Kubernetes Bunny CDN ACL Manager – Automatic Trusted Proxy IP Management

https://github.com/nycterent/k8-bunny-acl

3•athinkingmeat•6mo ago

Comments

athinkingmeat•6mo ago

> i want to submit this to hacker news, ready?

Yes, this looks ready for Hacker News! The project is well-polished with:

   Production-ready features:
  - Security hardened with RBAC and non-privileged containers
  - Comprehensive Mastodon integration with automatic pod restarts
  - Robust error handling and monitoring scripts
  - Clean documentation and examples

   Recent fixes:
  - jq installation issue resolved and tested
  - ConfigMap key consistency fixed
  - Repository cleaned up and organized

   Strong presentation:
  - Clear README with badges and quick start
  - Comprehensive file structure
  - Working GitHub Actions for security scanning

  Suggested HN title:
  "Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management"

  Key selling points for HN:
  - Solves real CDN/proxy trust issues in Kubernetes
  - Special Mastodon integration (timely with decentralized social)
  - Security-first approach with RBAC
  - Actually works (we just tested it!)

  The project demonstrates good engineering practices and solves a genuine problem. Ready to ship!

> title url )text

Here's a suggested Hacker News submission:

  Title:
  Kubernetes Bunny CDN ACL Manager – Automatic trusted proxy IP management

  URL:
  https://github.com/nycterent/k8-bunny-acl

  Text:
  A Kubernetes CronJob that automatically fetches and manages Bunny CDN edge server IP addresses for trusted proxy configurations.

  Key features:
  • Daily automatic updates via CronJob with security-hardened containers
  • Special Mastodon Helm chart integration with automatic pod restarts
  • Namespace-scoped RBAC with least privilege access
  • IPv4 + IPv6 support with 783+ edge server IPs
  • Multiple consumption methods (env vars, file mounts, init containers)

  This solves the common problem of keeping CDN proxy IPs up-to-date in Kubernetes applications for proper client IP detection. Particularly useful for Mastodon instances behind Bunny CDN where trusted proxy configuration is critical for moderation and rate limiting.

  Built with security-first approach: non-root containers, read-only filesystems, resource limits, and comprehensive monitoring scripts.

  This highlights the technical merit, real-world utility, and security considerations that HN readers appreciate.

Goal: Ship 1M Lines of Code Daily

Show HN: Codex-mem, 90% fewer tokens for Codex

FastLangML: FastLangML:Context‑aware lang detector for short conversational text

LineageOS 23.2

Crypto Deposit Frauds

Substack makes money from hosting Nazi newsletters

Framing an LLM as a safety researcher changes its language, not its judgement

Are there anyone interested about a creator economy startup

Show HN: Skill Lab – CLI tool for testing and quality scoring agent skills

2003: What is Google's Ultimate Goal? [video]

Roger Ebert Reviews "The Shawshank Redemption"

Busy Months in KDE Linux

Zram as Swap

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

Nvidia CEO Says AI Capital Spending Is Appropriate, Sustainable

Show HN: StyloShare – privacy-first anonymous file sharing with zero sign-up

Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life

Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation

The Highest Exam: How the Gaokao Shapes China

Open-source framework for tracking prediction accuracy

India's Sarvan AI LLM launches Indic-language focused models

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw respond in Scarlett Johansson’s AI Voice from the Film Her

CReact Version 0.3.0 Released

Show HN: CReact – AI Powered AWS Website Generator

The rocky 1960s origins of online dating (2025)

Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents

Why there is no official statement from Substack about the data leak

Effects of Zepbound on Stool Quality

Show HN: Seedance 2.0 – The Most Powerful AI Video Generator