deploy template and run as restricted user

This commit is contained in:
Tobias Brunner 2020-05-27 21:35:43 +02:00
parent a83837873b
commit b204248d88
3 changed files with 374 additions and 0 deletions

169
ipapi/cm-template.yaml Normal file
View File

@ -0,0 +1,169 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: html-template
data:
index.html: |
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>What is my IP address? &mdash; {{ .Host }}</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="What is my IP address?">
<link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pure/1.0.0/pure-min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pure/1.0.0/grids-responsive-min.css">
<style>
html, .pure-g [class *= "pure-u"] {
background-color: white;
font-family: "Open Sans", sans-serif;
}
pre {
font-family: "Monaco", "Menlo", "Consolas", "Courier New", monospace;
white-space: pre-wrap; /* Since CSS 2.1 */
white-space: -moz-pre-wrap; /* Mozilla, since 1999 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: -o-pre-wrap; /* Opera 7 */
word-wrap: break-word;
}
body {
margin-left: auto;
margin-right: auto;
max-width: 80%;
margin-bottom: 10px;
}
a {
background: #e3e3e3;
text-decoration: none;
color: #000;
}
a:hover, active {
background: #d7d7d7;
}
.ip {
border: 1px solid #cbcbcb;
background: #f2f2f2;
font-size: 36px;
padding: 6px;
}
svg.github-corner {
fill: #151513;
color: #fff;
}
.footer {
margin-top: 34px;
border-top: 1px solid #cbcbcb;
}
@media (prefers-color-scheme: dark) {
html, .pure-g [class *= "pure-u"], a {
background-color: #161719;
color:#d8d9da;
text-decoration: none;
}
.ip {
border: 1px solid #313233;
background: #212223;
}
.footer {
color: #8e8e8e !important;
border-top: 1px solid #313233;
}
a {
background: #313233;
}
a:hover, active {
background: #3d3e3f;
}
svg.github-corner {
fill: #f8f9fa;
color: #161719;
}
}
</style>
</head>
<body>
<div class="pure-g">
<div class="pure-u-1-1">
<h1>What is my IP address?</h1>
<p><code class="ip">{{ .IP }}</code></p>
</div>
</div>
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-2">
{{ if .Country }}
<h2>Country lookup</h2>
<pre>
$ http {{ .Host }}/country
{{ .Country }}
$ http {{ .Host }}/country-iso
{{ .CountryISO }}</pre>
{{ end }}
{{ if .City }}
<h2>City lookup</h2>
<pre>
$ http {{ .Host }}/city
{{ .City }}</pre>
{{ end }}
{{ if .ASN }}
<h2>ASN lookup</h2>
<pre>
$ http {{ .Host }}/asn
{{ .ASN }}
{{ if .ASNOrg }}</pre>
<p>Looks like you're with {{ .ASNOrg }}</p>
{{ end }}
{{ end }}
</div>
<div class="pure-u-1 pure-u-md-1-2">
<h2>JSON output</h2>
<pre>
$ http {{ .Host }}/json
{{ .JSON }}</pre>
{{ if .Port }}
<h2>All endpoints</h2>
<pre>
{{ .Host }}
{{ .Host }}/ip
{{ .Host }}/json
{{ .Host }}/country
{{ .Host }}/country-iso
{{ .Host }}/city
{{ .Host }}/asn
{{ .Host }}/coordinates
{{ .Host }}/port/$number
</pre>
{{ end }}
</div>
{{ if .City }}
<div class="pure-u-1 pure-u-md-1-1">
<h2>Map</h2>
<iframe width="100%" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://www.openstreetmap.org/export/embed.html?bbox={{ .BoxLonLeft }}%2C{{ .BoxLatBottom }}%2C{{ .BoxLonRight }}%2C{{ .BoxLatTop }}&amp;layer=mapnik&amp;marker={{ .Latitude }}%2C{{ .Longitude }}"></iframe>
</div>
{{ end }}
<div class="pure-u-1 pure-u-md-1-2">
<h2>FAQ</h2>
<h3>Why is IPv6 not supported?</h3>
<p>This service runs on k3s which currently doesn't support IPv6.
see:
<ul>
<li><a href="https://github.com/rancher/k3s/issues/284">#284</a></li>
<li><a href="https://github.com/rancher/k3s/issues/1162">#1162</a></li>
<li><a href="https://github.com/rancher/k3s/issues/1405">#1405</a></li>
</ul>
</p>
</div>
</div>
<a href="https://github.com/mpolden/echoip" class="github-corner"><svg class="github-corner" width="80" height="80" viewBox="0 0 250 250" style="position: fixed; top: 0; border: 0; right: 0;"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
{{ if or .Country .City .ASN .ASNOrg }}
<div class="pure-g">
<div class="pure-u-1-1 footer">
<p><small>This product includes GeoLite2 data created by MaxMind,
available from
<a href="https://www.maxmind.com">https://www.maxmind.com</a>.</small></p>
</div>
</div>
{{ end }}
</body>
</html>

