https://github.com/gianluca-mascolo/squid-kubeio-filter

Squid filter that allow navigation only on kubernetes.io documentation
https://github.com/gianluca-mascolo/squid-kubeio-filter

certification ckad ckad-exercises documentation k8s kubernetes squid url-filter

Last synced: 7 months ago
JSON representation

Squid filter that allow navigation only on kubernetes.io documentation

• Host: GitHub
• URL: https://github.com/gianluca-mascolo/squid-kubeio-filter
• Owner: gianluca-mascolo
• License: gpl-3.0
• Created: 2020-09-09T08:11:10.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2020-10-08T08:50:27.000Z (about 5 years ago)
• Last Synced: 2025-01-26T14:11:09.233Z (9 months ago)
• Topics: certification, ckad, ckad-exercises, documentation, k8s, kubernetes, squid, url-filter
• Homepage:
• Size: 26.4 KB
• Stars: 3
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# squid-kubeio-filter

## Goal

I'm preparing for Kubernetes certification. Since the only website allowed during the exam is the official [kubernetes.io](https://kubernetes.io/docs/home/) documentation, I wrote a squid proxy configuration that allow me to stuck on that site while study.

## Requirements

This PoC is meant to be run on minikube so you must have it installed and running on your computer. Just apply the yaml file with

```

kubectl apply -f squid.yaml

```

It use the following images on Docker Hub

- [b4tman/squid](https://hub.docker.com/r/b4tman/squid) ([source](https://github.com/b4tman/docker-squid))

- [rnix/openssl-gost](https://hub.docker.com/r/rnix/openssl-gost) ([source](https://github.com/rnixik/docker-openssl-gost))

## Howto

After resource creation on Kubernetes, you need to configure your browser to use a proxy with a custom certificate to access the Internet.

### SSL Certificate

You can extract the custom certificate from the running squid with (example)

```

]$ kubectl get pods -l app=squid

NAME                     READY   STATUS    RESTARTS   AGE

squid-764554f67f-9hcrl   1/1     Running   0          36m

]$ kubectl cp squid-764554f67f-9hcrl:/etc/squid/cert/squid-ca-cert.pem /tmp/squid-ca-cert.pem

```

### Proxy Address

The proxy is reachable from your computer at _MinikubeIp_:_NodePort_. Example:

```

]$ kubectl get svc -l app=squid

NAME    TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE

squid   NodePort   10.98.172.39           3128:32347/TCP   54m

]$ minikube ip

192.168.39.230

```

HTTP proxy address in the example is 192.168.39.230:32347

### Browser configuration

- Configure your HTTP and HTTPS proxy to _MinikubeIp_:_NodePort_ (do not forget HTTPS or the filter won't work)

- Load the squid-ca-cert.pem in your certification authorities list

- Extra Tip: you can use a custom profile in your browser only for that, e.g. with `firefox -P`

## Notes

- You can monitor squid logs with `kubectl logs -f -l app=squid`

- URL filter is customized to include resources coming from external sites into kubernetes.io site. This may change in future.

- This configuration allow access to https://kubernetes.io/docs/ and https://kubernetes.io/search/ only. Other sections like blog are forbidden.