An EKS cluster that routes all internet traffic through a Squid proxy.
1. Setup a key pair
Create a key pair with the name eks-with-proxy-sample in your AWS account.
If you already have a key pair configured, change the KEY_PAIR_NAME variable within src/constants.ts to match your key pair name.
2. Install dependencies with Yarn v1
yarn install3. Create the bootstrap stack in your AWS account This only needs to be ran once per account/region.
yarn bootstrap4. Build Cloudformation files
yarn build5. Deploy Vpc and ProxyInstance Stacks
yarn deploy Vpc ProxyInstance6. Setup a proxy server on the EC2 instance
Setup the proxy server you'd like to use to proxy the EKS cluster's onEvent lambda requests.
See "Setup Squid Proxy on the EC2 instance" for an example setup.
7. Deploy EKS Cluster Stack
yarn deploy EksClusterSquid should already be installed on the EC2 instance.
1. SSH into the EC2 instance
ssh -i ~/.ssh/eks-with-proxy-sample.pem ubuntu@<public-ip>2. Access elevated privilages
sudo su3. Edit Squid configuration
nano /etc/squid/squid.conf-
Replace
http_access deny allwithhttp_access allow all -
Add the following to the top of the file:
# Authentication configuration auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
4. Create password for proxy user
touch /etc/squid/passwd
htpasswd /etc/squid/passwd user1
# Provide the password `user1` when prompted.5. Restart Squid
systemctl restart squid6. Tail the proxy logs to watch request traffic
tail -f /var/log/squid/access.log