Skip to content

stakater/Whitelister

Repository files navigation

Whitelister

Go Report Card Go Doc Release GitHub tag Docker Pulls Docker Stars MicroBadger Size MicroBadger Layers license Get started with Stakater

Problem

We would like to restrict access to servers to specific addresses only and keep audit trail of IP addresses allowed. A tool to manage access to servers based on IP addresses and ports.

Solution

Whitelister can be used to manage security group rules that control access to servers on different ports.

At the moment it supports Kubernetes as an IP Provider and Aws as the cloud provider. You can read more about the configuration options here

Deploying to Kubernetes

You can deploy Whitelister by following methods

Vanilla Manifests

You can apply vanilla manifests by running the following command

kubectl apply -f https://raw.githubusercontent.com/stakater/Whitelister/master/deployments/kubernetes/whitelister.yaml

Whitelister gets deployed in default namespace and searches for ingresses in all namespaces with label name whitelister and label value true. You will have to modify this file and add your credentials to access the cloud provider.

Helm Charts

Alternatively if you have configured helm on your cluster, you can add Whitelister to helm from our public chart repository and deploy it via helm using below mentioned commands

helm repo add stakater https://stakater.github.io/stakater-charts

helm repo update

helm install stakater/whitelister

Note: By default whitelister is installed in default namespace. To run in a specific namespace, please run following command. It will install Whitelister in test namespace.

helm install stakater/whitelister --namespace test

Use Case

  • Let's say that using Scaler, you stop/destroy your dev severs at night and start/create them again in the morning for cost saving. This can cause your servers to have new IP addresses every day and it can be a tedious job to add IP addresses of multiple Servers to multiple Security Groups everyday.

    This is where Whitelister comes to the rescue. It can automatically detect new server creation by fetching nodes from Kubernetes and then modify security group of selected Ingress to add Ip addresses of new servers and optionally delete IP Addresses for old servers.

  • Let's say you have a large team and you don't want to share cloud access with everyone. Now in order to still allow them to be able to access IP restricted servers, you can use a GIT repo which maintains a list of allowed IP addresses and users can add and remove the IP addresses there.

Help

Documentation

You can find more documentation here

Have a question?

File a GitHub issue, or send us an email.

Talk to us on Slack

Join and talk to us on Slack for discussing Whitelister

Join Slack Chat

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull request so that we can review your changes

NOTE: Be sure to merge the latest from "upstream" before making a pull request!

Changelog

View our closed Pull Requests.

License

Apache2 © Stakater

About

Whitelister is maintained by Stakater. Like it? Please let us know at hello@stakater.com

See our other projects or contact us in case of professional services and queries on hello@stakater.com