Proxy Workloads
kftray allow you to proxy workloads through your Kubernetes cluster, enabling access to internal or external services.
Proxy Configuration
Basic proxy configuration format:
{
"workload_type": "proxy",
"namespace": "default",
"local_port": 8080,
"remote_port": 80,
"remote_address": "internal-service.cluster.local",
"protocol": "tcp",
"alias": "internal-proxy"
}
Configuration Fields
workload_type
: Must be set to "proxy"remote_address
: Target service addresslocal_port
: Local port for accessing the proxyremote_port
: Target service portprotocol
: "tcp" or "udp"alias
: Friendly name for the proxy
Use Cases
Internal Services
{
"workload_type": "proxy",
"remote_address": "internal-db.namespace.svc.cluster.local",
"local_port": 5432,
"remote_port": 5432,
"protocol": "tcp",
"alias": "internal-db"
}
External Services
{
"workload_type": "proxy",
"remote_address": "external-api.company.internal",
"local_port": 8080,
"remote_port": 443,
"protocol": "tcp",
"alias": "external-api"
}
Security Considerations
- Always verify the security implications of proxying services
- Use appropriate network policies
- Consider implementing access controls
Best Practices
- Naming Conventions
- Use descriptive aliases
- Include purpose in alias
- Document proxy configurations
- Port Management
- Use consistent local ports
- Avoid conflicts with local services
- Document port assignments
- Security
- Limit proxy access appropriately
- Monitor proxy usage
- Regular security audits