diff --git a/.gitignore b/.gitignore index a105906..2f861ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ docker-compose/vault/tmp docker-compose/.env +**/*tmp +**/*keycloak-data +**/*certs \ No newline at end of file diff --git a/docker-compose/docker-compose.yaml b/docker-compose/docker-compose.yaml index 3e4be01..bf3d4da 100644 --- a/docker-compose/docker-compose.yaml +++ b/docker-compose/docker-compose.yaml @@ -18,9 +18,10 @@ version: '3.7' services: frontend: - image: pm4ml/mojaloop-payment-manager-ui:1.17.6 + image: pm4ml/mojaloop-payment-manager-ui:1.19.0 environment: - - API_BASE_URL=http://localhost:4010 + - API_BASE_URL=https://ec2-18-130-212-53.eu-west-2.compute.amazonaws.com:8443/api + - ENABLE_AUTHENTICATION=true ports: - "8081:8080" depends_on: @@ -33,7 +34,7 @@ services: environment: - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin - - KEYCLOAK_FRONTEND_URL=http://localhost:8080/auth + - KEYCLOAK_FRONTEND_URL=https://ec2-18-130-212-53.eu-west-2.compute.amazonaws.com:8443/keycloak/auth - KEYCLOAK_IMPORT=/tmp/pm4ml-realm.json - DB_VENDOR=h2 volumes: @@ -52,9 +53,9 @@ services: - AUTH_CLIENT_ID=pm4ml-customer-ui - AUTH_CLIENT_SECRET=a857e3d7-ebd4-4451-aabd-bcb480dde1a3 - AUTH_DISCOVERY_ENDPOINT=http://keycloak:8080/auth/realms/pm4ml/.well-known/openid-configuration - - AUTH_LOGGED_IN_LANDING_URL=http://localhost:8081/ + - AUTH_LOGGED_IN_LANDING_URL=https://ec2-18-130-212-53.eu-west-2.compute.amazonaws.com:8443/keycloak/auth/ - AUTH_REDIRECT_NAME=pm4ml-customer-ui - - AUTH_REDIRECT_URI=http://localhost:4010/auth + - AUTH_REDIRECT_URI=https://ec2-18-130-212-53.eu-west-2.compute.amazonaws.com:8443/api/auth - AUTH_RESOURCE_NAME=pm4ml-customer-ui - AUTH_SCOPES=roles - DFSP_ID={{ CHANGE BEFORE INSTALL }} @@ -71,7 +72,7 @@ services: depends_on: - management-api - redis -# - keycloak + - keycloak profiles: - portal @@ -119,7 +120,7 @@ services: - portal sim-backend: - image: mojaloop/ml-testing-toolkit:v18.5.1 + image: mojaloop/ml-testing-toolkit:v18.7.5 volumes: - "../testing-toolkit/docker-compose/as-a-backend/spec_files:/opt/app/spec_files" ports: @@ -132,11 +133,11 @@ services: # NOTE: The following UI for sim backend can be enabled for debugging purpose sim-backend-ui: - image: mojaloop/ml-testing-toolkit-ui:v16.0.4 + image: mojaloop/ml-testing-toolkit-ui:v16.1.2 ports: - "6061:6060" environment: - - API_BASE_URL=http://localhost:5051 + - API_BASE_URL=http://18.130.212.53:5051 - AUTH_ENABLED=FALSE command: - sh @@ -153,13 +154,14 @@ services: - "6379:6379" sdk-scheme-adapter: - image: mojaloop/sdk-scheme-adapter:v23.6.0-iso.16 + image: mojaloop/sdk-scheme-adapter:v24.9.2 command: - sh - -c - "yarn start:api-svc" environment: - API_TYPE=iso20022 + - EXPIRY_SECONDS=60 - ILP_VERSION=4 - AUTO_ACCEPT_PARTY=false - AUTO_ACCEPT_QUOTES=false @@ -199,6 +201,7 @@ services: ports: - "4000:4000" - "4001:4001" + - "443:4000" volumes: - ./inbound-cacert.pem:/secrets/inbound-cacert.pem - ./inbound-cert.pem:/secrets/inbound-cert.pem @@ -230,7 +233,7 @@ services: ports: - "6060:6060" environment: - - API_BASE_URL=http://localhost:5050 + # - API_BASE_URL=http://localhost:5050 - AUTH_ENABLED=FALSE command: - sh @@ -272,4 +275,4 @@ networks: name: pm4ml-net volumes: - vault-data: + vault-data: \ No newline at end of file diff --git a/docker-compose/envoy/docker-compose.yml b/docker-compose/envoy/docker-compose.yml new file mode 100644 index 