125 lines
2.7 KiB
YAML
125 lines
2.7 KiB
YAML
# ==============================
|
|
# Gateway
|
|
# ==============================
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: GatewayClass
|
|
metadata:
|
|
name: eg
|
|
spec:
|
|
controllerName: gateway.envoyproxy.io/gatewayclass-controller
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: eg
|
|
spec:
|
|
gatewayClassName: eg
|
|
listeners:
|
|
- name: http
|
|
protocol: HTTP
|
|
port: 80
|
|
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: my-gateway
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
spec:
|
|
gatewayClassName: eg
|
|
listeners:
|
|
- name: http
|
|
protocol: HTTP
|
|
port: 80
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: Same
|
|
|
|
# ==============================
|
|
# Public HTTP Routes
|
|
# ==============================
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: my-public-routes
|
|
namespace: default
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
spec:
|
|
parentRefs:
|
|
- name: my-gateway
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /khmer-eid/auth
|
|
backendRefs:
|
|
- name: khmer-eid
|
|
port: 8200
|
|
filters:
|
|
- type: URLRewrite
|
|
urlRewrite:
|
|
path:
|
|
type: ReplacePrefixMatch
|
|
replacePrefixMatch: /auth
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /nginx
|
|
backendRefs:
|
|
- name: my-nginx
|
|
port: 8081
|
|
|
|
# ==============================
|
|
# Protected HTTP Routes
|
|
# ==============================
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: my-protected-routes
|
|
namespace: default
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
spec:
|
|
parentRefs:
|
|
- name: my-gateway
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /khmer-eid
|
|
backendRefs:
|
|
- name: khmer-eid
|
|
port: 8200
|
|
filters:
|
|
- type: URLRewrite
|
|
urlRewrite:
|
|
path:
|
|
type: ReplacePrefixMatch
|
|
replacePrefixMatch: /
|
|
|
|
# ==============================
|
|
# Forward Auth
|
|
# ==============================
|
|
---
|
|
apiVersion: gateway.envoyproxy.io/v1alpha1
|
|
kind: SecurityPolicy
|
|
metadata:
|
|
name: my-ext-auth
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
spec:
|
|
targetRefs:
|
|
- group: gateway.networking.k8s.io
|
|
kind: HTTPRoute
|
|
name: my-protected-routes
|
|
extAuth:
|
|
http:
|
|
path: /auth
|
|
backendRefs:
|
|
- name: khmer-eid
|
|
port: 8200
|
|
headersToBackend: ["x-auth-user"] |