bore (verb)
/bɔː/
Make (a hole) in something with a tool or by digging.
BoreD is a secure, end-to-end encrypted, reverse tunnel daemon for Kubernetes API access. It's designed to work with Lens - The Kubernetes IDE. BoreD combines a client-side reverse proxy, websocket tunnels and end-to-end encryption to expose your Kubernetes API to users.
- Secure tunnel from users desktop to Kubernetes API
- Impersonation based on IdP issued JWT tokens
- Works behind firewalls / NAT
- End-to-end encryption, BoreD daemon cannot see the traffic it tunnels
- Link encryption using TLS for websockets (
wss://) - Automatic reconnects
- Handles multiple Kubernetes clusters
{
"sub": "username",
"groups": [],
"clusterId": "cluster-uuid",
"aud": "https://bored.domain.com/"
}{
"sub": "cluster-uuid",
"aud": "https://bored.domain.com/"
}Both client and agent use websockets to establish socket connection to BoreD daemon. This transport layer can be secured using Secure WebSockets (TLS).
BoreD tunnel encryption is done in two phases. Tunneled data is being encrypted using symmetric encryption (AES-256-GCM). Key exhange is done using asymmetric encryption (RSA-4096) where BoreD agent has the private key and the public key is distributed to clients via BoreD daemon.
Copyright (c) 2021 Mirantis, Inc.
Licensed under the MIT license.