0000000..cf46f90 --- /dev/null +++ b/docker-compose/envoy/docker-compose.yml @@ -0,0 +1,87 @@ +version: '3.8' + +services: + envoy-gateway: + container_name: envoy-gateway + image: envoyproxy/gateway:v1.4.0 + ports: + - "8443:8443" + - "8888:8888" + - "19000:19000" + - "19001:19001" + # - "8081:8081" + volumes: + - ./envoy-gateway:/etc/envoy-gateway + - ./certs/envoy-oidc-hmac:/tmp/envoy-gateway/certs/envoy-oidc-hmac + - ./certs/envoy:/tmp/envoy-gateway/certs/envoy + - ./certs/envoy-gateway:/tmp/envoy-gateway/certs/envoy-gateway + - ./tmp:/tmp/envoy-gateway + - ./certs:/etc/envoy-gateway/certs + command: server --config-path /etc/envoy-gateway/standalone.yaml + environment: + - EG_EXTENSION_APIS_ENABLE_BACKEND=true + - EG_EXTENSION_APIS_ENABLE_OAUTH=true + - ENVOY_GATEWAY_NAMESPACE=envoy-gateway-system + - EG_GATEWAY_CONTROLLER_NAME=gateway.envoyproxy.io/gatewayclass-controller + - EG_PROVIDER_TYPE=Custom + - EG_PROVIDER_CUSTOM_RESOURCE_TYPE=File + - EG_PROVIDER_CUSTOM_RESOURCE_FILE_PATHS=/etc/envoy-gateway/config.yaml + - EG_PROVIDER_CUSTOM_INFRASTRUCTURE_TYPE=Host + - EG_LOG_LEVEL=debug + networks: + - envoy-gateway-test + depends_on: + - redis + - test-backend + - keycloak + + redis: + image: redis:7.0-alpine + container_name: redis-ratelimit + ports: + - "6380:6379" + networks: + - envoy-gateway-test + + test-backend: + image: python:3.13-slim + container_name: test-backend + networks: + - envoy-gateway-test + volumes: + - ../:/app + working_dir: /app + command: python3 -m http.server 8090 + ports: + - "8090:8090" + + keycloak: + image: quay.io/keycloak/keycloak:22.0.1 + container_name: keycloak + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + - KC_DB=dev-file + - KC_HOSTNAME_STRICT=false + - KC_HOSTNAME_STRICT_HTTPS=false + - KC_HTTP_ENABLED=true + - KC_PROXY=edge + - JAVA_OPTS=-Djboss.bind.address=0.0.0.0 -Djboss.bind.address.private=0.0.0.0 -Dvertx.cacheDirBase=/opt/keycloak/cache -Djava.io.tmpdir=/opt/keycloak/tmp + volumes: + - ./keycloak-data:/opt/keycloak/data + - ./keycloak-cache:/opt/keycloak/cache + - ./keycloak-tmp:/opt/keycloak/tmp + ports: + - "8085:8080" + networks: + - envoy-gateway-test + command: + - start-dev + - --hostname=localhost + - --hostname-port=8085 + - --hostname-strict-backchannel=false + +networks: + envoy-gateway-test: + name: envoy-gateway-test + driver: bridge diff --git a/docker-compose/envoy/envoy-gateway/config.yaml b/docker-compose/envoy/envoy-gateway/config.yaml new file mode 100644 index 0000000..13ab677 --- /dev/null +++ b/docker-compose/envoy/envoy-gateway/config.yaml @@ -0,0 +1,208 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: v1 +kind: Secret +metadata: + name: gateway-cert + namespace: envoy-gateway-system +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lVTFF3UG42dk9xcmQ3bit4L29zZlUxSGREbFhRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYRFRJMU1EVXhOVEEyTVRVeE9Wb1hEVEkyTURVeApOVEEyTVRVeE9Wb3dGREVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBbmR5RjhQeUw2OFFvN3pWTkVGeFRqdE5IN0RXZXphKzhUNzQ1MVhRNnY5M1IKVVRnQU96K2tUY21QNmhEVkFydnh0L2QxSFFWMXhFTHphVWpqRmNQQ1QwVEU2UnZJVGU0aHhkelBZVHBCamJQSwpGRXp4MUMzUW1SdGgzV3FNQ1hLL1I4bkFmZVBGWlorUXd2TVJZcmQ1QWxjRmlseEM5cUM4QlBuV1U4MTN4cVhSCmlHVVhPZUU1OUFjbHpJTlFCSmNiL0JzQnlWQTZCT05DdENrQnUyeTAwY0Y5QXZUb05mTDM2Q1ZOcXI4SXA1dFEKWWFkYzhTZ2k0KzA0K3lPV04wdnFxTFF5WGxLQUJMb1BCV3FDaWwzd1B0NjkzL3k3MncxUTFjekJnbHE5U2pSYwo2ZGZSckVIR0o3VERtb2FHS1h2RlM0R09