
cd coredns-plugin
43
47
make docker-build docker-push IMG=yourrepo/egress-operator-coredns:latest
44
48
```
45
49
46
50
You'll need to swap out the image of your coredns kubedns Deployment for `yourrepo/egress-operator-coredns:latest`:
51
+
47
52
```bash
48
53
kubectl edit deploy coredns -n kube-system # Your Deployment name may vary
49
54
```
50
55
51
56
And edit the coredns Corefile in ConfigMap to put in `egressoperator egress-operator-system cluster.local`:
57
+
52
58
```bash
53
59
kubectl edit configmap coredns-config -n kube-system # Your ConfigMap name may vary
0 commit comments