Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lensapp/bored

A reverse tunnel daemon designed to work with Lens.
https://github.com/lensapp/bored

Last synced: 2 days ago
JSON representation

A reverse tunnel daemon designed to work with Lens.

Host: GitHub
URL: https://github.com/lensapp/bored
Owner: lensapp
License: mit
Created: 2021-02-16T06:44:06.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-06-26T11:04:51.000Z (5 months ago)
Last Synced: 2024-08-08T18:24:32.769Z (3 months ago)
Language: TypeScript
Homepage:
Size: 727 KB
Stars: 29
Watchers: 9
Forks: 9
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-starred - lensapp/bored - A reverse tunnel daemon designed to work with Lens. (others)

README

        # BoreD

```

bore (verb)

/bɔː/

```

> Make (a hole) in something with a tool or by digging.

BoreD is a secure, end-to-end encrypted, reverse tunnel daemon for Kubernetes API access. It's designed to work with [Lens - The Kubernetes IDE](https://github.com/lensapp/lens). BoreD combines a client-side reverse proxy, websocket tunnels and end-to-end encryption to expose your Kubernetes API to users.

## Features

- Secure tunnel from users desktop to Kubernetes API

- Impersonation based on IdP issued JWT tokens

- Works behind firewalls / NAT

- End-to-end encryption, BoreD daemon cannot see the traffic it tunnels

- Link encryption using TLS for websockets (`wss://`)

- Automatic reconnects

- Handles multiple Kubernetes clusters

## Architecture

![architecture](./images/architecture.png)

- [BoreD](./README.md)

- [BoreD Agent](https://github.com/lensapp/bored-agent)

## JWT Tokens

### Client

```json

{

  "sub": "username",

  "groups": [],

  "clusterId": "cluster-uuid",

  "aud": "https://bored.domain.com/"

}

```

### Agent

```json

{

  "sub": "cluster-uuid",

  "aud": "https://bored.domain.com/"

}

```

## Encryption

### Transport Layer Encryption

Both client and agent use websockets to establish socket connection to BoreD daemon. This transport layer can be secured using Secure WebSockets (TLS).

### Tunnel Encryption

BoreD tunnel encryption is done in two phases. Tunneled data is being encrypted using symmetric encryption (AES-256-GCM). Key exhange is done using asymmetric encryption (RSA-4096) where BoreD agent has the private key and the public key is distributed to clients via BoreD daemon.

### Release

1. Make a PR that updates version in package.json

2. Create and push git tag, e.g. "v0.10.4"

## License

Copyright (c) 2021 Mirantis, Inc.

Licensed under the [MIT license](./LICENSE).