apiVersion: v1 kind: ConfigMap metadata: name: goma-config data: goma.yml: | # Goma Gateway configurations version: 1.0 gateway: # Proxy write timeout writeTimeout: 15 # Proxy read timeout readTimeout: 15 # Proxy idle timeout idleTimeout: 30 ## TLS Certificate file tlsCertFile: '' #cert.pem ## TLS Private Key file tlsKeyFile: ''#key.pem # Proxy rate limit, it's In-Memory IP based rateLimit: 0 logLevel: info # debug, trace, off ## Redis connexion for distributed rate limiting, when using multiple instances | It's optional #redis: #addr: redis:6379 # password: password ## Enable, disable routes health check disableHealthCheckStatus: false ## Returns backend route healthcheck errors disableRouteHealthCheckError: false # Disable display routes on start disableDisplayRouteOnStart: false # disableKeepAlive allows enabling and disabling KeepALive server disableKeepAlive: false # Block common exploits | detect SQL injection, and simple XSS attempts blockCommonExploits: false # interceptErrors intercepts backend errors based on defined the status codes interceptErrors: - 405 - 500 # - 400 # Proxy Global HTTP Cors cors: # Global routes cors for all routes origins: - http://localhost:8080 - https://example.com # Global routes cors headers for all routes headers: Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id' Access-Control-Allow-Credentials: 'true' Access-Control-Max-Age: 1728000 ##### Define routes routes: # Example of a route | 1 - path: / name: Public # Name is optional # host Domain/host based request routing hosts: [] # Hosts are optional ## Rewrite a request path # e.g rewrite: /store to / rewrite: / destination: https://example.com # Limit HTTP methods allowed for this route methods: [POST, PUT, GET] #disableHostFording proxy host forwarding disableHostFording: false # Route Cors, global cors will be overridden by route cors: # Route Origins Cors, route will override global cors origins origins: - https://dev.example.com - http://localhost:3000 - https://example.com # Route Cors headers, route will override global cors headers headers: Access-Control-Allow-Methods: 'GET' Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id' Access-Control-Allow-Credentials: 'true' Access-Control-Max-Age: 1728000 ##### Apply middlewares to the route ## The name must be unique ## List of middleware name middlewares: - api-forbidden-paths # Example of a route | 2 - path: /protected name: Basic auth rewrite: / destination: '' backends: - https://example.com - https://example2.com methods: - GET # Route healthcheck healthCheck: path: /health/live interval: 30s timeout: 10s healthyStatuses: - 200 - 404 cors: {} middlewares: - api-forbidden-paths - basic-auth #Defines proxy middlewares # middleware name must be unique middlewares: # Enable Basic auth authorization based - name: basic-auth # Authentication types | jwt, basic, OAuth type: basic paths: - /user - /admin - /account rule: username: admin password: admin #Enables JWT authorization based on the result of a request and continues the request. - name: google-auth # Authentication types | jwt, basic, OAuth # jwt authorization based on the result of backend's response and continue the request when the client is authorized type: jwt # Paths to protect paths: - /protected-access - /example-of-jwt #- /* or wildcard path rule: # This is an example URL url: https://www.googleapis.com/auth/userinfo.email # Required headers, if not present in the request, the proxy will return 403 requiredHeaders: - Authorization # Key: Auth request header key | Value: Next request header key headers: userId: Auth-UserId userCountryId: Auth-UserCountryId # Key: Auth request header key | Value: Next request parameter key params: userCountryId: countryId # The server will return 403 - name: api-forbidden-paths type: access ## prevents access paths paths: - /swagger-ui/* - /v2/swagger-ui/* - /api-docs/* - /internal/* - /actuator/* - name: oauth-google type: oauth paths: - /protected - /example-of-oauth rule: clientId: xxx clientSecret: xxx provider: google endpoint: userInfoUrl: "" redirectUrl: http://localhost:8080/callback redirectPath: "" cookiePath: "" scopes: - https://www.googleapis.com/auth/userinfo.email - https://www.googleapis.com/auth/userinfo.profile state: randomStateString jwtSecret: your-strong-jwt-secret | It's optional - name: oauth-authentik type: oauth paths: - /protected - /example-of-oauth rule: clientId: xxx clientSecret: xxx provider: custom endpoint: authUrl: https://authentik.example.com/application/o/authorize/ tokenUrl: https://authentik.example.com/application/o/token/ userInfoUrl: https://authentik.example.com/application/o/userinfo/ redirectUrl: http://localhost:8080/callback redirectPath: "" cookiePath: "" scopes: - email - openid state: randomStateString jwtSecret: your-strong-jwt-secret | It's optional