playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(proxy): allow CONNECT tunnels to Kubernetes API server port 6443

Browse source
This commit is contained in:
docker-claude 2026-04-15 08:49:11 +02:00
parent 1c01d49f51
commit 659fb3f339
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
proxy/squid.conf
View file

@ -18,10 +18,15 @@ coredump_dir /var/cache/squid
# ─── ACL Definitions ────────────────────────────────────────────────────────── # ─── ACL Definitions ──────────────────────────────────────────────────────────
acl SSL_ports port 443 acl SSL_ports port 443
acl SSL_ports port 6443 # Kubernetes API server
acl Safe_ports port 80 acl Safe_ports port 80
acl Safe_ports port 443 acl Safe_ports port 443
acl Safe_ports port 6443 # Kubernetes API server
acl CONNECT method CONNECT acl CONNECT method CONNECT
# Kubernetes API server — allow CONNECT tunnels to any cluster endpoint on :6443
acl kubectl_api port 6443
# ─── Egress allowlist ───────────────────────────────────────────────────────── # ─── Egress allowlist ─────────────────────────────────────────────────────────
# Add domains here as needed. Leading dot matches all subdomains. # Add domains here as needed. Leading dot matches all subdomains.
acl allowed_sites dstdomain api.anthropic.com acl allowed_sites dstdomain api.anthropic.com
@ -43,6 +48,9 @@ http_access deny CONNECT !SSL_ports
# Allow HTTPS tunnels only to allowlisted destinations # Allow HTTPS tunnels only to allowlisted destinations
http_access allow CONNECT allowed_sites http_access allow CONNECT allowed_sites
# Allow kubectl to reach any Kubernetes API server on the standard port
http_access allow CONNECT kubectl_api
# Allow plain HTTP only to allowlisted destinations # Allow plain HTTP only to allowlisted destinations
http_access allow allowed_sites http_access allow allowed_sites