Skip to content
/ bored Public

A reverse tunnel daemon designed to work with Lens.

License

Notifications You must be signed in to change notification settings

lensapp/bored

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

9b07e6d · Nov 21, 2022
Mar 22, 2022
Nov 22, 2021
Mar 4, 2021
Apr 15, 2021
Jan 5, 2022
Nov 22, 2021
Feb 16, 2021
Nov 22, 2021
Feb 1, 2022
Feb 1, 2022
Mar 15, 2021
Apr 27, 2021
Nov 22, 2021
Nov 22, 2021
Nov 22, 2021
Aug 2, 2021
Aug 2, 2021
Nov 21, 2022
Apr 14, 2021
Feb 17, 2021
Nov 21, 2022

Repository files navigation

BoreD

bore (verb)
/bɔː/

Make (a hole) in something with a tool or by digging.

BoreD is a secure, end-to-end encrypted, reverse tunnel daemon for Kubernetes API access. It's designed to work with Lens - The Kubernetes IDE. BoreD combines a client-side reverse proxy, websocket tunnels and end-to-end encryption to expose your Kubernetes API to users.

Features

  • Secure tunnel from users desktop to Kubernetes API
  • Impersonation based on IdP issued JWT tokens
  • Works behind firewalls / NAT
  • End-to-end encryption, BoreD daemon cannot see the traffic it tunnels
  • Link encryption using TLS for websockets (wss://)
  • Automatic reconnects
  • Handles multiple Kubernetes clusters

Architecture

architecture

JWT Tokens

Client

{
  "sub": "username",
  "groups": [],
  "clusterId": "cluster-uuid",
  "aud": "https://bored.domain.com/"
}

Agent

{
  "sub": "cluster-uuid",
  "aud": "https://bored.domain.com/"
}

Encryption

Transport Layer Encryption

Both client and agent use websockets to establish socket connection to BoreD daemon. This transport layer can be secured using Secure WebSockets (TLS).

Tunnel Encryption

BoreD tunnel encryption is done in two phases. Tunneled data is being encrypted using symmetric encryption (AES-256-GCM). Key exhange is done using asymmetric encryption (RSA-4096) where BoreD agent has the private key and the public key is distributed to clients via BoreD daemon.

License

Copyright (c) 2021 Mirantis, Inc.

Licensed under the MIT license.