I'm preparing for Kubernetes certification. Since the only website allowed during the exam is the official kubernetes.io documentation, I wrote a squid proxy configuration that allow me to stuck on that site while study.
This PoC is meant to be run on minikube so you must have it installed and running on your computer. Just apply the yaml file with
kubectl apply -f squid.yaml
It use the following images on Docker Hub
After resource creation on Kubernetes, you need to configure your browser to use a proxy with a custom certificate to access the Internet.
You can extract the custom certificate from the running squid with (example)
]$ kubectl get pods -l app=squid
NAME READY STATUS RESTARTS AGE
squid-764554f67f-9hcrl 1/1 Running 0 36m
]$ kubectl cp squid-764554f67f-9hcrl:/etc/squid/cert/squid-ca-cert.pem /tmp/squid-ca-cert.pem
The proxy is reachable from your computer at MinikubeIp:NodePort. Example:
]$ kubectl get svc -l app=squid
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
squid NodePort 10.98.172.39 <none> 3128:32347/TCP 54m
]$ minikube ip
192.168.39.230
HTTP proxy address in the example is 192.168.39.230:32347
- Configure your HTTP and HTTPS proxy to MinikubeIp:NodePort (do not forget HTTPS or the filter won't work)
- Load the squid-ca-cert.pem in your certification authorities list
- Extra Tip: you can use a custom profile in your browser only for that, e.g. with
firefox -P
- You can monitor squid logs with
kubectl logs -f -l app=squid - URL filter is customized to include resources coming from external sites into kubernetes.io site. This may change in future.
- This configuration allow access to https://kubernetes.io/docs/ and https://kubernetes.io/search/ only. Other sections like blog are forbidden.