►
From YouTube: GitLab Workspaces - Central Auth Proxy Discovery Demo
Description
In this video, I show how we've adopted the proxy to discover Kubernetes targets. So, if we use either DWO or Devfile library to generate deployments, services - the central proxy will automatically discover those services and protect those endpoints with authentication.
A
Hi
everyone
I
wanted
to
give
you
a
quick
update
on
the
progress
of
the
auth
proxy
that
I've
been
working
on,
so
what
I've
really
been
doing
is
working
on
the
central
proxy
design
and
and
trying
to
work
with
that.
First
now,
if
the
security
team
comes
back
and
says
that
hey,
we
need
to
do
a
sidecar.
A
Instead,
we
may
move
in
that
direction,
but
we're
still
waiting
for
the
output
of
those
conversations,
so
in
the
meanwhile
I
thought
I'd
record
of
what
I'm
working
on
so
that
you
guys
know.
You
know
exactly
what
I've
been
I've
been
up
to
so
essentially
the
central
proxy
design
discovers
workspaces
as
they
come
along,
and
so,
as
dwo
and
later
you
know,
our
non-dw
approach
generates
workspaces.
A
What
what
the
the
proxy
does
is?
It
discovers
endpoints
or
services
that
have
been
created
and
then
automatically
creates
requests
for
them,
so
it
automatically
proxies
those
and
protects
those
with
authentication
at
the
moment.
I
have
not
added
authorization
of
them
as
of
yet,
but
you
know
that's
soon
to
come
so
very
quickly,
I'm
going
to
go
ahead
and
clear
this.
A
If
I
look
at
any
Dev
workspaces
at
the
moment,
there's
nothing
so
I
can
go
ahead
and
apply
our
our
example
with
ttyd
and
the
workspace,
and
so
that
should
start
getting
created,
and
you
say
this
is
waiting
for
workspace
deployment.
So
bwo
is
creating
that
workspace.
A
So
what's
happening
behind
the
scenes
here
in
the
proxy,
you
see
it's
discovered
as
we
created
that
workspace
and
discovered
the
new
Upstream.
So
it
discovered
not
only
the
Upstream
which
led
to
my
workspace,
but
it
also
discovered
any
open
ports
I
had
so.
If
I
go
back
and
quickly,
look
at
that
that
workspace
yeah,
you
can
see
that
I
have
the
container
and
the
container
does
have
these
ports
endpoints
open
here
and
therefore
it
you
know,
the
the
proxy
will
automatically
protect
those.
A
And
so,
if
I
look
here,
you
can
see
that
the
proxy
has
started
to
detect
those
endpoints.
So
hopefully
it
should
be
up
now
now,
so
I
can
go
ahead
and
actually
open
that
up
in
now,
I'll
first
open
this
up
in
a
little
window.
So
you
see
the
actual
login
request
in
fact.
Do
that
you
can
see
ignore
this
error,
it's
something
in
my
GDK,
but
I
can
go
ahead
and
log
in
I.
It
does
not.
Let
me
access
the
workspace
until
I've
logged
in
once.
A
A
So
I've
got
a
server.js
here,
which
just
starts
a
very
simple
node.js
server.
So
I'm
going
to
go
ahead
and
run
that
and
so
now
the
server
is
running
so
I
could
actually
take
that
same
route.
I
could
open
an
incognito
window
within
my
endpoint.
A
And
do
that
and
now
again
will
be
protected
by
by
the
proxy
server,
and
so
it
would
redirect
me
to
my
login
screen
and
gitlab
I
would
have
to
sign
in
and
only
then
can
I
actually
see
the
hello
world.
So
it's
not
just
the
IDE
that's
protected
by
this
proxy,
but
it's
also
any
other
bot.
That's
opened,
so
that's
also
protected
by
the
proxy.
A
Thank
you
for
listening.
That's
all.