Add initial config to start auth dev environment

Signed-off-by: Adam Cattermole <[email protected]>
Kuadrant · Jul 31, 2024 · eda7324 · eda7324
1 parent 95084d2
commit eda7324
Show file tree

Hide file tree

Showing 5 changed files with 120 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,5 @@
 .vscode/*
 
 /bin
+
+/utils/docker-compose/envoy.yaml
diff --git a/Makefile b/Makefile
@@ -60,8 +60,13 @@ $(WASM_RELEASE_PATH): export BUILD = release
 $(WASM_RELEASE_PATH): $(RUST_SOURCES)
 	make -C $(PROJECT_PATH) -f $(MKFILE_PATH) build
 
-development: $(WASM_RELEASE_PATH)
-	docker compose up
+ratelimit-development: $(WASM_RELEASE_PATH)
+	cp utils/docker-compose/envoy-ratelimit.yaml utils/docker-compose/envoy.yaml
+	docker compose up envoy limitador
+
+auth-development: $(WASM_RELEASE_PATH)
+	cp utils/docker-compose/envoy-auth.yaml utils/docker-compose/envoy.yaml
+	docker compose up envoy
 
 stop-development:
 	docker compose down

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,10 +1,8 @@
 ---
-version: '2.2'
 services:
   envoy:
     image: envoyproxy/envoy:v1.20-latest
     depends_on:
-      - limitador
       - upstream
     command:
       - /usr/local/bin/envoy
@@ -25,9 +23,11 @@ services:
     volumes:
       - ./utils/docker-compose/envoy.yaml:/etc/envoy.yaml
       - ./target/wasm32-unknown-unknown/release/wasm_shim.wasm:/opt/kuadrant/wasm/wasm_shim.wasm
+    environment:
+      - ENVOY_UID=0
   limitador:
     image: quay.io/kuadrant/limitador:latest
-    command: ["limitador-server", "-vvv", "/opt/kuadrant/limits/limits.yaml"]
+    command: [ "limitador-server", "-vvv", "/opt/kuadrant/limits/limits.yaml" ]
     expose:
       - "8080"
       - "8081"

diff --git a/utils/docker-compose/envoy-auth.yaml b/utils/docker-compose/envoy-auth.yaml
@@ -0,0 +1,108 @@
+---
+static_resources:
+  listeners:
+    - name: main
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 80
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: local_service
+                      domains:
+                        - "*"
+                      routes:
+                        - match:
+                            prefix: "/"
+                          route:
+                            cluster: upstream
+                http_filters:
+                  - name: envoy.filters.http.header_to_metadata
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config
+                      request_rules:
+                        - header: x-dyn-user-id
+                          on_header_present:
+                            key: user_id
+                            type: STRING
+                          remove: false
+                  - name: envoy.filters.http.wasm
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+                      config:
+                        name: kuadrant_wasm
+                        root_id: kuadrant_wasm
+                        vm_config:
+                          vm_id: vm.sentinel.kuadrant_wasm
+                          runtime: envoy.wasm.runtime.v8
+                          code:
+                            local:
+                              filename: /opt/kuadrant/wasm/wasm_shim.wasm
+                          allow_precompiled: true
+                        configuration:
+                          "@type": "type.googleapis.com/google.protobuf.StringValue"
+                          value: >
+                            {
+                              "failureMode": "deny",
+                              "rateLimitPolicies": [
+                                {
+                                  "name": "rlp-ns-A/rlp-name-A",
+                                  "domain": "rlp-ns-A/rlp-name-A",
+                                  "service": "authorino",
+                                  "hostnames": ["*.a.com"],
+                                  "rules": [
+                                    {
+                                      "data": [
+                                        {
+                                          "selector": {
+                                            "selector": "unknown.path"
+                                          }
+                                        }
+                                      ]
+                                    }
+                                  ]
+                                },
+                              ]
+                            }
+                  - name: envoy.filters.http.router
+  clusters:
+    - name: upstream
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      lb_policy: round_robin
+      load_assignment:
+        cluster_name: upstream
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: upstream
+                      port_value: 80
+    - name: authorino
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      lb_policy: round_robin
+      http2_protocol_options: { }
+      load_assignment:
+        cluster_name: authorino
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: 127.0.0.1
+                      port_value: 50051
+admin:
+  access_log_path: "/dev/null"
+  address:
+    socket_address:
+      address: 0.0.0.0
+      port_value: 8001
diff --git a/utils/docker-compose/envoy.yaml → utils/docker-compose/envoy-ratelimit.yaml b/utils/docker-compose/envoy.yaml → utils/docker-compose/envoy-ratelimit.yaml
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,5 @@
		.vscode/*

		/bin

		/utils/docker-compose/envoy.yaml