Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
2c2fb7bf by Adam Heath
Options

Support library for doing redirects and external proxy content 

filtering.
1 parent d9605192
Inline Side-by-side
Showing 3 changed files with 215 additions and 0 deletions
1 apiVersion: v1
2 kind: Service
3 metadata:
4 name: http-support-proxy
5 spec:
6 type: ClusterIP
7 selector:
8 app: http-support-proxy
9 ports:
10 - name: http-nginx
11 protocol: TCP
12 port: 80
13 targetPort: 80
14 ---
15 apiVersion: apps/v1
16 kind: Deployment
17 metadata:
18 name: http-support-proxy
19 labels:
20 app: http-support-proxy
21 spec:
22 replicas: 1
23 selector:
24 matchLabels:
25 app: http-support-proxy
26 template:
27 metadata:
28 labels:
29 app: http-support-proxy
30 spec:
31 restartPolicy: Always
32
33 volumes:
34 - name: http-support-nginx-configs
35 configMap:
36 name: http-support-nginx-configs
37 defaultMode: 0644
38
39 containers:
40 - name: nginx
41 image: nginx:1.21
42 workingDir: /usr/share/nginx/html
43 command: ['nginx', '-g', 'daemon off;']
44
45 volumeMounts:
46 - name: http-support-nginx-configs
47 mountPath: /etc/nginx/conf.d/
48
49 ports:
50 - name: http-nginx
51 containerPort: 80
52 protocol: TCP
53 livenessProbe:
54 httpGet:
55 path: /status.html
56 port: http-nginx
57 readinessProbe:
58 httpGet:
59 path: /status.html
60 port: http-nginx
61
62
1 apiVersion: kustomize.config.k8s.io/v1beta1
2 kind: Kustomization
3
4 resources:
5 - ./deployment.yaml
6
1 environments:
2 default:
3 values:
4 - namespace: default
5 gateway: istio-system/cluster-local-gateway
6 redirect:
7 - hosts:
8 - example.com
9 target: www.example.com
10 proxy:
11 - frontend:
12 host: www.example.com
13 stub: example.com
14 backend:
15 scheme: https
16 host: www.real.example.com
17 stub: real.example.com
18 address: 8.8.8.8
19 authority: www.example.com
20 config: |
21 server {
22 server_name www.example.com;
23 listen 80;
24 client_max_body_size 5m;
25 error_log /var/log/nginx/error.log debug;
26 resolver 10.43.0.10;
27
28 location / {
29 proxy_pass $http_x_backend_scheme://$http_x_backend_address;
30 proxy_http_version 1.1;
31 proxy_ssl_name $http_x_backend_host;
32 proxy_cookie_domain $http_x_backend_stub $http_x_frontend_stub;
33 proxy_cookie_domain $http_x_backend_host $http_x_frontend_host;
34 proxy_redirect $http_x_backend_scheme://$http_x_backend_host/ $http_x_backend_scheme://$http_x_frontend_host/;
35 proxy_set_header x-envoy-internal "";
36 proxy_set_header x-request-id "";
37 proxy_set_header x-envoy-decorator-operation "";
38 proxy_set_header x-envoy-peer-metadata "";
39 proxy_set_header x-envoy-peer-metadata-id "";
40 proxy_set_header x-envoy-attempt-count "";
41 proxy_set_header x-b3-traceid "";
42 proxy_set_header x-b3-spanid "";
43 proxy_set_header x-b3-sampled "";
44 proxy_set_header x-backend-host "";
45 proxy_set_header x-backend-stub "";
46 proxy_set_header x-backend-address "";
47 proxy_set_header x-frontend-host "";
48 proxy_set_header x-frontend-stub "";
49
50 proxy_set_header Host $http_x_backend_host;
51 proxy_set_header Accept-Encoding "";
52 sub_filter_types text/css;
53 sub_filter https://$http_x_backend_host/ "https://$http_x_frontend_host/";
54 sub_filter https%3A%2F%2F$http_x_backend_host%2F "https:%3A%2F%2F$http_x_frontend_host%2F";
55 sub_filter https:\/\/$http_x_backend_host\/ "https:\/\/$http_x_frontend_host\/";
56 sub_filter //$http_x_backend_host/ "//$http_x_frontend_host/";
57 sub_filter_once off;
58 }
59 }
60 versions:
61 raw: 1.1.0
62 nginx: 1.21
63 ---
64
65
66 releases:
67 - name: http-support
68 namespace: {{ .Values.namespace }}
69 chart: charts/http-support
70 dependencies:
71 - chart: bedag/raw
72 alias: raw
73 version: {{ $.Values.versions.raw }}
74 values:
75 - raw:
76 resources:
77 {{- range $redirect_index, $redirect := .Values.redirect }}
78 - apiVersion: networking.istio.io/v1alpha3
79 kind: VirtualService
80 metadata:
81 name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
82 spec:
83 hosts:
84 {{- $redirect.hosts | toYaml | nindent 18 }}
85 gateways:
86 - {{ $.Values.gateway }}
87 http:
88 - match:
89 - uri:
90 prefix: /
91 redirect:
92 redirectCode: 302
93 authority: {{ $redirect.target }}
94 {{- end }}
95 - apiVersion: v1
96 kind: ConfigMap
97 metadata:
98 name: http-support-nginx-configs
99 data:
100 {{- range $proxy_index, $proxy := .Values.proxy }}
101 proxy-{{ $proxy_index }}.conf: |-
102 {{- $proxy.config | nindent 20 }}
103 {{- end }}
104 status.conf: |-
105 server {
106 server_name _;
107 listen 80 default;
108
109 location /status.html {
110 return 200 'OK';
111 add_header Content-Type text/plain;
112 access_log /dev/null;
113 }
114 }
115 {{- range $proxy_index, $proxy := .Values.proxy }}
116 - apiVersion: networking.istio.io/v1alpha3
117 kind: VirtualService
118 metadata:
119 name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
120 spec:
121 hosts:
122 - {{ $proxy.frontend.host }}
123 gateways:
124 - {{ $.Values.gateway }}
125 http:
126 - match:
127 - uri:
128 prefix: /
129 rewrite:
130 authority: {{ $proxy.authority }}
131 route:
132 - destination:
133 port:
134 number: 80
135 host: http-support-proxy
136 headers:
137 request:
138 set:
139 x-frontend-host: {{ $proxy.frontend.host }}
140 x-frontend-stub: {{ $proxy.frontend.stub }}
141 x-backend-host: {{ $proxy.backend.host }}
142 x-backend-stub: {{ $proxy.backend.stub }}
143 x-backend-address: {{ $proxy.backend.address }}
144 x-backend-scheme: {{ $proxy.backend.scheme }}
145 {{- end }}
146
147