demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor ADC config to use AI rate limiting for /api route

Browse Source
This commit is contained in:
d.viti
2025-10-07 15:01:22 +02:00
parent 8f5e4f2776
commit e156b7c7a1
4 changed files with 245 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
adc.yaml Normal file
View File

@@ -0,0 +1,50 @@
services:
- name: apache-service
hosts:
- commandware.it
upstream:
name: apache-upstream
scheme: http
type: roundrobin
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
routes:
- name: apache-route
uris:
- /*
vars:
- - uri
- "~~"
- "^(?!/api)"
priority: 1
plugins:
redirect:
http_to_https: true
- name: nginx-api-service
hosts:
- commandware.it
upstream:
name: nginx-upstream
scheme: http
type: roundrobin
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
routes:
- name: nginx-api-route
uris:
- /api
- /api/*
priority: 10
plugins:
redirect:
http_to_https: true
ai-rate-limiting:
limit: 100
time_window: 60
rejected_code: 429
limit_strategy: "total_tokens"

164
diff.yaml Normal file
View File

@@ -0,0 +1,164 @@
- resourceType: route
type: update
resourceId: 300352210d490360aa898cc92cc1ebd72eaaa51a
resourceName: apache-route
oldValue:
uris:
- /*
name: apache-route
plugins:
redirect:
http_to_https: true
priority: 1
vars:
- - uri
- ~~
- ^(?!/api)
newValue:
name: apache-route
hosts:
- commandware.it
uris:
- /*
priority: 1
vars:
- - uri
- ~~
- ^(?!/api)
plugins:
redirect:
http_to_https: true
diff:
- kind: 'N'
path:
- hosts
rhs:
- commandware.it
parentId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
- resourceType: route
type: update
resourceId: 1704231ea22866bfc59bf5bc58efb578c6e4cb1a
resourceName: nginx-api-route
oldValue:
uris:
- /api
- /api/*
name: nginx-api-route
plugins:
ai-rate-limiting:
limit: 100
limit_strategy: total_tokens
rejected_code: 429
time_window: 60
redirect:
http_to_https: true
priority: 10
newValue:
name: nginx-api-route
hosts:
- commandware.it
uris:
- /api
- /api/*
priority: 10
plugins:
redirect:
http_to_https: true
ai-rate-limiting:
limit: 100
time_window: 60
rejected_code: 429
limit_strategy: total_tokens
diff:
- kind: 'N'
path:
- hosts
rhs:
- commandware.it
parentId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
- resourceType: service
type: update
resourceId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
resourceName: apache-service
oldValue:
name: apache-service
upstream:
name: apache-upstream
type: roundrobin
hash_on: vars
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
retry_timeout: 0
pass_host: pass
strip_path_prefix: true
newValue:
name: apache-service
upstream:
name: apache-upstream
type: roundrobin
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
pass_host: pass
strip_path_prefix: true
diff:
- kind: D
path:
- upstream
- hash_on
lhs: vars
- kind: D
path:
- upstream
- retry_timeout
lhs: 0
- resourceType: service
type: update
resourceId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
resourceName: nginx-api-service
oldValue:
name: nginx-api-service
upstream:
name: nginx-upstream
type: roundrobin
hash_on: vars
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
retry_timeout: 0
pass_host: pass
strip_path_prefix: true
newValue:
name: nginx-api-service
upstream:
name: nginx-upstream
type: roundrobin
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
pass_host: pass
strip_path_prefix: true
diff:
- kind: D
path:
- upstream
- hash_on
lhs: vars
- kind: D
path:
- upstream
- retry_timeout
lhs: 0

106
helm/api7ee-demo-k8s/templates/configmap-adc.yaml
View File

@@ -9,115 +9,61 @@ metadata:
data:
adc-config.yaml: |
services:
{{- if .Values.web.enabled }}
- name: web-service
- name: apache-service
hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream:
name: web-upstream
name: apache-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-web:http
{{- else }}
nodes:
- host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.web.service.port }}
- host: apache-service.{{ .Release.Namespace }}.svc.cluster.local
port: 80
weight: 100
{{- end }}
routes:
- name: web-route
- name: apache-route
uris:
- /*
hosts:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
priority: 0
vars:
- - uri
- "~~"
- "^(?!/api)"
priority: 1
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credentials: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
{{- end }}
{{- if .Values.api.enabled }}
- name: api-service
- name: nginx-api-service
hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream:
name: api-upstream
name: nginx-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-api:http
{{- else }}
nodes:
- host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.api.service.port }}
- host: nginx-service.{{ .Release.Namespace }}.svc.cluster.local
port: 80
weight: 100
{{- end }}
routes:
- name: api-route
- name: nginx-api-route
uris:
- /api
- /api/*
hosts:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
priority: 10
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
proxy-rewrite:
regex_uri:
- ^/api/(.*)
- /$1
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.apiCount | default .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- if .Values.api7.plugins.aiRateLimit.enabled }}
ai-rate-limiting:
limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
time_window: {{ .Values.api7.plugins.aiRateLimit.timeWindow }}
rejected_code: {{ .Values.api7.plugins.aiRateLimit.rejectedCode }}
limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
key-auth:
header: {{ .Values.api7.plugins.auth.header | default "X-API-Key" }}
{{- end }}
{{- end }}
{{- if .Values.api7.tls.enabled }}
ssls:
- snis:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
certificates:
{{- if .Values.api7.tls.certManager.enabled }}
- certificate: /etc/ssl/certs/tls.crt
key: /etc/ssl/certs/tls.key
{{- else if .Values.api7.tls.certificate }}
- certificate: |
{{ .Values.api7.tls.certificate | nindent 14 }}
key: |
{{ .Values.api7.tls.key | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
consumers:
@@ -144,4 +90,4 @@ data:
batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
{{- end }}
{{- end }}
{{- end }}

9
helm/api7ee-demo-k8s/values.yaml
View File

@@ -247,12 +247,13 @@ api7:
# API7 Plugins Configuration
plugins:
# Rate limiting
rateLimit:
# AI Rate limiting (for /api route)
aiRateLimit:
enabled: true
count: 100
limit: 100
timeWindow: 60
apiCount: 1000 # Higher limit for API endpoints
rejectedCode: 429
limitStrategy: "total_tokens"
# CORS configuration
cors: