GatewayHost
GatewayHost CRD
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: gatewayhosts.enroute.saaras.io
labels:
component: gatewayhost
spec:
group: enroute.saaras.io
version: v1
scope: Namespaced
names:
plural: gatewayhosts
kind: GatewayHost
additionalPrinterColumns:
- name: FQDN
type: string
description: Fully qualified domain name
JSONPath: .spec.virtualhost.fqdn
- name: TLS Secret
type: string
description: Secret with TLS credentials
JSONPath: .spec.virtualhost.tls.secretName
- name: First route
type: string
description: First routes defined
JSONPath: .spec.routes[0].match
- name: Status
type: string
description: The current status of the GatewayHost
JSONPath: .status.currentStatus
- name: Status Description
type: string
description: Description of the current status
JSONPath: .status.description
GatewayHost Example
---
apiVersion: enroute.saaras.io/v1
kind: GatewayHost
metadata:
labels:
app: httpbin
name: httpbin
namespace: enroute-gw-k8s
spec:
virtualhost:
fqdn: demo.saaras.io
tls:
secretName: tls-secret-v0.3.0-httpbin-local
filters:
- name: luatestfilter
type: http_filter_lua
routes:
- match: /
services:
- name: httpbin
port: 80
filters:
- name: rl2
type: route_filter_ratelimit
---
GlobalConfig
GlobalConfig CRD
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: globalconfigs.enroute.saaras.io
labels:
component: globalconfig
spec:
group: enroute.saaras.io
version: v1
scope: Namespaced
names:
plural: globalconfigs
kind: GlobalConfig
---
GlobalConfig Example
apiVersion: enroute.saaras.io/v1
kind: GlobalConfig
metadata:
labels:
app: httpbin
name: rl-global-config
namespace: enroute-gw-k8s
spec:
name: rl-global-config
type: globalconfig_ratelimit
config: |
{
"domain": "enroute",
"descriptors": [
{
"key": "x-app-key",
"value" : "x-app-notfound",
"descriptors": [
{
"key" : "remote_address",
"rate_limit": {
"unit": "second",
"requests_per_unit": 0
}
}
]
},
{
"key": "x-app-key",
"descriptors": [
{
"key" : "remote_address",
"rate_limit": {
"unit": "second",
"requests_per_unit": 100000
}
}
]
}
]
}
---
RouteFilter
RouteFilter CRD
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: routefilters.enroute.saaras.io
labels:
component: routefilter
spec:
group: enroute.saaras.io
version: v1
scope: Namespaced
names:
plural: routefilters
kind: RouteFilter
---
RouteFilter Example
apiVersion: enroute.saaras.io/v1
kind: RouteFilter
metadata:
labels:
app: httpbin
name: rl2
namespace: enroute-gw-k8s
spec:
name: rl2
type: route_filter_ratelimit
routeFilterConfig:
config: |
{
"descriptors": [
{
"request_headers": {
"header_name": "x-app-key",
"descriptor_key": "x-app-key"
}
},
{
"remote_address": "{}"
}
]
}
---
HttpFilter
HttpFilter CRD
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: httpfilters.enroute.saaras.io
labels:
component: httpfilter
spec:
group: enroute.saaras.io
version: v1
scope: Namespaced
names:
plural: httpfilters
kind: HttpFilter
---
HttpFilter Example
apiVersion: enroute.saaras.io/v1
kind: HttpFilter
metadata:
labels:
app: httpbin
name: luatestfilter
namespace: enroute-gw-k8s
spec:
name: luatestfilter
type: http_filter_lua
httpFilterConfig:
config: |
function get_api_key(path, q_param_name)
-- path = "/?api-key=valid-key"
s, e = string.find(path, "?")
if s ~= nil then
for pre, q_params in string.gmatch(path, "(%S+)?(%S+)") do
-- print(pre, q_params, path, s, e)
for k, v in string.gmatch(q_params, "(%S+)=(%S+)") do
print(k, v)
if k == q_param_name then
return v
end
end
end
end
return nil
end
function envoy_on_request(request_handle)
request_handle:logInfo("Begin: envoy_on_request()");
hdr_x_app_key = "x-app-key"
hdr_x_app_not_found = "x-app-notfound"
q_param_name = "api-key"
-- extract API key from header "x-app-key"
headers = request_handle:headers()
header_value = headers:get(hdr_x_app_key)
if header_value ~= nil then
request_handle:logInfo("envoy_on_request() API Key from header "..header_value);
else
request_handle:logInfo("envoy_on_request() API Key in header is nil");
end
-- extract API key from query param "api-key"
path_in = headers:get(":path")
api_key = get_api_key(path_in, q_param_name)
if api_key ~= nil then
request_handle:logInfo("envoy_on_request() API Key from query param "..api_key);
else
request_handle:logInfo("envoy_on_request() API Key from query param is nil");
end
-- If API key found, do nothing
-- else set header x-app-key:x-app-notfound
if header_value == nil then
if api_key == nil then
headers:add(hdr_x_app_key, hdr_x_app_not_found)
else
headers:add(hdr_x_app_key, api_key)
end
end
request_handle:logInfo("End: envoy_on_request()");
end
function envoy_on_response(response_handle)
response_handle:logInfo("Begin: envoy_on_response()");
response_handle:logInfo("End: envoy_on_response()");
end
---
RBAC
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: enroute
namespace: enroute-gw-k8s
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: enroute
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: enroute
subjects:
- kind: ServiceAccount
name: enroute
namespace: enroute-gw-k8s
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: enroute
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups: ["enroute.saaras.io"]
resources: ["gatewayhosts", "globalconfigs", "httpfilters", "routefilters", "tlscertificatedelegations"]
verbs:
- get
- list
- watch
- put
- post
- patch
---
Namespace
---
apiVersion: v1
kind: Namespace
metadata:
name: enroute-gw-k8s
---
