Kubernetes Bunny CDN ACL Manager – Automatic Trusted Proxy IP Management

https://github.com/nycterent/k8-bunny-acl

2•athinkingmeat•2h ago

Comments

athinkingmeat•2h ago

> i want to submit this to hacker news, ready?

Yes, this looks ready for Hacker News! The project is well-polished with:

   Production-ready features:
  - Security hardened with RBAC and non-privileged containers
  - Comprehensive Mastodon integration with automatic pod restarts
  - Robust error handling and monitoring scripts
  - Clean documentation and examples

   Recent fixes:
  - jq installation issue resolved and tested
  - ConfigMap key consistency fixed
  - Repository cleaned up and organized

   Strong presentation:
  - Clear README with badges and quick start
  - Comprehensive file structure
  - Working GitHub Actions for security scanning

  Suggested HN title:
  "Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management"

  Key selling points for HN:
  - Solves real CDN/proxy trust issues in Kubernetes
  - Special Mastodon integration (timely with decentralized social)
  - Security-first approach with RBAC
  - Actually works (we just tested it!)

  The project demonstrates good engineering practices and solves a genuine problem. Ready to ship!

> title url )text

Here's a suggested Hacker News submission:

  Title:
  Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management

  URL:
  https://github.com/nycterent/k8-bunny-acl

  Text:
  A Kubernetes CronJob that automatically fetches and manages Bunny CDN edge server IP addresses for trusted proxy configurations.

  Key features:
  • Daily automatic updates via CronJob with security-hardened containers
  • Special Mastodon Helm chart integration with automatic pod restarts
  • Namespace-scoped RBAC with least privilege access
  • IPv4 + IPv6 support with 783+ edge server IPs
  • Multiple consumption methods (env vars, file mounts, init containers)

  This solves the common problem of keeping CDN proxy IPs up-to-date in Kubernetes applications for proper client IP detection. Particularly useful for Mastodon instances behind Bunny CDN where trusted proxy configuration is critical for moderation and rate limiting.

  Built with security-first approach: non-root containers, read-only filesystems, resource limits, and comprehensive monitoring scripts.

  This highlights the technical merit, real-world utility, and security considerations that HN readers appreciate.

HN: Timeuntil.net – Countdown Tool

Show HN: Free disposable email checker API

I saved a PNG image to a bird [video]

The Case Against Social Media Is Weaker Than You Think

He Read (At Least) 3,599 Books in His Lifetime. Now Anyone Can See His List

A mysterious LLC is using a 300-year-old law to target D.C. sports betting

Why Neural Networks Can Discover Symbolic Structures

Show HN: Windows 7 GUI for the Web

Ronald Read

Vibe/AI coding is going to bolster local first software and self hosting

AI helps Latin scholars decipher ancient Roman texts

Contextualizing ancient texts with generative neural networks

Python: From Async/Await to Virtual Threads

Evergreen Funding

Inspired by elephant ears, new wall design could help buildings stay cool

Ask HN: What Are You Working On? (July 2025)

The Quality of CPI Data Continues to Deteriorate

Ask HN: Looking for a PM or Ops Role After Founding Two Startups

Show HN: Analytics for Your MCP Server

Linode is freekin down today:(

HTML Day 2025

Tom Lehrer, Musical Satirist with a Dark Streak, Dies at 97

Brazil's mysterious tunnels made by giant sloths

DHH on AI, vibe coding and the future of programming

Statistical Interpretation of Entropy

Sergey Prokudin-Gorsky – early 20th century color photographer

Book Review: Influence by Cialdini

North Korea's Pandemic 'Miracle' Was a Deadly Lie, Report Says

Instrumenting Next.js with runtime secret injection

Show HN: PostMold – Generate AI-powered social posts tailored for each platform