From 7e023a2af2d4ab7c6456c00fcb0e1d899b9badb1 Mon Sep 17 00:00:00 2001 From: Frank Villaro-Dixon Date: Wed, 28 Aug 2024 01:20:06 +0200 Subject: [PATCH] "Improve" readme Signed-off-by: Frank Villaro-Dixon --- README.md | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5776591..9062eb5 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,46 @@ You'll need to edit the kubeconfig file and change the api host to be your local +## How to use it + +### Pod + +Launch a pod (through a deployment, or sts, or something else) on your cluster. +You can use the following image `forge.k3s.fr/frank/kube-escape:latest` + +Don't forget to give it the following env values: + +- WEBSOCKET_ROOT_URL +- WS_ID: facultative, can auto generate itself + +Then look at its logs and you'll see the ws url to use when connecting to it + +### WS Proxy + +You should spawn a WS proxy that will receive connections from the client and the pod. +It should be accessible by both. + +You can override the command of the image and use `./proxy.py` + +### Client + +Launch your client with: +```bash +./client.py +``` + +This will open a listening socket on localhost port 6443 + +### Kubectl + +Change your kubeconfig's server to `https://localhost:6443` + +And then, enjoy! + + +## Considerations + + ### Security I guess you could proxy your websockets through an HTTPs endpoint. Wouldn't be bad. @@ -35,4 +75,4 @@ However, the kubeapi proto is already over TLS, so it wouldn't add much value. ### Compression Sadly it's not really possible (efficient-wise) to compress TLS data as it looks -random-ish. \ No newline at end of file +random-ish.