Proxy Workloads

kftray allow you to proxy workloads through your Kubernetes cluster, enabling access to internal or external services.

Proxy Configuration

Basic proxy configuration format:

{
  "workload_type": "proxy",
  "namespace": "default",
  "local_port": 8080,
  "remote_port": 80,
  "remote_address": "internal-service.cluster.local",
  "protocol": "tcp",
  "alias": "internal-proxy"
}

Configuration Fields

  • workload_type: Must be set to "proxy"
  • remote_address: Target service address
  • local_port: Local port for accessing the proxy
  • remote_port: Target service port
  • protocol: "tcp" or "udp"
  • alias: Friendly name for the proxy

Use Cases

Internal Services

{
  "workload_type": "proxy",
  "remote_address": "internal-db.namespace.svc.cluster.local",
  "local_port": 5432,
  "remote_port": 5432,
  "protocol": "tcp",
  "alias": "internal-db"
}

External Services

{
  "workload_type": "proxy",
  "remote_address": "external-api.company.internal",
  "local_port": 8080,
  "remote_port": 443,
  "protocol": "tcp",
  "alias": "external-api"
}

Security Considerations

  • Always verify the security implications of proxying services
  • Use appropriate network policies
  • Consider implementing access controls

Best Practices

  1. Naming Conventions
    • Use descriptive aliases
    • Include purpose in alias
    • Document proxy configurations
  2. Port Management
    • Use consistent local ports
    • Avoid conflicts with local services
    • Document port assignments
  3. Security
    • Limit proxy access appropriately
    • Monitor proxy usage
    • Regular security audits