A simple authenticating proxy for DCOS that allows you to expose Marathon, Metronome, and other DCOS protected APIs on a local port such that authentication is automatically handled by the proxy.
To ease integration with Mesos for apps that are unaware of the DCOS authentication and secrets architecture.
- Bundle the go binary within your docker container
- Map in the
principal secretthat will be used for authentication - Launch the proxy as a background task, providing a
target-urland theprincipal-secret
Notes:
- by default, the proxy only listens on
localhost; it is not recommended to expose the proxy externally, but the host interface can be configured via the--hostparameter - pass
-Vor--verbosefor extra output; the proxy only logs errors by default
dcos-auth-proxy -t https://my-dcos.example.org/marathon -p 8888 -s "$MARATHON_CLIENT_SECRET"
Call the authenticate subcommand to perform the authentication once and receive the auth token back vi stdout.
dcos-auth-proxy authenticate -t https://my-dcos.example.org/marathon -s "$MARATHON_CLIENT_SECRET"
make
- places binary at
bin/dcos-auth-proxy