From eda7324e1a02220bd9e9276110771977f20f8e74 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Wed, 31 Jul 2024 13:00:30 +0100 Subject: [PATCH] Add initial config to start auth dev environment Signed-off-by: Adam Cattermole --- .gitignore | 2 + Makefile | 9 +- docker-compose.yaml | 6 +- utils/docker-compose/envoy-auth.yaml | 108 ++++++++++++++++++ .../{envoy.yaml => envoy-ratelimit.yaml} | 0 5 files changed, 120 insertions(+), 5 deletions(-) create mode 100644 utils/docker-compose/envoy-auth.yaml rename utils/docker-compose/{envoy.yaml => envoy-ratelimit.yaml} (100%) diff --git a/.gitignore b/.gitignore index db51f589..f224abf6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ .vscode/* /bin + +/utils/docker-compose/envoy.yaml diff --git a/Makefile b/Makefile index 5362a265..e9f2804a 100644 --- a/Makefile +++ b/Makefile @@ -60,8 +60,13 @@ $(WASM_RELEASE_PATH): export BUILD = release $(WASM_RELEASE_PATH): $(RUST_SOURCES) make -C $(PROJECT_PATH) -f $(MKFILE_PATH) build -development: $(WASM_RELEASE_PATH) - docker compose up +ratelimit-development: $(WASM_RELEASE_PATH) + cp utils/docker-compose/envoy-ratelimit.yaml utils/docker-compose/envoy.yaml + docker compose up envoy limitador + +auth-development: $(WASM_RELEASE_PATH) + cp utils/docker-compose/envoy-auth.yaml utils/docker-compose/envoy.yaml + docker compose up envoy stop-development: docker compose down diff --git a/docker-compose.yaml b/docker-compose.yaml index e0265d69..86319433 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,10 +1,8 @@ --- -version: '2.2' services: envoy: image: envoyproxy/envoy:v1.20-latest depends_on: - - limitador - upstream command: - /usr/local/bin/envoy @@ -25,9 +23,11 @@ services: volumes: - ./utils/docker-compose/envoy.yaml:/etc/envoy.yaml - ./target/wasm32-unknown-unknown/release/wasm_shim.wasm:/opt/kuadrant/wasm/wasm_shim.wasm + environment: + - ENVOY_UID=0 limitador: image: quay.io/kuadrant/limitador:latest - command: ["limitador-server", "-vvv", "/opt/kuadrant/limits/limits.yaml"] + command: [ "limitador-server", "-vvv", "/opt/kuadrant/limits/limits.yaml" ] expose: - "8080" - "8081" diff --git a/utils/docker-compose/envoy-auth.yaml b/utils/docker-compose/envoy-auth.yaml new file mode 100644 index 00000000..e0f079f6 --- /dev/null +++ b/utils/docker-compose/envoy-auth.yaml @@ -0,0 +1,108 @@ +--- +static_resources: + listeners: + - name: main + address: + socket_address: + address: 0.0.0.0 + port_value: 80 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: + - "*" + routes: + - match: + prefix: "/" + route: + cluster: upstream + http_filters: + - name: envoy.filters.http.header_to_metadata + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config + request_rules: + - header: x-dyn-user-id + on_header_present: + key: user_id + type: STRING + remove: false + - name: envoy.filters.http.wasm + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + config: + name: kuadrant_wasm + root_id: kuadrant_wasm + vm_config: + vm_id: vm.sentinel.kuadrant_wasm + runtime: envoy.wasm.runtime.v8 + code: + local: + filename: /opt/kuadrant/wasm/wasm_shim.wasm + allow_precompiled: true + configuration: + "@type": "type.googleapis.com/google.protobuf.StringValue" + value: > + { + "failureMode": "deny", + "rateLimitPolicies": [ + { + "name": "rlp-ns-A/rlp-name-A", + "domain": "rlp-ns-A/rlp-name-A", + "service": "authorino", + "hostnames": ["*.a.com"], + "rules": [ + { + "data": [ + { + "selector": { + "selector": "unknown.path" + } + } + ] + } + ] + }, + ] + } + - name: envoy.filters.http.router + clusters: + - name: upstream + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: round_robin + load_assignment: + cluster_name: upstream + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: upstream + port_value: 80 + - name: authorino + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: round_robin + http2_protocol_options: { } + load_assignment: + cluster_name: authorino + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 50051 +admin: + access_log_path: "/dev/null" + address: + socket_address: + address: 0.0.0.0 + port_value: 8001 diff --git a/utils/docker-compose/envoy.yaml b/utils/docker-compose/envoy-ratelimit.yaml similarity index 100% rename from utils/docker-compose/envoy.yaml rename to utils/docker-compose/envoy-ratelimit.yaml