Kubernetes API Reference

GatewayHost

GatewayHost CRD
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: gatewayhosts.enroute.saaras.io
  labels:
    component: gatewayhost
spec:
  group: enroute.saaras.io
  version: v1beta1
  scope: Namespaced
  names:
    plural: gatewayhosts
    kind: GatewayHost
  additionalPrinterColumns:
    - name: FQDN
      type: string
      description: Fully qualified domain name
      JSONPath: .spec.virtualhost.fqdn
    - name: TLS Secret
      type: string
      description: Secret with TLS credentials
      JSONPath: .spec.virtualhost.tls.secretName
    - name: First route
      type: string
      description: First routes defined
      JSONPath: .spec.routes[0].match
    - name: Status
      type: string
      description: The current status of the GatewayHost
      JSONPath: .status.currentStatus
    - name: Status Description
      type: string
      description: Description of the current status
      JSONPath: .status.description
GatewayHost Example
---
apiVersion: enroute.saaras.io/v1beta1
kind: GatewayHost
metadata:
  labels:
    app: httpbin
  name: httpbin
  namespace: enroute-gw-k8s
spec:
  virtualhost:
    fqdn: demo.saaras.io
    tls:
      secretName: tls-secret-v0.3.0-httpbin-local
    filters:
      - name: luatestfilter
        type: http_filter_lua
  routes:
    - match: /
      services:
        - name: httpbin
          port: 80
      filters:
        - name: rl2
          type: route_filter_ratelimit
---

GlobalConfig

GlobalConfig CRD
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: globalconfigs.enroute.saaras.io
  labels:
    component: globalconfig
spec:
  group: enroute.saaras.io
  version: v1beta1
  scope: Namespaced
  names:
    plural: globalconfigs
    kind: GlobalConfig
---
GlobalConfig Example
apiVersion: enroute.saaras.io/v1beta1
kind: GlobalConfig
metadata:
  labels:
    app: httpbin
  name: rl-global-config
  namespace: enroute-gw-k8s
spec:
  name: rl-global-config
  type: globalconfig_ratelimit
  config: |
        {
            "domain": "enroute",
            "descriptors": [
                {
                    "key": "x-app-key",
                    "value" : "x-app-notfound",

                    "descriptors": [
                        {
                            "key" : "remote_address",
                            "rate_limit": {
                                "unit": "second",
                                "requests_per_unit": 0
                            }
                        }
                    ]
                },
                {
                    "key": "x-app-key",
                    "descriptors": [
                        {
                            "key" : "remote_address",
                            "rate_limit": {
                                "unit": "second",
                                "requests_per_unit": 100000
                            }
                        }
                    ]
                }
            ]
        }
---

RouteFilter

RouteFilter CRD
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: routefilters.enroute.saaras.io
  labels:
    component: routefilter
spec:
  group: enroute.saaras.io
  version: v1beta1
  scope: Namespaced
  names:
    plural: routefilters
    kind: RouteFilter
---
RouteFilter Example
apiVersion: enroute.saaras.io/v1beta1
kind: RouteFilter
metadata:
  labels:
    app: httpbin
  name: rl2
  namespace: enroute-gw-k8s
spec:
  name: rl2
  type: route_filter_ratelimit
  routeFilterConfig:
    config: |
        {
            "descriptors": [
              {
                "request_headers": {
                  "header_name": "x-app-key",
                  "descriptor_key": "x-app-key"
                }
              },
              {
                "remote_address": "{}"
              }
            ]
        }
---

HttpFilter

HttpFilter CRD
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: httpfilters.enroute.saaras.io
  labels:
    component: httpfilter
spec:
  group: enroute.saaras.io
  version: v1beta1
  scope: Namespaced
  names:
    plural: httpfilters
    kind: HttpFilter
---
HttpFilter Example
apiVersion: enroute.saaras.io/v1beta1
kind: HttpFilter
metadata:
  labels:
    app: httpbin
  name: luatestfilter
  namespace: enroute-gw-k8s
spec:
  name: luatestfilter
  type: http_filter_lua
  httpFilterConfig:
    config: |
        function get_api_key(path, q_param_name)
            -- path = "/?api-key=valid-key"
            s, e = string.find(path, "?")
            if s ~= nil then
              for pre, q_params in string.gmatch(path, "(%S+)?(%S+)") do
                -- print(pre, q_params, path, s, e)
                for k, v in string.gmatch(q_params, "(%S+)=(%S+)") do
                  print(k, v)
                  if k == q_param_name then
                    return v
                  end
                end
              end
            end

            return nil
        end

        function envoy_on_request(request_handle)
           request_handle:logInfo("Begin: envoy_on_request()");

           hdr_x_app_key = "x-app-key"
           hdr_x_app_not_found = "x-app-notfound"
           q_param_name = "api-key"

           -- extract API key from header "x-app-key"
           headers = request_handle:headers()
           header_value = headers:get(hdr_x_app_key)

           if header_value ~= nil then
             request_handle:logInfo("envoy_on_request() API Key from header "..header_value);
           else
             request_handle:logInfo("envoy_on_request() API Key in header is nil");
           end

           -- extract API key from query param "api-key"
           path_in = headers:get(":path")
           api_key = get_api_key(path_in, q_param_name)

           if api_key ~= nil then
             request_handle:logInfo("envoy_on_request() API Key from query param "..api_key);
           else
             request_handle:logInfo("envoy_on_request() API Key from query param is nil");
           end

           -- If API key found, do nothing
           -- else set header x-app-key:x-app-notfound
           if header_value == nil then
               if api_key == nil then
                 headers:add(hdr_x_app_key, hdr_x_app_not_found)
               else
                 headers:add(hdr_x_app_key, api_key)
               end
           end

           request_handle:logInfo("End: envoy_on_request()");

        end

        function envoy_on_response(response_handle)
           response_handle:logInfo("Begin: envoy_on_response()");
           response_handle:logInfo("End: envoy_on_response()");
        end
---

RBAC

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: enroute
  namespace: enroute-gw-k8s
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: enroute
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: enroute
subjects:
- kind: ServiceAccount
  name: enroute
  namespace: enroute-gw-k8s
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: enroute
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups: ["enroute.saaras.io"]
  resources: ["gatewayhosts", "globalconfigs", "httpfilters", "routefilters", "tlscertificatedelegations"]
  verbs:
  - get
  - list
  - watch
  - put
  - post
  - patch
---

Namespace

---
apiVersion: v1
kind: Namespace
metadata:
  name: enroute-gw-k8s
---