Hejh0R0hxbjluTXZ0Yk9RUHdJREFRQUJvMmt3WnpBZEJnTlZIUTRFCkZnUVVEdVQzd1BuTm04bmF1Q1RZbVd4SjdVY3Q4ZjR3SHdZRFZSMGpCQmd3Rm9BVUR1VDN3UG5ObThuYXVDVFkKbVd4SjdVY3Q4ZjR3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFVQmdOVkhSRUVEVEFMZ2dsc2IyTmhiR2h2YzNRdwpEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQklkMEhsZmtXRERUdkdJN3l0RE1EUDJnNU5zTlYyRE9ZdHRLSEpTCnd3MEk3YWgwWmlJZ0p3NUkvR0t4aXQ3RkhIN2NqM1FQVldHYm9JQ3FoSmVrWkpPYW5iaVNBWmxzbUEvRjduZ2wKVnhTSnlsUDNHYnVJTGtORDRJZEhXeDZwWVhhbnF5S0lSWWI5Y1RleE1tRUxaQTVjdWhJdllnYWNGSlRBMnpORQpyQlpWZDFjaXFqTnNoa29tY2hhVWorQmo2dDNiZ1Z1ajArL1lRUnhTM2FMMUN5dkFNdHZySmtDSXdJRXc0LzdOCjBKVlV5L3BNV3RUb01qMUJHeUQ1ajdiTENoWUxrQUVTdGFlY3JkZWI1UjYyQS9ic1UyekRJdmoyM2JIWForWngKOGhmVzhXOTErSUp0SjJPNFNiMHVUbXQvWUlLY1VOdktJMWthLzRUZUVJbGlwWDA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QzSVh3L0l2cnhDanYKTlUwUVhGT08wMGZzTlo3TnI3eFB2am5WZERxLzNkRlJPQUE3UDZSTnlZL3FFTlVDdS9HMzkzVWRCWFhFUXZOcApTT01WdzhKUFJNVHBHOGhON2lIRjNNOWhPa0dOczhvVVRQSFVMZENaRzJIZGFvd0pjcjlIeWNCOTQ4VmxuNURDCjh4Rml0M2tDVndXS1hFTDJvTHdFK2RaVHpYZkdwZEdJWlJjNTRUbjBCeVhNZzFBRWx4djhHd0hKVURvRTQwSzAKS1FHN2JMVFJ3WDBDOU9nMTh2Zm9KVTJxdndpbm0xQmhwMXp4S0NMajdUajdJNVkzUytxb3RESmVVb0FFdWc4Rgphb0tLWGZBKzNyM2YvTHZiRFZEVnpNR0NXcjFLTkZ6cDE5R3NRY1ludE1PYWhvWXBlOFZMZ1k0YlB5MFllcWYyCmN5KzFzNUEvQWdNQkFBRUNnZ0VBQXNlWlRDOEdQN2FLaWZ2RVNaOTJrVE5ETnZPU3draHY1bStSRVNNa3piQVkKT1hmaytTWWJ2SXJxRDlNUURTWkdFVms0SkxTdDZERE5uSEwrSEtuL3grbU1GaGE1SmpZbFBoaXZSaVVDZG41Tgo5cUdNT0pJOTlCUTVXdTYvWElNNnZ3YmNidHNONU1ZMGhGcEhXaGVrOTllVWIyVkVnSmMvK0U1MTZhL2FoaExxClMwZTZBcldoTmtOTzFjTCt6ZXhaS2wvR2RqS2V4d3FvOFJITThaRnFLT01ZdjIxRkZ0SFVlZ2ZtbEZTVjRJMjAKa25aRTNjYmVzUGY2TUV6YnFlcnBIUEduajhsc01aeWJFMFVHSUd3Y1VpNys2Vkx1M3loenA5dURCR1JZS2tQWQo2S0tjRkNHVFIzQVpNeUFtR1E1alpzQ2hmVjY1Uklxb29aNHNXSjBRNFFLQmdRRGN2MUsxM2JrSjltYjVSSzNhCnptaXpiTXR2R0h4dE15NjVDZTdSYlpFdGJ0Um43UjFKNkR4YkdDVndLN3Y3VXNnODk5a29hVkhKT29Ea0xTWFIKZHk3ZXRiQ09jd2JkSG9IUjlBMmhCT3g4SFROUEhEU2tRUlYzVFFUdWhBaFJiOTN3cVZKL0FFL0NsaTZ1RFQ5Rgp0TkZpLzlBY29Ca3QzWWtWRjFGMytpSEs2UUtCZ1FDM0VrWUEvR2MwNVJ1M0tkQUNHS1NndndUWnIwR2RhOGp6ClVjVi8zS1FoUmtDUytQL2cxYmVuNzJxbndxSzZqaWF1TisxcFVWTHJPUVo1SDlhN3RITlZvYWJNM0crVUIxRmcKSlU1ZnBjZGNqVEM4VmpxRVNBbmNJTE9xTWwrYm9tNlFocnBuemIzS2phczJITHJIZ2svRjNvcktOemdMME92OQpTc1FjUmE2NDV3S0JnRHkvUGRDa2dvNVdTNElmUDBTdWRxdWhyZDRWdS9BRkhMOTVGMHAwdjNYa1FQbVVpL0hSCndnSkRnOUg1aHhLamRrMG8yNDYrWk81ZWRpZlVzTXFTNU1nTzhkWlJtenJ3Y1VOSXlSTmRtb0tST3BSenE1emoKK0RkTGI2Yi9tSlpvbFlmcjRMTG9jQXFaYjZFZ0xpQk5vUzJBUGxJU1VMdUpjbmJtWXRvRWNKWTVBb0dBYU5QKwozOXVuNFdMN2p0TlRkNC9TM1BUa2V4M2VyWnlsa2FhV045UUk2OERGZ3lNdnFmZlcxVVBEeDlJc3lqUlJzOXIwCmlDVDRIUmNuUEw1ZGdGZ2czcnpVdldQUVJHdzRUWnl2RnhmZlk0QzVrbTZ4elVOTzJneWp0R1pwMXIyWklBcjEKdkREVVo2TGRrZnU3ZkRpREkyTitCN0s4MWc5SXdsNUlrNFBYTzZzQ2dZRUFzNzFickJtTzRndzd4L0ZWd3RMZQpaSjNKYkcwekk1Sng0a2hYVnhLaHR1UTlKTnZvL2k3T3NoOHBYSVhiT1I0aUtHRUtHWVovbitSWXRCN1lTaWE4ClpPb2MvZDVveVlzTmpiZGZvMjBoeDRmSDRqV1dxSDZ3YWZtSlQvY2NRZEtaQWVnZ1VSRlNWV3FScE5GZEVhZkgKUFRtKzYxWWFXUFNydXZoU3BnRmJKeTA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg + namespace: envoy-gateway-system + annotations: + gateway.envoyproxy.io/infrastructure-type: Host +spec: + gatewayClassName: eg + listeners: + - name: https + protocol: HTTPS + port: 8443 + tls: + mode: Terminate + certificateRefs: + - kind: Secret + group: "" + name: gateway-cert + namespace: envoy-gateway-system +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend + namespace: envoy-gateway-system +spec: + parentRefs: + - name: eg + namespace: envoy-gateway-system + hostnames: + - "ec2-18-130-212-53.eu-west-2.compute.amazonaws.com" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: payment-manager-ui + port: 8081 + weight: 1 + kind: Backend + group: gateway.envoyproxy.io + - matches: + - path: + type: PathPrefix + value: /api + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: "" + backendRefs: + - name: experience-api + port: 4010 + weight: 1 + kind: Backend + group: gateway.envoyproxy.io + - matches: + - path: + type: PathPrefix + value: /management-api + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: "" + backendRefs: + - name: management-api + port: 9000 + weight: 1 + kind: Backend + group: gateway.envoyproxy.io + - matches: + - path: + type: PathPrefix + value: /realms + backendRefs: + - name: keycloak + port: 8085 + weight: 1 + kind: Backend + group: gateway.envoyproxy.io + - matches: + - path: + type: PathPrefix + value: /keycloak + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: "" + backendRefs: + - name: keycloak + port: 8080 + weight: 1 + kind: Backend + group: gateway.envoyproxy.io +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: test-backend +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 8090 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: mojaloop-testing-toolkit-1 +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 4040 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: mojaloop-testing-toolkit-2 +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 5050 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: sim-backend-2 +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 5052 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: sdk-scheme-adapter +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 4000 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: payment-manager-ui +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 8081 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: experience-api +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 4010 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: keycloak +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 8080 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: management-api +spec: + endpoints: + - ip: + address: 172.31.26.127 + port: 9000 diff --git a/docker-compose/envoy/envoy-gateway/config.yaml.template b/docker-compose/envoy/envoy-gateway/config.yaml.template new file mode 100644 index 0000000..2b3e6a7 --- /dev/null +++ b/docker-compose/envoy/envoy-gateway/config.yaml.template @@ -0,0 +1,73 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: v1 +kind: Secret +metadata: + name: gateway-cert + namespace: envoy-gateway-system +type: kubernetes.io/tls +data: + tls.crt: ${TLS_CERT} + tls.key: ${TLS_KEY} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg + namespace: envoy-gateway-system + annotations: + gateway.envoyproxy.io/infrastructure-type: Host +spec: + gatewayClassName: eg + listeners: + - name: https + protocol: HTTPS + port: 8443 + tls: + mode: Terminate + certificateRefs: + - kind: Secret + group: "" + name: gateway-cert + namespace: envoy-gateway-system +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend + namespace: envoy-gateway-system +spec: + parentRefs: + - name: eg + namespace: envoy-gateway-system + hostnames: + - "localhost" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: