2c2fb7bf by Adam Heath

Support library for doing redirects and external proxy content

filtering.
1 parent d9605192
apiVersion: v1
kind: Service
metadata:
name: http-support-proxy
spec:
type: ClusterIP
selector:
app: http-support-proxy
ports:
- name: http-nginx
protocol: TCP
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: http-support-proxy
labels:
app: http-support-proxy
spec:
replicas: 1
selector:
matchLabels:
app: http-support-proxy
template:
metadata:
labels:
app: http-support-proxy
spec:
restartPolicy: Always
volumes:
- name: http-support-nginx-configs
configMap:
name: http-support-nginx-configs
defaultMode: 0644
containers:
- name: nginx
image: nginx:1.21
workingDir: /usr/share/nginx/html
command: ['nginx', '-g', 'daemon off;']
volumeMounts:
- name: http-support-nginx-configs
mountPath: /etc/nginx/conf.d/
ports:
- name: http-nginx
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /status.html
port: http-nginx
readinessProbe:
httpGet:
path: /status.html
port: http-nginx
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
environments:
default:
values:
- namespace: default
gateway: istio-system/cluster-local-gateway
redirect:
- hosts:
- example.com
target: www.example.com
proxy:
- frontend:
host: www.example.com
stub: example.com
backend:
scheme: https
host: www.real.example.com
stub: real.example.com
address: 8.8.8.8
authority: www.example.com
config: |
server {
server_name www.example.com;
listen 80;
client_max_body_size 5m;
error_log /var/log/nginx/error.log debug;
resolver 10.43.0.10;
location / {
proxy_pass $http_x_backend_scheme://$http_x_backend_address;
proxy_http_version 1.1;
proxy_ssl_name $http_x_backend_host;
proxy_cookie_domain $http_x_backend_stub $http_x_frontend_stub;
proxy_cookie_domain $http_x_backend_host $http_x_frontend_host;
proxy_redirect $http_x_backend_scheme://$http_x_backend_host/ $http_x_backend_scheme://$http_x_frontend_host/;
proxy_set_header x-envoy-internal "";
proxy_set_header x-request-id "";
proxy_set_header x-envoy-decorator-operation "";
proxy_set_header x-envoy-peer-metadata "";
proxy_set_header x-envoy-peer-metadata-id "";
proxy_set_header x-envoy-attempt-count "";
proxy_set_header x-b3-traceid "";
proxy_set_header x-b3-spanid "";
proxy_set_header x-b3-sampled "";
proxy_set_header x-backend-host "";
proxy_set_header x-backend-stub "";
proxy_set_header x-backend-address "";
proxy_set_header x-frontend-host "";
proxy_set_header x-frontend-stub "";
proxy_set_header Host $http_x_backend_host;
proxy_set_header Accept-Encoding "";
sub_filter_types text/css;
sub_filter https://$http_x_backend_host/ "https://$http_x_frontend_host/";
sub_filter https%3A%2F%2F$http_x_backend_host%2F "https:%3A%2F%2F$http_x_frontend_host%2F";
sub_filter https:\/\/$http_x_backend_host\/ "https:\/\/$http_x_frontend_host\/";
sub_filter //$http_x_backend_host/ "//$http_x_frontend_host/";
sub_filter_once off;
}
}
versions:
raw: 1.1.0
nginx: 1.21
---
releases:
- name: http-support
namespace: {{ .Values.namespace }}
chart: charts/http-support
dependencies:
- chart: bedag/raw
alias: raw
version: {{ $.Values.versions.raw }}
values:
- raw:
resources:
{{- range $redirect_index, $redirect := .Values.redirect }}
- apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
spec:
hosts:
{{- $redirect.hosts | toYaml | nindent 18 }}
gateways:
- {{ $.Values.gateway }}
http:
- match:
- uri:
prefix: /
redirect:
redirectCode: 302
authority: {{ $redirect.target }}
{{- end }}
- apiVersion: v1
kind: ConfigMap
metadata:
name: http-support-nginx-configs
data:
{{- range $proxy_index, $proxy := .Values.proxy }}
proxy-{{ $proxy_index }}.conf: |-
{{- $proxy.config | nindent 20 }}
{{- end }}
status.conf: |-
server {
server_name _;
listen 80 default;
location /status.html {
return 200 'OK';
add_header Content-Type text/plain;
access_log /dev/null;
}
}
{{- range $proxy_index, $proxy := .Values.proxy }}
- apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
spec:
hosts:
- {{ $proxy.frontend.host }}
gateways:
- {{ $.Values.gateway }}
http:
- match:
- uri:
prefix: /
rewrite:
authority: {{ $proxy.authority }}
route:
- destination:
port:
number: 80
host: http-support-proxy
headers:
request:
set:
x-frontend-host: {{ $proxy.frontend.host }}
x-frontend-stub: {{ $proxy.frontend.stub }}
x-backend-host: {{ $proxy.backend.host }}
x-backend-stub: {{ $proxy.backend.stub }}
x-backend-address: {{ $proxy.backend.address }}
x-backend-scheme: {{ $proxy.backend.scheme }}
{{- end }}