Knock-knock is a useful access control tool designed for managing the NHN Kubernetes Service (NKS)-based CI/CD operating environment. Named after the familiar act of knocking on a door ✊✊🚪😅, this tool seeks to help ensure secure and efficient access management to CI/CD systems for Cloud-Barista platform development.
In the era of cloud computing, it is important to secure your cloud infrastructure, especially to prevent abnormal use of the Cloud-Barista platform and mitigate risks associated with CSP credential exposure. However, these concerns should not prevent the adoption of a very helpful CI/CD system. Knock-knock helps Cloud-Barista maintainers solve this problem by independently managing access control settings for their CI/CD environments.
- User-Friendly Interface: Offers an intuitive web interface for access rights administration.
- Enhanced Security Integration: Implements comprehensive security group and IP ACL management.
- Integration with NHN Cloud API: Manages resources like security groups and IP ACLs seamlessly.
- SSO & Session Management: Integrates Keycloak for Single Sign-On and secure user authentication.
- Security group management: Enables creating, attaching, detaching, and removing rules for instances (VMs, virtual machines), including inbound/outbound IP and port configurations.
- IP access control list (ACL) management: Facilitates creating, attaching, detaching, and removing IP ACL group and target that can be bound to Load Balancer, including ALLOW/DENY and CIDR address configurations.
- Clone the repository:
git clone https://github.com/cloud-barista/knock-knock.git
- Navigate to the directory:
cd knock-knock
- Create
config.yaml
andsecrets.yaml
in the directoryconf
by using provided templates - Build by
make
- Run
knock-knock
withmake run
- Prepare
secrets.yaml
- Pull the Docker image: TBD
- Run the container with
secrets.yaml
docker run --mount type=bind,source="${PWD}"/secrets.yaml,target=/app/conf/ -p 8888:8888 -p 8056:8056 container_image
- Access the web interface at
http://localhost:8888
orhttp://your_domain_or_ip:8888
.
Contributions are welcome! Please see our Contributing Guide for more information.
Knock-knock is licensed under Apache License 2.0.