test-backend + port: 8090 + weight: 1 + kind: Service + group: "" +--- +apiVersion: v1 +kind: Service +metadata: + name: test-backend + namespace: envoy-gateway-system +spec: + ports: + - port: 8090 + targetPort: 8090 + protocol: TCP + type: ExternalName + externalName: test-backend.envoy-gateway-test_default \ No newline at end of file diff --git a/docker-compose/envoy/envoy-gateway/config_rate_limiting.yaml b/docker-compose/envoy/envoy-gateway/config_rate_limiting.yaml new file mode 100644 index 0000000..9eafac5 --- /dev/null +++ b/docker-compose/envoy/envoy-gateway/config_rate_limiting.yaml @@ -0,0 +1,61 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg +spec: + gatewayClassName: eg + listeners: + - name: http + protocol: HTTP + port: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend +spec: + parentRefs: + - name: eg + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: gateway.envoyproxy.io + kind: Backend + name: test-backend +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: test-backend +spec: + endpoints: + - ip: + address: 192.168.15.105 + port: 8090 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: BackendTrafficPolicy +metadata: + name: policy-httproute +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend + rateLimit: + type: Local + local: + rules: + - limit: + requests: 3 + unit: Hour diff --git a/docker-compose/envoy/envoy-gateway/standalone.yaml b/docker-compose/envoy/envoy-gateway/standalone.yaml new file mode 100644 index 0000000..a019d16 --- /dev/null +++ b/docker-compose/envoy/envoy-gateway/standalone.yaml @@ -0,0 +1,27 @@ +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyGateway +gateway: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +provider: + type: Custom + custom: + resource: + type: File + file: + paths: ["/etc/envoy-gateway/config.yaml"] + infrastructure: + type: Host + host: + name: envoy-gateway + namespace: envoy-gateway-system +logging: + level: + default: debug +rateLimit: + backend: + type: Redis + redis: + url: redis:6379 +extensionApis: + enableBackend: true + enableOAuth: true \ No newline at end of file diff --git a/docker-compose/envoy/generate-config.sh b/docker-compose/envoy/generate-config.sh new file mode 100755 index 0000000..72fe7c8 --- /dev/null +++ b/docker-compose/envoy/generate-config.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Read the certificate and key files +TLS_CERT=$(cat certs/tls.crt | base64 -w 0) +TLS_KEY=$(cat certs/tls.key | base64 -w 0) + +# Replace the placeholders in the config +sed "s|\${TLS_CERT}|$TLS_CERT|g; s|\${TLS_KEY}|$TLS_KEY|g" envoy-gateway/config.yaml.template > envoy-gateway/config.yaml \ No newline at end of file diff --git a/docker-compose/envoy/test-rate-limit.sh b/docker-compose/envoy/test-rate-limit.sh new file mode 100755 index 0000000..2f21b5f --- /dev/null +++ b/docker-compose/envoy/test-rate-limit.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +echo "Making 4 requests with 1 second delay between each..." +echo "Expected: First 3 requests should succeed, last 1 should be rate limited" + +# for i in {1..5}; do +# echo -n "Request $i: " +# curl -v -H "Host: localhost:8080" http://localhost:8080 2>&1 | grep "< HTTP" +# if [ $i -lt 5 ]; then +# sleep 0.2 +# fi +# done + +for i in {1..4}; do curl -I --header "Host: ratelimit.example" --header "x-user-id: one" http://localhost:8080 ; sleep 1; done