.png)
3 months ago
7
Automatically fetch and manage Bunny CDN edge server IP addresses in Kubernetes for trusted proxy configurations.
# Deploy to Kubernetes
kubectl apply -f bunny-ip-updater.yaml
# Verify deployment
kubectl get cronjob bunny-ip-updater
kubectl get configmap bunny-trusted-ips
# Check the IPs
kubectl get configmap bunny-trusted-ips -o jsonpath='{.data.TRUSTED_PROXY_IP}' | tr ',' '\n' | head -5
- ✅ Automated Daily Updates: CronJob runs daily at 2 AM UTC
- 🔒 Secure RBAC: Least privilege access with namespace-scoped permissions
- 🌐 IPv4 + IPv6 Support: Fetches both IP address types from Bunny CDN
- 📊 Monitoring Ready: Comprehensive logging and status tracking
- 🚀 Easy Integration: Multiple consumption methods for applications
- 🛡️ Security Hardened: Non-root containers, read-only filesystem, resource limits
env:
- name: TRUSTED_PROXY_IPS
valueFrom:
configMapKeyRef:
name: bunny-trusted-ips
key: TRUSTED_PROXY_IP
volumeMounts:
- name: trusted-ips
mountPath: /etc/trusted-ips
readOnly: true
volumes:
- name: trusted-ips
configMap:
name: bunny-trusted-ips
Special integration for Mastodon Helm chart with automatic trusted proxy configuration:
# Deploy Mastodon integration
kubectl apply -f examples/mastodon-integration.yaml
# Use provided Helm values
helm install mastodon mastodon/mastodon \
--namespace mastodon \
--values examples/mastodon-values.yaml
See docs/MASTODON_INTEGRATION.md for complete setup guide.
# Check CronJob status
kubectl get cronjob bunny-ip-updater
# View recent job logs
kubectl logs -l job-name=bunny-ip-updater --tail=50
# Check IP count
kubectl get configmap bunny-trusted-ips -o jsonpath='{.data.TRUSTED_PROXY_IP}' | tr ',' '\n' | wc -l
# Use monitoring script for advanced checks
./scripts/monitor.sh status
./scripts/monitor.sh compare # Compare with live API
├── bunny-ip-updater.yaml # Main Kubernetes manifests
├── examples/ # Integration examples
│ ├── app-deployment.yaml # Basic application integration
│ ├── mastodon-integration.yaml # Mastodon Helm chart integration
│ ├── mastodon-values.yaml # Mastodon Helm values template
│ └── nginx-config.yaml # Nginx configuration example
├── scripts/ # Deployment and monitoring scripts
│ ├── setup.sh # Interactive deployment script
│ └── monitor.sh # Monitoring and management tools
├── docs/ # Documentation
│ └── MASTODON_INTEGRATION.md # Detailed Mastodon integration guide
├── .github/workflows/ # CI/CD workflows
│ └── semgrep.yml # Security scanning
├── CLAUDE.md # AI assistant instructions
└── README.md # This file
- Namespace-scoped RBAC: Only operates within deployment namespace
- Resource-specific access: Only the bunny-trusted-ips ConfigMap
- Non-root containers: Runs as user 65534 (nobody)
- Read-only filesystem: Prevents runtime modifications
- Resource limits: Memory, CPU, and storage limits enforced
MIT License - see LICENSE file for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
- 🐛 Issues: GitHub Issues
- 💬 Discussions: GitHub Discussions
