I’m trying to run a SSH honeypot (https://github.com/honeytrap/honeytrap) on my Kubrnetes cluster.
I am using a managed Kubernetes (Digital Ocean).
I’m facing a problem - I want to expose port 22 and have the traffic route to my
Pod with the source IP in tact. I also want to be able to see the source IP address for traffic analysis.
Service with on port 22 works - except that the IP showing up on my honeypot is an internal (10.) IP. Not the real source IP that I wanted.
I have tried two methods to get the actual source IP:
- Use NodePort
ports: - port: 22 nodePort: 22 name: "ssh" protocol: TCP
For security reasons, this is restricted:
The Service "honeytrap" is invalid: spec.ports.nodePort: Invalid value: 22: provided port is not in the valid range. The range of valid ports is 30000-32767
- Proxy Protocol
Digital Ocean load balancers offer the “Proxy Protocol”, I tried turning this on:
annotations: service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
But this breaks by SSH honeypot (honeytrap) - if this was nginx (a more cloud native application) I would be OK, but honeytrap does not understand Proxy Protocol.
I know that there are ways around this by managing my own kubernetes cluster (which I don’t want to do), are there any other options?
Kubernetes version: 1.15.2-do.0
Cloud being used: Digital Ocean
Installation method: Digital Ocean
Host OS: Digital Ocean Managed
CNI and version: Digital Ocean Managed
CRI and version: Digital Ocean Managed