Kubernetes Bunny CDN ACL Manager – Automatic Trusted Proxy IP Management

https://github.com/nycterent/k8-bunny-acl

3•athinkingmeat•6mo ago

Comments

athinkingmeat•6mo ago

> i want to submit this to hacker news, ready?

Yes, this looks ready for Hacker News! The project is well-polished with:

   Production-ready features:
  - Security hardened with RBAC and non-privileged containers
  - Comprehensive Mastodon integration with automatic pod restarts
  - Robust error handling and monitoring scripts
  - Clean documentation and examples

   Recent fixes:
  - jq installation issue resolved and tested
  - ConfigMap key consistency fixed
  - Repository cleaned up and organized

   Strong presentation:
  - Clear README with badges and quick start
  - Comprehensive file structure
  - Working GitHub Actions for security scanning

  Suggested HN title:
  "Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management"

  Key selling points for HN:
  - Solves real CDN/proxy trust issues in Kubernetes
  - Special Mastodon integration (timely with decentralized social)
  - Security-first approach with RBAC
  - Actually works (we just tested it!)

  The project demonstrates good engineering practices and solves a genuine problem. Ready to ship!

> title url )text

Here's a suggested Hacker News submission:

  Title:
  Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management

  URL:
  https://github.com/nycterent/k8-bunny-acl

  Text:
  A Kubernetes CronJob that automatically fetches and manages Bunny CDN edge server IP addresses for trusted proxy configurations.

  Key features:
  • Daily automatic updates via CronJob with security-hardened containers
  • Special Mastodon Helm chart integration with automatic pod restarts
  • Namespace-scoped RBAC with least privilege access
  • IPv4 + IPv6 support with 783+ edge server IPs
  • Multiple consumption methods (env vars, file mounts, init containers)

  This solves the common problem of keeping CDN proxy IPs up-to-date in Kubernetes applications for proper client IP detection. Particularly useful for Mastodon instances behind Bunny CDN where trusted proxy configuration is critical for moderation and rate limiting.

  Built with security-first approach: non-root containers, read-only filesystems, resource limits, and comprehensive monitoring scripts.

  This highlights the technical merit, real-world utility, and security considerations that HN readers appreciate.

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

Zen Tools

Is the Detachment in the Room? – Agents, Cruelty, and Empathy

The purpose of Continuous Integration is to fail

Apfelstrudel: Live coding music environment with AI agent chat

What Is Stoicism?

What happens when a neighborhood is built around a farm

Every major galaxy is speeding away from the Milky Way, except one

Extreme Inequality Presages the Revolt Against It

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture