devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

Merge pull request #140 from jkaninda/docs

Browse Source 
refactor: refactoring of code
This commit is contained in:
Jonas Kaninda
2024-11-29 14:19:14 +01:00
committed by GitHub
parent ce0f34f4c4 1c6457e7a0
commit 4dc3f1023b
11 changed files with 233 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
docs/install/kuberntes-advanced.md
View File

@@ -61,12 +61,12 @@ spec:
gatewayVersion: latest # 0.2.2
## Server config
server:
# # Kubernetes tls secret name
# tlsSecretName: tls-secret
# #Redis configs for distributed rate limiting across multiple instances
# redis:
# addr: redis:6379
# password: password
# Kubernetes tls secret name
tlsSecretName: '' #Optional, tls-secret
#Redis configs for distributed rate limiting across multiple instances
redis:
addr: '' #Optional, redis:6379
password: '' #Optional, password
writeTimeout: 10
readTimeout: 15
idleTimeout: 30
@@ -131,35 +131,33 @@ metadata:
name: route-sample
spec:
gateway: gateway-sample
routes:
- path: /
name: Example
hosts: []
rewrite: /
methods:
- GET
- POST
- PUT
destination: https://example.com
backends: []
insecureSkipVerify: false
healthCheck:
path: /
interval: 10s
timeout: 10s
healthyStatuses:
- 200
- 404
cors:
origins: []
headers: {}
rateLimit: 15
disableHostFording: true
interceptErrors: []
blockCommonExploits: false
## Middleware names
middlewares:
- basic-middleware-sample
path: /
hosts: []
rewrite: /
methods:
- GET
- POST
- PUT
destination: https://example.com
backends: []
insecureSkipVerify: false
healthCheck:
path: /
interval: 10s
timeout: 10s
healthyStatuses:
- 200
- 404
cors:
origins: []
headers: {}
rateLimit: 15
disableHostFording: true
interceptErrors: []
blockCommonExploits: false
## Middleware names
middlewares:
- basic-middleware-sample
```
## Uninstall

17
docs/middleware/access.md
View File

@@ -37,4 +37,21 @@ Example of access middleware
cors: {}
middlewares:
- api-forbidden-paths
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: access-middleware-sample
spec:
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```

16
docs/middleware/basic.md
View File

@@ -37,4 +37,20 @@ middlewares:
cors: {}
middlewares:
- basic-auth
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: basic-middleware-sample
spec:
type: basic
paths:
- /admin/*
rule:
username: admin
password: admin
```

65
docs/middleware/oauth.md
View File

@@ -5,9 +5,9 @@ parent: Middleware
nav_order: 5
---
### OAuth middleware
# OAuth middleware
Example of Google provider
### Example of Google provider
```yaml
- name: google-oauth
@@ -30,7 +30,7 @@ Example of Google provider
```
Example of Authentik provider
### Example of Authentik provider
```yaml
- name: oauth-authentik
@@ -59,32 +59,6 @@ Example of Authentik provider
jwtSecret: your-strong-jwt-secret | It's optional
```
### Access middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### RateLimit middleware
The RateLimit middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
Example of rateLimit middleware
```yaml
```
### Apply middleware on the route
```yaml
@@ -99,4 +73,37 @@ Example of rateLimit middleware
cors: {}
middlewares:
- oauth-authentik
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: oauth-middleware-sample
spec:
type: basic
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: https://example.com/callback
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: ''
#CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
cookiePath: "/"
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```

18
docs/middleware/rate-limit.md
View File

@@ -20,7 +20,7 @@ middlewares:
- /*
rule:
unit: minute # or hour
requestsPerUnit: 10
requestsPerUnit: 60
```
Example of route rate limiting middleware
@@ -41,4 +41,20 @@ gateway:
rateLimit: 60 # per minute
routes:
- name: Example
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Middleware
metadata:
name: ratelimit-middleware-sample
spec:
type: basic
paths:
- /*
rule:
unit: minute # or hour
requestsPerUnit: 60
```

44
docs/quickstart/gateway.md
View File

@@ -90,4 +90,48 @@ gateway:
directory: /etc/goma/extra
watch: true
routes: []
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Gateway
metadata:
labels: {}
name: gateway-sample
spec:
# The version of Goma Gateway
# See: https://github.com/jkaninda/goma-gateway/releases
gatewayVersion: latest # 0.2.2
server:
# Kubernetes tls secret name
tlsSecretName: '' #Optional, tls-secret
#Redis configs for distributed rate limiting across multiple instances
redis:
addr: '' #Optional, redis:6379
password: '' #Optional, password
writeTimeout: 10
readTimeout: 15
idleTimeout: 35
logLevel: info
disableHealthCheckStatus: true
disableKeepAlive: false
enableMetrics: true
# Replicas count
replicaCount: 1
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
autoScaling:
enabled: true
minReplicas: 2
maxReplicas: 5
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
affinity: {}
```

33
docs/quickstart/route.md
View File

@@ -189,4 +189,37 @@ gateway:
middlewares:
- api-forbidden-paths
- jwt-auth
```
## Advanced Kubernetes deployment
```yaml
apiVersion: gomaproj.github.io/v1beta1
kind: Route
metadata:
labels: {}
name: route-sample
spec:
gateway: gateway-sample
path: /
hosts: []
rewrite: /g
methods: [GET]
destination: https://example.com
backends: []
insecureSkipVerify: true
healthCheck:
path: /
interval: 10s
timeout: 10s
healthyStatuses:
- 200
- 404
cors:
origins: []
headers: {}
disableHostFording: true
blockCommonExploits: true
middlewares:
- basic-middleware-sample
- ratelimit
```

8
docs/quickstart/ssl.md → docs/quickstart/tls.md
View File

@@ -1,19 +1,19 @@
---
title: SSL Certificate
title: TLS Certificate
layout: default
parent: Quickstart
nav_order: 5
---
# SSL Certificate
# TLS Certificate
```yaml
version: 1.0
gateway:
sslCertFile: cert.pem
sslKeyFile: key.pem
tlsCertFile: cert.pem
tlsKeyFile: key.pem
```

8
internal/gateway_type.go
View File

@@ -20,9 +20,13 @@ package pkg
// Gateway contains Goma Proxy Gateway's configs
type Gateway struct {
// SSLCertFile SSL Certificate file
SSLCertFile string `yaml:"sslCertFile" env:"GOMA_SSL_CERT_FILE, overwrite"`
SSLCertFile string `yaml:"sslCertFile,omitempty" env:"GOMA_SSL_CERT_FILE, overwrite"` // Deprecated, use TlsCertFile instead
// SSLKeyFile SSL Private key file
SSLKeyFile string `yaml:"sslKeyFile" env:"GOMA_SSL_KEY_FILE, overwrite"`
SSLKeyFile string `yaml:"sslKeyFile,omitempty" env:"GOMA_SSL_KEY_FILE, overwrite"` // Deprecated, use TlsKeyFile instead
// TlsCertFile TLS Certificate file
TlsCertFile string `yaml:"tlsCertFile" env:"GOMA_TLS_CERT_FILE, overwrite"`
// SSLKeyFile TLS Private key file
TlsKeyFile string `yaml:"tlsKeyFile" env:"GOMA_TLS_KEY_FILE, overwrite"`
// Redis contains redis database details
Redis Redis `yaml:"redis"`
// WriteTimeout defines proxy write timeout

3
internal/server.go
View File

@@ -37,9 +37,8 @@ func (gatewayServer GatewayServer) Start() error {
tlsConfig, listenWithTLS, err := gatewayServer.initTLS()
if err != nil {
return err
logger.Error("Failed to initialize TLS")
}
if !gatewayServer.gateway.DisableDisplayRouteOnStart {
printRoute(dynamicRoutes)
}

33
internal/tls.go
View File

@@ -24,16 +24,35 @@ import (
)
func (gatewayServer GatewayServer) initTLS() (*tls.Config, bool, error) {
cert, key := gatewayServer.gateway.SSLCertFile, gatewayServer.gateway.SSLKeyFile
if cert == "" || key == "" {
loadAndWarn := func(cert, key string, warnMsg string) (*tls.Config, bool, error) {
if len(cert) != 0 || len(key) != 0 {
if warnMsg != "" {
logger.Warn("sslCertFile and sslKeyFile are deprecated, please use tlsCertFile and tlsKeyFile instead")
}
tlsConfig, err := loadTLS(cert, key)
if err != nil {
return nil, false, fmt.Errorf("failed to load TLS config: %w", err)
}
return tlsConfig, true, nil
}
return nil, false, nil
}
tlsConfig, err := loadTLS(cert, key)
if err != nil {
return nil, false, fmt.Errorf("failed to load TLS config: %w", err)
// Check deprecated fields
tlsConfig, loaded, err := loadAndWarn(
gatewayServer.gateway.SSLCertFile,
gatewayServer.gateway.SSLKeyFile,
"Warn",
)
if loaded || err != nil {
return tlsConfig, loaded, err
}
return tlsConfig, true, nil
// Check new fields
return loadAndWarn(
gatewayServer.gateway.TlsCertFile,
gatewayServer.gateway.TlsKeyFile,
"",
)
}
// loadTLS loads TLS Certificate