devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

Merge pull request #140 from jkaninda/docs

Browse Source 
refactor: refactoring of code
This commit is contained in:
Jonas Kaninda
2024-11-29 14:19:14 +01:00
committed by GitHub
parent ce0f34f4c4 1c6457e7a0
commit 4dc3f1023b
11 changed files with 233 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/install/kuberntes-advanced.md
View File

@@ -61,12 +61,12 @@ spec:
gatewayVersion: latest # 0.2.2 gatewayVersion: latest # 0.2.2
## Server config ## Server config
server: server:
# # Kubernetes tls secret name # Kubernetes tls secret name
# tlsSecretName: tls-secret tlsSecretName: '' #Optional, tls-secret
# #Redis configs for distributed rate limiting across multiple instances #Redis configs for distributed rate limiting across multiple instances
# redis: redis:
# addr: redis:6379 addr: '' #Optional, redis:6379
# password: password password: '' #Optional, password
writeTimeout: 10 writeTimeout: 10
readTimeout: 15 readTimeout: 15
idleTimeout: 30 idleTimeout: 30
@@ -131,9 +131,7 @@ metadata:
name: route-sample name: route-sample
spec: spec:
gateway: gateway-sample gateway: gateway-sample
routes: path: /
- path: /
name: Example
hosts: [] hosts: []
rewrite: / rewrite: /
methods: methods:

17
docs/middleware/access.md
View File

@@ -38,3 +38,20 @@ Example of access middleware
middlewares: middlewares:
- api-forbidden-paths - api-forbidden-paths
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: access-middleware-sample
spec:
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```

16
docs/middleware/basic.md
View File

@@ -38,3 +38,19 @@ middlewares:
middlewares: middlewares:
- basic-auth - basic-auth
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: basic-middleware-sample
spec:
type: basic
paths:
- /admin/*
rule:
username: admin
password: admin
```

65
docs/middleware/oauth.md
View File

@@ -5,9 +5,9 @@ parent: Middleware
nav_order: 5 nav_order: 5
--- ---
### OAuth middleware # OAuth middleware
Example of Google provider ### Example of Google provider
```yaml ```yaml
- name: google-oauth - name: google-oauth
@@ -30,7 +30,7 @@ Example of Google provider
``` ```
Example of Authentik provider ### Example of Authentik provider
```yaml ```yaml
- name: oauth-authentik - name: oauth-authentik
@@ -59,32 +59,6 @@ Example of Authentik provider
jwtSecret: your-strong-jwt-secret | It's optional jwtSecret: your-strong-jwt-secret | It's optional
``` ```
### Access middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### RateLimit middleware
The RateLimit middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
Example of rateLimit middleware
```yaml
```
### Apply middleware on the route ### Apply middleware on the route
```yaml ```yaml
@@ -100,3 +74,36 @@ Example of rateLimit middleware
middlewares: middlewares:
- oauth-authentik - oauth-authentik
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: oauth-middleware-sample
spec:
type: basic
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: https://example.com/callback
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: ''
#CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
cookiePath: "/"
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```

18
docs/middleware/rate-limit.md
View File

@@ -20,7 +20,7 @@ middlewares:
- /* - /*
rule: rule:
unit: minute # or hour unit: minute # or hour
requestsPerUnit: 10 requestsPerUnit: 60
``` ```
Example of route rate limiting middleware Example of route rate limiting middleware
@@ -42,3 +42,19 @@ gateway:
routes: routes:
- name: Example - name: Example
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: ratelimit-middleware-sample
spec:
type: basic
paths:
- /*
rule:
unit: minute # or hour
requestsPerUnit: 60
```

