TrustGate is a secure reverse proxy that implements zero trust principles for accessing internal services. It provides OAuth2 authentication, policy-based access control, and comprehensive monitoring.
- OAuth2 Authentication (Google/GitHub SSO)
- Policy-based Access Control
- JWT Token Management
- Prometheus Metrics
- TLS Support
- Kubernetes Deployment Ready
- Go 1.21 or later
- Kubernetes cluster
- OAuth2 credentials (Google/GitHub)
- TLS certificates
Create a config.yaml file with the following structure:
server:
port: 8080
tls:
enabled: true
cert_file: "cert.pem"
key_file: "key.pem"
oauth:
provider: "google" # or "github"
client_id: "your-client-id"
client_secret: "your-client-secret"
redirect_url: "https://your-domain/oauth/callback"
proxy:
target_url: "http://internal-service:8080"
allowed_ips: ["10.0.0.0/8"]
allowed_emails: ["[email protected]"]
jwt:
secret: "your-jwt-secret"
expiration: 3600 # in secondsgo build -o trustgate./trustgateSee the k8s directory for deployment manifests.
Prometheus metrics are available at /metrics endpoint.
MIT