Skip to content

Daemon running in k8s that can block ideally IPs reading from a datasource and writing to a cloud firewall

License

Notifications You must be signed in to change notification settings

softonic/ip-blocker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

4e3e256 · Jun 3, 2024
Sep 21, 2021
Jun 5, 2023
Dec 5, 2023
Sep 13, 2021
Sep 21, 2021
Aug 12, 2021
Nov 25, 2021
Jun 3, 2024
Sep 17, 2021
Sep 30, 2021
Jun 5, 2023
Jun 5, 2023
Oct 1, 2021

Repository files navigation

ip-blocker

Daemon running in k8s that can block ideally IPs reading from a datasource where the IPs are already marked as banned and writing to a cloud firewall

Go Report Card Releases LICENSE DockerHub

Quick Start

Deployment

Requirements

In this example we assume you already have a k8s cluster running

Deploy using kubectl

Generate secrets. Credentials to connect to ES

In order to create these secrets

...
        - name: ELASTIC_USERNAME
          valueFrom:
            secretKeyRef:
              name: elastic-credentials
              key: username
        - name: ELASTIC_PASSWORD
          valueFrom:
            secretKeyRef:
              name: elastic-credentials
              key: password

...
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /secrets/credentials.json
        volumeMounts:
        - name: credentials
          mountPath: /secrets
      volumes:
      - name: credentials
        secret:
          secretName: google-credentials
...
$ make deploy

You can find public image in the softonic/ip-blocker docker hub repository.

Deploy using Helm

Generate secrets like kubectl install example.

$ make helm-deploy

DEVEL ENVIRONMENT

Compile the code and deploy the needed resources

$ skaffold dev

Motivation

We want to block the IPs that are crawling our site and are potentially jeopardizing our infrastructure, for 1 hour. We realize that some unwanted crawlings are not behaving and are gettint our site slower and sometimes unresponsive.

In this first version the daemon is reading from an ElasticSearch and getting the lasts requests that returned 429 to the client. Once we got these IPs that are being throttle, we block the IPs in the GCP firewall called Armor.

Final goal would be to someone to use this tool and be able to use other source of data other than ES and other actor different than GCP Armor.

Diagram

Diagram Flow

Loading
graph LR
    A[Start Golang Daemon] --> B(Initialize App, ElasticSource, and GCPArmorActor)
    B --> C(Start App)
    C -->|Run Goroutines| D1(Fetch IPs from Elasticsearch)
    C -->|Run Goroutines| D2(Manage Blocked IPs)
    D1 --> E1(Interact with GCPArmorActor)
    E1 --> E2(Block IPs using Google Cloud Armor)
    D2 --> F1(Interact with GCPArmorActor)
    F1 --> F2(Unblock IPs using Google Cloud Armor)
    C --> G(Listen for Interrupt Signal)
    G --> H[Stop Golang Daemon]