twingate / kubernetes-operator Goto Github PK
View Code? Open in Web Editor NEWTwingate Kubernetes Operator allows configuring Twingate using Kubernetes assets - OSS
Home Page: https://www.twingate.com
License: Mozilla Public License 2.0
Twingate Kubernetes Operator allows configuring Twingate using Kubernetes assets - OSS
Home Page: https://www.twingate.com
License: Mozilla Public License 2.0
To make services accessible on K8S a Service
object is used.
Rather than make user manually create an aditional TwingateResource
to expose that service we can do that automatically.
Service
as a Twingate Resource, annotate it with twingate.com/expose
value "true"
(under its metadata.annotations
)TwingateResource
object with address <service name>.<namespace>.svc.cluster.local
TwingateResource
properties like isvisible
, isBrowserShortcutEnabled
and securityPolicyId
? Maybe the twingate.com/expose
should actually be an object...Allow defining a TwingateConnector
that'll
This is a basic building block on top of which we could later define an object that creates multiple of these (like a Deployment
with replicas
prop)
Proposal for CRD:
apiVersion: twingate.com/v1beta
kind: TwingateConnector
metadata:
name: my-connector
spec:
name: My K8S Connector
imagePolicy:
schedule: "0 2 * * *"
version: 0.1.x
containerExtra:
resources:
requests:
cpu: 314m
memory: 128Mi
limits:
cpu: 500m
memory: 128Mi
podExtra: {}
On create operator will:
Secret
and Pod
objectsimagePolicy.check
that willimagePolicy.version
)Right the remote network ID we run in integration tests is hardcoded.
This is a problem when multiple builds run in parallel.
We should change code to create a new network on the fly via API before starting the test run
What is missing?
In order to get principalId
developer needs access to Twingate Admin which he, usually doesn't have.
Example:
apiVersion: twingate.com/v1beta
kind: TwingateResourceAccess
metadata:
name: my-twingate-access
spec:
resourceRef:
name: my-twingate-resource
namespace: default
principalExternalRef:
type: Group
byName: "my group"
What is missing?
Ability to customize connector log level.
Right now it is hardcoded to 7
but should be able to override it via the TwingateConnector
CRD
Why do we need it?
Not all environments need or want the full extent of logs
What is missing?
Ability to have a connector image auto-update from a GCP repository (Google Artifact Registry)
Why do we need it?
Certain customers proxy dockerhub through their GCP for security scanning etc.
What is missing?
values.yaml
requires specifying the apiKey
directly but for certain customers (dependin on how they manage secrets) it may be better to create the Secret
object with the apiKey value themselves and point to it.
** Details **
Extend twingateOperator
section in values.yaml
to allow either specifying an apiKey
value or existingAPIKeySecret
:
Example:
twingateOperator:
network: "acme"
remoteNetworkId: "123"
existingAPIKeySecret:
name: my-secret-object
key: twingate-api-key
Example for reference:
https://github.com/prometheus-operator/prometheus-operator/tree/main/.github/ISSUE_TEMPLATE
Run a daily job that checks docker scout cves twingate/kubernetes-operator:dev --only-fixed
and alerts (Slack?) on fixable vulnerabilities
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.