https://github.com/memgraph/bolt-proxy
Bolt protocol support for a Kubernetes cluster with authentication via Ingress
https://github.com/memgraph/bolt-proxy
bolt bolt-protocol hacktoberfest hacktoberfest2021 kubernetes kubernetes-deployment memgraph proxy
Last synced: 10 months ago
JSON representation
Bolt protocol support for a Kubernetes cluster with authentication via Ingress
- Host: GitHub
- URL: https://github.com/memgraph/bolt-proxy
- Owner: memgraph
- License: apache-2.0
- Created: 2021-06-24T08:30:10.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2023-03-03T13:57:09.000Z (about 3 years ago)
- Last Synced: 2024-06-20T03:34:50.475Z (almost 2 years ago)
- Topics: bolt, bolt-protocol, hacktoberfest, hacktoberfest2021, kubernetes, kubernetes-deployment, memgraph, proxy
- Language: Go
- Homepage:
- Size: 76.2 KB
- Stars: 24
- Watchers: 8
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Bolt-proxy
Welcome to the **bolt-proxy** service repository.
If you wish to support bolt protocol in your Kubernetes cluster and authenticate
them via ingress service, this bolt-proxy helps you intercept those requests and
delegate authentication. This project aims to help everyone using k8 clusters to
use this bolt-proxy in order to implement cluster authentication inside of it.
## 📋 How to use?
You can set up these flags manually:
```
Usage of ./bolt-proxy:
-bind string
host:port to bind to (default "localhost:8888")
-cert string
x509 certificate
-debug
enable debug logging
-key string
x509 private key
-pass string
Memgraph password
-uri string
bolt uri for remote Memgraph (default "bolt://localhost:7687")
-user string
Memgraph username (default "")
```
or set up the env variables:
- `BOLT_PROXY_BIND` -- host:port to bind to (e.g. "0.0.0.0:8888")
- `BOLT_PROXY_URI` -- bolt uri for backend system(s) (e.g. "bolt://host-1:7687")
- `BOLT_PROXY_USER` -- memgraph user for the backend monitor
- `BOLT_PROXY_PASSWORD` -- password for the backend memgraph user for use by the
monitor
- `BOLT_PROXY_CERT` -- path to the x509 certificate (.pem) file
- `BOLT_PROXY_KEY` -- path to the x509 private key file
- `BOLT_PROXY_DEBUG` -- set to any value to enable debug mode/logging
## 🔎 Authentication & Authorization
Currently, bolt-proxy supports BasicAuth on and AADToken authentication for
Azure. To enable it set the env variable `AUTH _METHOD` to one of the possible
authentication methods.
- `AUTH_METHOD` -- currently only `BASIC_AUTH` and `AAD_TOKEN_AUTH` are
supported
Depending on the chosen authentication methods, you will need to define specific
environment variables:
- `BASIC_AUTH_URL` -- URL against which to authenticate clients credentials
- `AAD_TOKEN_CLIENT_ID` -- ClientID of the resource which you wish to
authenticate against
- `AAD_TOKEN_PROVIDER` -- The Azure authentication provider (e.g.
https://login.microsoftonline.com/{tenant_name})
The user should use any client application (`mgconsole`, `neo4j-client`,
`pymgclient`...) to connect to Memgraph and send credentials via bolt protocol.
`mgconsole -username user -password password` or `mgconsole -username user
-password JWT`
## Acknowledgments
Thanks to [Dave Voutila](https://github.com/voutilad) and his work on bolt-proxy
for Neo4js [bolt-proxy](https://github.com/voutilad/bolt-proxy) and for
providing a good base and inspiration for this bolt-proxy.
## License
Project is licensed under [Apache License 2.0](https://github.com/memgraph/bolt-proxy/blob/main/LICENSE).
The original project made by Dave Voutila is licensed under [MIT](https://github.com/memgraph/bolt-proxy/blob/main/MIT.license)
License.
```
Copyright 2020 Dave Voutila (dave@sisu.io)
Copyright 2023 MEMGRAPH LTD
```