View File

@ -40,6 +40,8 @@ spec:
- -p
- -C
- "1000"
- -t
- /data/template/index.html
ports:
- containerPort: 8080
name: http
@ -47,6 +49,8 @@ spec:
volumeMounts:
- name: geoip
mountPath: /data/geoip
- name: template
mountPath: /data/template
livenessProbe:
httpGet:
path: /health
@ -62,10 +66,16 @@ spec:
limits:
memory: 256Mi
cpu: 300m
securityContext:
runAsUser: 1000
runAsGroup: 1000
volumes:
- name: geoip
persistentVolumeClaim:
claimName: ipapi-geodb
- name: template
configMap:
name: html-template
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}

195
ipapi/index.html Normal file
View File

@ -0,0 +1,195 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>What is my IP address? &mdash; {{ .Host }}</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="What is my IP address?">
<link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pure/1.0.0/pure-min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pure/1.0.0/grids-responsive-min.css">
<style>
html, .pure-g [class *= "pure-u"] {
background-color: white;
font-family: "Open Sans", sans-serif;
}
pre {
font-family: "Monaco", "Menlo", "Consolas", "Courier New", monospace;
white-space: pre-wrap; /* Since CSS 2.1 */
white-space: -moz-pre-wrap; /* Mozilla, since 1999 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: -o-pre-wrap; /* Opera 7 */
word-wrap: break-word;
}
body {
margin-left: auto;
margin-right: auto;
max-width: 80%;
margin-bottom: 10px;
}
a {
background: #e3e3e3;
text-decoration: none;
color: #000;
}
a:hover, active {
background: #d7d7d7;
}
.ip {
border: 1px solid #cbcbcb;
background: #f2f2f2;
font-size: 36px;
padding: 6px;
}
svg.github-corner {
fill: #151513;
color: #fff;
}
.footer {
margin-top: 34px;
border-top: 1px solid #cbcbcb;
}
@media (prefers-color-scheme: dark) {
html, .pure-g [class *= "pure-u"], a {
background-color: #161719;
color:#d8d9da;
text-decoration: none;
}
.ip {
border: 1px solid #313233;
background: #212223;
}
.footer {
color: #8e8e8e !important;
border-top: 1px solid #313233;
}
a {
background: #313233;
}
a:hover, active {
background: #3d3e3f;
}
svg.github-corner {
fill: #f8f9fa;
color: #161719;
}
}
</style>
</head>
<body>
<div class="pure-g">
<div class="pure-u-1-1">
<h1>What is my IP address?</h1>
<p><code class="ip">{{ .IP }}</code></p>
<p>Multiple command line HTTP clients are supported,
including <a href="https://curl.haxx.se/">curl</a>, <a href="https://github.com/jkbrzt/httpie">httpie</a>, <a href="https://www.gnu.org/software/wget/">GNU
Wget</a>
and <a href="https://www.freebsd.org/cgi/man.cgi?fetch(1)">fetch</a>.</p>
</div>
</div>
<div class="pure-g">
<div class="pure-u-1 pure-u-md-1-2">
<h2>CLI examples</h2>
<pre>
$ curl {{ .Host }}
{{ .IP }}
$ http -b {{ .Host }}
{{ .IP }}
$ wget -qO- {{ .Host }}
{{ .IP }}