44
docs/quickstart/gateway.md
View File

@@ -91,3 +91,47 @@ gateway:
watch: true watch: true
routes: [] routes: []
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Gateway
metadata:
labels: {}
name: gateway-sample
spec:
# The version of Goma Gateway
# See: https://github.com/jkaninda/goma-gateway/releases
gatewayVersion: latest # 0.2.2
server:
# Kubernetes tls secret name
tlsSecretName: '' #Optional, tls-secret
#Redis configs for distributed rate limiting across multiple instances
redis:
addr: '' #Optional, redis:6379
password: '' #Optional, password
writeTimeout: 10
readTimeout: 15
idleTimeout: 35
logLevel: info
disableHealthCheckStatus: true
disableKeepAlive: false
enableMetrics: true
# Replicas count
replicaCount: 1
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
autoScaling:
enabled: true
minReplicas: 2
maxReplicas: 5
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
affinity: {}
```

33
docs/quickstart/route.md
View File

@@ -190,3 +190,36 @@ gateway:
- api-forbidden-paths - api-forbidden-paths
- jwt-auth - jwt-auth
``` ```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Route
metadata:
labels: {}
name: route-sample
spec:
gateway: gateway-sample
path: /
hosts: []
rewrite: /g
methods: [GET]
destination: https://example.com
backends: []
insecureSkipVerify: true
healthCheck:
path: /
interval: 10s
timeout: 10s
healthyStatuses:
- 200
- 404
cors:
origins: []
headers: {}
disableHostFording: true
blockCommonExploits: true
middlewares:
- basic-middleware-sample
- ratelimit
```

8
docs/quickstart/ssl.md → docs/quickstart/tls.md
View File

@@ -1,19 +1,19 @@
--- ---
title: SSL Certificate title: TLS Certificate
layout: default layout: default
parent: Quickstart parent: Quickstart
nav_order: 5 nav_order: 5
--- ---
# SSL Certificate # TLS Certificate
```yaml ```yaml
version: 1.0 version: 1.0
gateway: gateway:
sslCertFile: cert.pem tlsCertFile: cert.pem
sslKeyFile: key.pem tlsKeyFile: key.pem
``` ```

8
internal/gateway_type.go
View File

@@ -20,9 +20,13 @@ package pkg
// Gateway contains Goma Proxy Gateway's configs // Gateway contains Goma Proxy Gateway's configs
type Gateway struct { type Gateway struct {
// SSLCertFile SSL Certificate file // SSLCertFile SSL Certificate file
SSLCertFile string `yaml:"sslCertFile" env:"GOMA_SSL_CERT_FILE, overwrite"` SSLCertFile string `yaml:"sslCertFile,omitempty" env:"GOMA_SSL_CERT_FILE, overwrite"` // Deprecated, use TlsCertFile instead
// SSLKeyFile SSL Private key file // SSLKeyFile SSL Private key file
SSLKeyFile string `yaml:"sslKeyFile" env:"GOMA_SSL_KEY_FILE, overwrite"` SSLKeyFile string `yaml:"sslKeyFile,omitempty" env:"GOMA_SSL_KEY_FILE, overwrite"` // Deprecated, use TlsKeyFile instead
// TlsCertFile TLS Certificate file
TlsCertFile string `yaml:"tlsCertFile" env:"GOMA_TLS_CERT_FILE, overwrite"`
// SSLKeyFile TLS Private key file
TlsKeyFile string `yaml:"tlsKeyFile" env:"GOMA_TLS_KEY_FILE, overwrite"`
// Redis contains redis database details // Redis contains redis database details
Redis Redis `yaml:"redis"` Redis Redis `yaml:"redis"`
// WriteTimeout defines proxy write timeout // WriteTimeout defines proxy write timeout

3
internal/server.go
View File

@@ -37,9 +37,8 @@ func (gatewayServer GatewayServer) Start() error {
tlsConfig, listenWithTLS, err := gatewayServer.initTLS() tlsConfig, listenWithTLS, err := gatewayServer.initTLS()
if err != nil { if err != nil {
return err logger.Error("Failed to initialize TLS")
} }
if !gatewayServer.gateway.DisableDisplayRouteOnStart { if !gatewayServer.gateway.DisableDisplayRouteOnStart {
printRoute(dynamicRoutes) printRoute(dynamicRoutes)
} }

27
internal/tls.go
View File

@@ -24,17 +24,36 @@ import (
) )
func (gatewayServer GatewayServer) initTLS() (*tls.Config, bool, error) { func (gatewayServer GatewayServer) initTLS() (*tls.Config, bool, error) {
cert, key := gatewayServer.gateway.SSLCertFile, gatewayServer.gateway.SSLKeyFile loadAndWarn := func(cert, key string, warnMsg string) (*tls.Config, bool, error) {
if cert == "" || key == "" { if len(cert) != 0 || len(key) != 0 {
return nil, false, nil if warnMsg != "" {
logger.Warn("sslCertFile and sslKeyFile are deprecated, please use tlsCertFile and tlsKeyFile instead")
} }
tlsConfig, err := loadTLS(cert, key) tlsConfig, err := loadTLS(cert, key)
if err != nil { if err != nil {
return nil, false, fmt.Errorf("failed to load TLS config: %w", err) return nil, false, fmt.Errorf("failed to load TLS config: %w", err)
} }
return tlsConfig, true, nil return tlsConfig, true, nil
} }
return nil, false, nil
}
// Check deprecated fields
tlsConfig, loaded, err := loadAndWarn(
gatewayServer.gateway.SSLCertFile,
gatewayServer.gateway.SSLKeyFile,
"Warn",
)
if loaded || err != nil {
return tlsConfig, loaded, err
}
// Check new fields
return loadAndWarn(
gatewayServer.gateway.TlsCertFile,
gatewayServer.gateway.TlsKeyFile,
"",
)
}
// loadTLS loads TLS Certificate // loadTLS loads TLS Certificate
func loadTLS(cert, key string) (*tls.Config, error) { func loadTLS(cert, key string) (*tls.Config, error) {