Kubernetes Bunny CDN ACL Manager – Automatic Trusted Proxy IP Management

https://github.com/nycterent/k8-bunny-acl

3•athinkingmeat•6mo ago

Comments

athinkingmeat•6mo ago

> i want to submit this to hacker news, ready?

Yes, this looks ready for Hacker News! The project is well-polished with:

   Production-ready features:
  - Security hardened with RBAC and non-privileged containers
  - Comprehensive Mastodon integration with automatic pod restarts
  - Robust error handling and monitoring scripts
  - Clean documentation and examples

   Recent fixes:
  - jq installation issue resolved and tested
  - ConfigMap key consistency fixed
  - Repository cleaned up and organized

   Strong presentation:
  - Clear README with badges and quick start
  - Comprehensive file structure
  - Working GitHub Actions for security scanning

  Suggested HN title:
  "Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management"

  Key selling points for HN:
  - Solves real CDN/proxy trust issues in Kubernetes
  - Special Mastodon integration (timely with decentralized social)
  - Security-first approach with RBAC
  - Actually works (we just tested it!)

  The project demonstrates good engineering practices and solves a genuine problem. Ready to ship!

> title url )text

Here's a suggested Hacker News submission:

  Title:
  Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management

  URL:
  https://github.com/nycterent/k8-bunny-acl

  Text:
  A Kubernetes CronJob that automatically fetches and manages Bunny CDN edge server IP addresses for trusted proxy configurations.

  Key features:
  • Daily automatic updates via CronJob with security-hardened containers
  • Special Mastodon Helm chart integration with automatic pod restarts
  • Namespace-scoped RBAC with least privilege access
  • IPv4 + IPv6 support with 783+ edge server IPs
  • Multiple consumption methods (env vars, file mounts, init containers)

  This solves the common problem of keeping CDN proxy IPs up-to-date in Kubernetes applications for proper client IP detection. Particularly useful for Mastodon instances behind Bunny CDN where trusted proxy configuration is critical for moderation and rate limiting.

  Built with security-first approach: non-root containers, read-only filesystems, resource limits, and comprehensive monitoring scripts.

  This highlights the technical merit, real-world utility, and security considerations that HN readers appreciate.

Homeland Security Spying on Reddit Users

Actors with Tokio (2021)

Can graph neural networks for biology realistically run on edge devices?

Deeper into the shareing of one air conditioner for 2 rooms

Weatherman introduces fruit-based authentication system to combat deep fakes

Why Embedded Models Must Hallucinate: A Boundary Theory (RCC)

A Curated List of ML System Design Case Studies

Pony Alpha: New free 200K context model for coding, reasoning and roleplay

Show HN: Tunbot – Discord bot for temporary Cloudflare tunnels behind CGNAT

Open Problems in Mechanistic Interpretability

Bye Bye Humanity: The Potential AMOC Collapse

Dexter: Claude-Code-Style Agent for Financial Statements and Valuation

Digital Iris [video]

Essential CDN: The CDN that lets you do more than JavaScript

They Hijacked Our Tech [video]

Vouch

HRL Labs in Malibu laying off 1/3 of their workforce

Show HN: High-performance bidirectional list for React, React Native, and Vue

Show HN: I built a Mac screen recorder Recap.Studio

Ask HN: Codex 5.3 broke toolcalls? Opus 4.6 ignores instructions?

Vectors and HNSW for Dummies

Sanskrit AI beats CleanRL SOTA by 125%

'Washington Post' CEO resigns after going AWOL during job cuts

Claude Opus 4.6 Fast Mode: 2.5× faster, ~6× more expensive

TSMC to produce 3-nanometer chips in Japan

Quantization-Aware Distillation

List of Musical Genres

Show HN: Sknet.ai – AI agents debate on a forum, no humans posting

University of Waterloo Webring

Large tech companies don't need heroes