$ fetch -qo- https://{{ .Host }}
{{ .IP }}
$ bat -print=b {{ .Host }}/ip
{{ .IP }}</pre>
{{ if .Country }}
<h2>Country lookup</h2>
<pre>
$ http {{ .Host }}/country
{{ .Country }}
$ http {{ .Host }}/country-iso
{{ .CountryISO }}</pre>
{{ end }}
{{ if .City }}
<h2>City lookup</h2>
<pre>
$ http {{ .Host }}/city
{{ .City }}</pre>
{{ end }}
{{ if .ASN }}
<h2>ASN lookup</h2>
<pre>
$ http {{ .Host }}/asn
{{ .ASN }}
{{ if .ASNOrg }}</pre>
<p>Looks like you're with {{ .ASNOrg }}</p>
{{ end }}
{{ end }}
</div>
<div class="pure-u-1 pure-u-md-1-2">
<h2>JSON output</h2>
<pre>
$ http {{ .Host }}/json
{{ .JSON }}</pre>
<p>Setting the <code>Accept: application/json</code> header also works as expected.</p>
<h2>Plain output</h2>
<p>Always returns the IP address including a trailing newline, regardless of user agent.</p>
<pre>
$ http {{ .Host }}/ip
{{ .IP }}</pre>
{{ if .Port }}
<h2>Port testing</h2>
<pre>
$ http {{ .Host }}/port/8080
{
"ip": "{{ .IP }}",
"port": 8080,
"reachable": false
}</pre>
{{ end }}
</div>
{{ if .City }}
<div class="pure-u-1 pure-u-md-1-1">
<h2>Map</h2>
<iframe width="100%" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://www.openstreetmap.org/export/embed.html?bbox={{ .BoxLonLeft }}%2C{{ .BoxLatBottom }}%2C{{ .BoxLonRight }}%2C{{ .BoxLatTop }}&amp;layer=mapnik&amp;marker={{ .Latitude }}%2C{{ .Longitude }}"></iframe>
</div>
{{ end }}
<div class="pure-u-1 pure-u-md-1-2">
<h2>FAQ</h2>
<h3>How do I force IPv4 or IPv6 lookup?</h3>
<p>As of 2018-07-25 it's no longer possible to force protocol using
the <i>v4</i> and <i>v6</i> subdomains. IPv4 or IPv6 still can be forced
by passing the appropiate flag to your client, e.g <code>curl -4</code>
or <code>curl -6</code>.</p>
<h3>Is automated use of this service permitted?</h3>
<p>
Yes, as long as the rate limit is respected. The rate limit is in
place to ensure a fair service for all.
</p>
<p>
<em>Please limit automated requests to 1 request per minute</em>. No
guarantee is made for requests that exceed this limit. They may be
rate-limited, with a 429 status code, or dropped entirely.
</p>
<h3>Can I run my own service?</h3>
<p>Yes, the source code and documentation is available on <a href="https://github.com/mpolden/echoip">GitHub</a>.</p>
</div>
</div>
<a href="https://github.com/mpolden/echoip" class="github-corner"><svg class="github-corner" width="80" height="80" viewBox="0 0 250 250" style="position: fixed; top: 0; border: 0; right: 0;"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
{{ if or .Country .City .ASN .ASNOrg }}
<div class="pure-g">
<div class="pure-u-1-1 footer">
<p><small>This product includes GeoLite2 data created by MaxMind,
available from
<a href="https://www.maxmind.com">https://www.maxmind.com</a>.</small></p>
</div>
</div>
{{ end }}
</body>
</html>