This repository has been archived by the owner on Jul 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathgateway-dbless-demo.yaml
183 lines (182 loc) · 4.36 KB
/
gateway-dbless-demo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
apiVersion: v1
kind: Service
metadata:
labels:
app: gateway
name: gateway-demo
spec:
loadBalancerSourceRanges:
- 0.0.0.0/0
ports:
- name: gw-proxy
port: 80
protocol: TCP
targetPort: 8000
- name: gw-admin-proxy
port: 8001
protocol: TCP
targetPort: 8001
selector:
app: gateway
type: LoadBalancer
---
apiVersion: apps/v1
kind: ReplicaSet
metadata:
labels:
app: gateway
name: gateway-demo
name: gateway-demo
spec:
replicas: 1
selector:
matchLabels:
app: gateway
template:
metadata:
labels:
app: gateway
name: gateway-demo
name: gateway
spec:
containers:
- name: gateway
env:
- name: KONG_ANONYMOUS_REPORTS
value: 'off'
- name: KONG_ADMIN_LISTEN
value: '0.0.0.0:8001, 0.0.0.0:8444 ssl'
- name: KONG_DATABASE
value: 'off'
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_TRUSTED_IPS
value: 0.0.0.0/0
- name: KONG_REAL_IP_RECURSIVE
value: 'off'
- name: KONG_NGINX_PROXY_LARGE_CLIENT_HEADER_BUFFERS
value: 4 64K
- name: KONG_HEADERS
value: 'off'
- name: KONG_NGINX_WORKER_PROCESSES
value: '1'
- name: KONG_PROXY_LISTEN
value: '0.0.0.0:8000, 0.0.0.0:8443 http2 ssl'
- name: KONG_REAL_IP_HEADER
value: X-Real-IP
- name: KONG_PLUGINS
value: 'bundled,gwa-ip-anonymity'
- name: KONG_DECLARATIVE_CONFIG
value: /etc/kong.yml
image: 'docker-registry.default.svc:5000/dbc-konga-tools/kong-gwa:1.4.2'
imagePullPolicy: Always
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "kong stop"]
ports:
- containerPort: 8001
name: admin
protocol: TCP
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-ssl
protocol: TCP
- containerPort: 8444
name: admin-ssl
protocol: TCP
volumeMounts:
- mountPath: /usr/local/kong
name: kong-run
- mountPath: /etc/kong.yml
name: kong-conf
subPath: kong.yml
- name: bat
command:
- tail
- -f
- /dev/null
image: alebatt/bat
imagePullPolicy: Always
volumes:
- emptyDir: {}
name: kong-run
- secret:
defaultMode: 0400
secretName: gwa-demo-config
name: kong-conf
---
apiVersion: v1
kind: Secret
metadata:
name: gwa-demo-config
labels:
app: gateway
name: gateway-demo
stringData:
kong.yml: |-
_format_version: "1.1"
services:
- name: gwa-demo-service
url: "http://httpbin.org"
routes:
- name: gwa-demo
paths:
- /
routes:
- name: gwa-demo
service: gwa-demo-service
hosts: ["gwa-demo.pathfinder.gov.bc.ca"]
plugins:
- name: gwa-ip-anonymity
- name: sysdig-demo
service: gwa-demo-service
paths: ["/nginx_status/"]
plugins:
- name: request-termination
plugins:
- name: gwa-ip-anonymity
route: gwa-demo
config:
ipv4_mask: 0
ipv6_mask: 0
- name: rate-limiting
route: gwa-demo
config:
second: 1
minute: 10
policy: local
fault_tolerant: false
- name: request-termination
route: sysdig-demo
config:
status_code: 403
message: So long and thanks for all the fish!
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: gateway
name: gateway-demo
name: gateway-demo
spec:
host: gwa-demo.pathfinder.gov.bc.ca
port:
targetPort: gw-proxy
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: gateway-demo
weight: 100
wildcardPolicy: None