Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
f3f5a951 by Adam Heath
Options

Add gateway-api support to http-support.

1 parent 314e2352
Inline Side-by-side
Showing 2 changed files with 126 additions and 62 deletions
namespace: default
istio:
enabled: true
gateway: istio-system/cluster-local-gateway
gatewayAPI:
enabled: false
gateway: gateway
redirect:
- hosts:
- example.com
target: www.example.com
proxy:
- frontend:
host: www.example.com
stub: example.com
backend:
scheme: https
host: www.real.example.com
stub: real.example.com
address: 8.8.8.8
authority: www.example.com
config: |
server {
server_name www.example.com;
listen 80;
client_max_body_size 5m;
error_log /var/log/nginx/error.log debug;
resolver 10.43.0.10;
location / {
proxy_pass $http_x_backend_scheme://$http_x_backend_address;
proxy_http_version 1.1;
proxy_ssl_name $http_x_backend_host;
proxy_cookie_domain $http_x_backend_stub $http_x_frontend_stub;
proxy_cookie_domain $http_x_backend_host $http_x_frontend_host;
proxy_redirect $http_x_backend_scheme://$http_x_backend_host/ $http_x_backend_scheme://$http_x_frontend_host/;
proxy_set_header x-envoy-internal "";
proxy_set_header x-request-id "";
proxy_set_header x-envoy-decorator-operation "";
proxy_set_header x-envoy-peer-metadata "";
proxy_set_header x-envoy-peer-metadata-id "";
proxy_set_header x-envoy-attempt-count "";
proxy_set_header x-b3-traceid "";
proxy_set_header x-b3-spanid "";
proxy_set_header x-b3-sampled "";
proxy_set_header x-backend-host "";
proxy_set_header x-backend-stub "";
proxy_set_header x-backend-address "";
proxy_set_header x-frontend-host "";
proxy_set_header x-frontend-stub "";
proxy_set_header Host $http_x_backend_host;
proxy_set_header Accept-Encoding "";
sub_filter_types text/css;
sub_filter https://$http_x_backend_host/ "https://$http_x_frontend_host/";
sub_filter https%3A%2F%2F$http_x_backend_host%2F "https:%3A%2F%2F$http_x_frontend_host%2F";
sub_filter https:\/\/$http_x_backend_host\/ "https:\/\/$http_x_frontend_host\/";
sub_filter //$http_x_backend_host/ "//$http_x_frontend_host/";
sub_filter_once off;
}
}
versions:
raw: 1.1.0
nginx: 1.21
environments:
default:
values:
- namespace: default
gateway: istio-system/cluster-local-gateway
redirect:
- hosts:
- example.com
target: www.example.com
proxy:
- frontend:
host: www.example.com
stub: example.com
backend:
scheme: https
host: www.real.example.com
stub: real.example.com
address: 8.8.8.8
authority: www.example.com
config: |
server {
server_name www.example.com;
listen 80;
client_max_body_size 5m;
error_log /var/log/nginx/error.log debug;
resolver 10.43.0.10;
location / {
proxy_pass $http_x_backend_scheme://$http_x_backend_address;
proxy_http_version 1.1;
proxy_ssl_name $http_x_backend_host;
proxy_cookie_domain $http_x_backend_stub $http_x_frontend_stub;
proxy_cookie_domain $http_x_backend_host $http_x_frontend_host;
proxy_redirect $http_x_backend_scheme://$http_x_backend_host/ $http_x_backend_scheme://$http_x_frontend_host/;
proxy_set_header x-envoy-internal "";
proxy_set_header x-request-id "";
proxy_set_header x-envoy-decorator-operation "";
proxy_set_header x-envoy-peer-metadata "";
proxy_set_header x-envoy-peer-metadata-id "";
proxy_set_header x-envoy-attempt-count "";
proxy_set_header x-b3-traceid "";
proxy_set_header x-b3-spanid "";
proxy_set_header x-b3-sampled "";
proxy_set_header x-backend-host "";
proxy_set_header x-backend-stub "";
proxy_set_header x-backend-address "";
proxy_set_header x-frontend-host "";
proxy_set_header x-frontend-stub "";
bases:
- ../common/environments.yaml
proxy_set_header Host $http_x_backend_host;
proxy_set_header Accept-Encoding "";
sub_filter_types text/css;
sub_filter https://$http_x_backend_host/ "https://$http_x_frontend_host/";
sub_filter https%3A%2F%2F$http_x_backend_host%2F "https:%3A%2F%2F$http_x_frontend_host%2F";
sub_filter https:\/\/$http_x_backend_host\/ "https:\/\/$http_x_frontend_host\/";
sub_filter //$http_x_backend_host/ "//$http_x_frontend_host/";
sub_filter_once off;
}
}
versions:
raw: 1.1.0
nginx: 1.21
---
repositories:
......@@ -78,6 +19,7 @@ releases:
- raw:
resources:
{{- range $redirect_index, $redirect := .Values.redirect }}
{{- if .Values.istio.enabled }}
- apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
......@@ -86,7 +28,7 @@ releases:
hosts:
{{- $redirect.hosts | toYaml | nindent 18 }}
gateways:
- {{ $.Values.gateway }}
- {{ $.Values.istio.gateway }}
http:
- match:
- uri:
......@@ -95,6 +37,29 @@ releases:
redirectCode: 302
authority: {{ $redirect.target }}
{{- end }}
{{- if .Values.gatewayAPI.enabled }}
- apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
spec:
parentRefs:
- name: {{ $.Values.gatewayAPI.gateway }}
hostnames:
{{- $redirect.hosts | toYaml | nindent 18 }}
rules:
- matches:
- path:
type: PathPrefix
value: /
filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 302
hostname: {{ $redirect.target }}
{{- end }}
{{- end }}
- apiVersion: v1
kind: ConfigMap
metadata:
......@@ -116,6 +81,7 @@ releases:
}
}
{{- range $proxy_index, $proxy := .Values.proxy }}
{{- if .Values.istio.enabled }}
- apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
......@@ -146,5 +112,38 @@ releases:
x-backend-address: {{ $proxy.backend.address }}
x-backend-scheme: {{ $proxy.backend.scheme }}
{{- end }}
{{- if .Values.gatewayAPI.enabled }}
- apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
spec:
parentRefs:
- name: {{ $.Values.gatewayAPI.gateway }}
hostnames:
{{- $proxy.hosts | toYaml | nindent 18 }}
rules:
- matches:
- path:
type: PathPrefix
value: /
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: x-frontend-host
value: {{ $proxy.frontend.host }}
- name: x-frontend-stub
value: {{ $proxy.frontend.stub }}
- name: x-backend-host
value: {{ $proxy.backend.host }}
- name: x-backend-stub
value: {{ $proxy.backend.stub }}
- name: x-backend-address
value: {{ $proxy.backend.address }}
- name: x-backend-scheme
value: {{ $proxy.backend.scheme }}
{{- end }}
{{- end }}
......