Merge branch 'main' of ssh://git.commandware.com:2222/demos/api7-demo

Refactor ADC config to use AI rate limiting for /api route
2025-10-07 15:02:32 +02:00 · 2025-10-07 15:01:22 +02:00
4 changed files with 245 additions and 84 deletions
--- a/adc.yaml
+++ b/adc.yaml
@@ -0,0 +1,50 @@
+services:
+  - name: apache-service
+    hosts:
+      - commandware.it
+    upstream:
+      name: apache-upstream
+      scheme: http
+      type: roundrobin
+      nodes:
+        - host: apache-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+    routes:
+      - name: apache-route
+        uris:
+          - /*
+        vars:
+          - - uri
+            - "~~"
+            - "^(?!/api)"
+        priority: 1
+        plugins:
+          redirect:
+            http_to_https: true
+
+  - name: nginx-api-service
+    hosts:
+      - commandware.it
+    upstream:
+      name: nginx-upstream
+      scheme: http
+      type: roundrobin
+      nodes:
+        - host: nginx-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+    routes:
+      - name: nginx-api-route
+        uris:
+          - /api
+          - /api/*
+        priority: 10
+        plugins:
+          redirect:
+            http_to_https: true
+          ai-rate-limiting:
+            limit: 100
+            time_window: 60
+            rejected_code: 429
+            limit_strategy: "total_tokens"
--- a/diff.yaml
+++ b/diff.yaml
@@ -0,0 +1,164 @@
+- resourceType: route
+  type: update
+  resourceId: 300352210d490360aa898cc92cc1ebd72eaaa51a
+  resourceName: apache-route
+  oldValue:
+    uris:
+      - /*
+    name: apache-route
+    plugins:
+      redirect:
+        http_to_https: true
+    priority: 1
+    vars:
+      - - uri
+        - ~~
+        - ^(?!/api)
+  newValue:
+    name: apache-route
+    hosts:
+      - commandware.it
+    uris:
+      - /*
+    priority: 1
+    vars:
+      - - uri
+        - ~~
+        - ^(?!/api)
+    plugins:
+      redirect:
+        http_to_https: true
+  diff:
+    - kind: 'N'
+      path:
+        - hosts
+      rhs:
+        - commandware.it
+  parentId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
+- resourceType: route
+  type: update
+  resourceId: 1704231ea22866bfc59bf5bc58efb578c6e4cb1a
+  resourceName: nginx-api-route
+  oldValue:
+    uris:
+      - /api
+      - /api/*
+    name: nginx-api-route
+    plugins:
+      ai-rate-limiting:
+        limit: 100
+        limit_strategy: total_tokens
+        rejected_code: 429
+        time_window: 60
+      redirect:
+        http_to_https: true
+    priority: 10
+  newValue:
+    name: nginx-api-route
+    hosts:
+      - commandware.it
+    uris:
+      - /api
+      - /api/*
+    priority: 10
+    plugins:
+      redirect:
+        http_to_https: true
+      ai-rate-limiting:
+        limit: 100
+        time_window: 60
+        rejected_code: 429
+        limit_strategy: total_tokens
+  diff:
+    - kind: 'N'
+      path:
+        - hosts
+      rhs:
+        - commandware.it
+  parentId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
+- resourceType: service
+  type: update
+  resourceId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
+  resourceName: apache-service
+  oldValue:
+    name: apache-service
+    upstream:
+      name: apache-upstream
+      type: roundrobin
+      hash_on: vars
+      nodes:
+        - host: apache-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+          priority: 0
+      scheme: http
+      retry_timeout: 0
+      pass_host: pass
+    strip_path_prefix: true
+  newValue:
+    name: apache-service
+    upstream:
+      name: apache-upstream
+      type: roundrobin
+      nodes:
+        - host: apache-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+          priority: 0
+      scheme: http
+      pass_host: pass
+    strip_path_prefix: true
+  diff:
+    - kind: D
+      path:
+        - upstream
+        - hash_on
+      lhs: vars
+    - kind: D
+      path:
+        - upstream
+        - retry_timeout
+      lhs: 0
+- resourceType: service
+  type: update
+  resourceId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
+  resourceName: nginx-api-service
+  oldValue:
+    name: nginx-api-service
+    upstream:
+      name: nginx-upstream
+      type: roundrobin
+      hash_on: vars
+      nodes:
+        - host: nginx-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+          priority: 0
+      scheme: http
+      retry_timeout: 0
+      pass_host: pass
+    strip_path_prefix: true
+  newValue:
+    name: nginx-api-service
+    upstream:
+      name: nginx-upstream
+      type: roundrobin
+      nodes:
+        - host: nginx-service.api7ee.svc.cluster.local
+          port: 80
+          weight: 100
+          priority: 0
+      scheme: http
+      pass_host: pass
+    strip_path_prefix: true
+  diff:
+    - kind: D
+      path:
+        - upstream
+        - hash_on
+      lhs: vars
+    - kind: D
+      path:
+        - upstream
+        - retry_timeout
+      lhs: 0
--- a/helm/api7ee-demo-k8s/templates/configmap-adc.yaml
+++ b/helm/api7ee-demo-k8s/templates/configmap-adc.yaml
@@ -9,115 +9,61 @@ metadata:
 data:
  adc-config.yaml: |
    services:
-      {{- if .Values.web.enabled }}
-      - name: web-service
+      - name: apache-service
+        hosts:
+          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
-          name: web-upstream
+          name: apache-upstream
          scheme: http
          type: roundrobin
-          {{- if .Values.api7.serviceDiscovery.enabled }}
-          discovery_type: kubernetes
-          service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-web:http
-          {{- else }}
          nodes:
-            - host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
-              port: {{ .Values.web.service.port }}
+            - host: apache-service.{{ .Release.Namespace }}.svc.cluster.local
+              port: 80
              weight: 100
-          {{- end }}
        routes:
-          - name: web-route
+          - name: apache-route
            uris:
              - /*
-            hosts:
-              {{- range .Values.api7.hosts }}
-              - {{ . | quote }}
-              {{- end }}
-            priority: 0
+            vars:
+              - - uri
+                - "~~"
+                - "^(?!/api)"
+            priority: 1
            plugins:
              {{- if .Values.api7.tls.enabled }}
              redirect:
                http_to_https: true
              {{- end }}
-              {{- if .Values.api7.plugins.rateLimit.enabled }}
-              limit-count:
-                count: {{ .Values.api7.plugins.rateLimit.count }}
-                time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
-                rejected_code: 429
-              {{- end }}
-              {{- if .Values.api7.plugins.cors.enabled }}
-              cors:
-                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
-                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
-                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
-                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
-                max_age: {{ .Values.api7.plugins.cors.maxAge }}
-                allow_credentials: {{ .Values.api7.plugins.cors.allowCredentials }}
-              {{- end }}
-      {{- end }}

-      {{- if .Values.api.enabled }}
-      - name: api-service
+      - name: nginx-api-service
+        hosts:
+          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
-          name: api-upstream
+          name: nginx-upstream
          scheme: http
          type: roundrobin
-          {{- if .Values.api7.serviceDiscovery.enabled }}
-          discovery_type: kubernetes
-          service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-api:http
-          {{- else }}
          nodes:
-            - host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
-              port: {{ .Values.api.service.port }}
+            - host: nginx-service.{{ .Release.Namespace }}.svc.cluster.local
+              port: 80
              weight: 100
-          {{- end }}
        routes:
-          - name: api-route
+          - name: nginx-api-route
            uris:
              - /api
              - /api/*
-            hosts:
-              {{- range .Values.api7.hosts }}
-              - {{ . | quote }}
-              {{- end }}
            priority: 10
            plugins:
              {{- if .Values.api7.tls.enabled }}
              redirect:
                http_to_https: true
              {{- end }}
-              proxy-rewrite:
-                regex_uri:
-                  - ^/api/(.*)
-                  - /$1
-              {{- if .Values.api7.plugins.rateLimit.enabled }}
-              limit-count:
-                count: {{ .Values.api7.plugins.rateLimit.apiCount | default .Values.api7.plugins.rateLimit.count }}
-                time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
-                rejected_code: 429
+              {{- if .Values.api7.plugins.aiRateLimit.enabled }}
+              ai-rate-limiting:
+                limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
+                time_window: {{ .Values.api7.plugins.aiRateLimit.timeWindow }}
+                rejected_code: {{ .Values.api7.plugins.aiRateLimit.rejectedCode }}
+                limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
              {{- end }}
-              {{- if .Values.api7.plugins.auth.enabled }}
-              key-auth:
-                header: {{ .Values.api7.plugins.auth.header | default "X-API-Key" }}
-              {{- end }}
-      {{- end }}
-
-    {{- if .Values.api7.tls.enabled }}
-    ssls:
-      - snis:
-          {{- range .Values.api7.hosts }}
-          - {{ . | quote }}
-          {{- end }}
-        certificates:
-          {{- if .Values.api7.tls.certManager.enabled }}
-          - certificate: /etc/ssl/certs/tls.crt
-            key: /etc/ssl/certs/tls.key
-          {{- else if .Values.api7.tls.certificate }}
-          - certificate: |
-              {{ .Values.api7.tls.certificate | nindent 14 }}
-            key: |
-              {{ .Values.api7.tls.key | nindent 14 }}
-          {{- end }}
-    {{- end }}

    {{- if .Values.api7.plugins.auth.enabled }}
    consumers:
@@ -144,4 +90,4 @@ data:
            batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
            inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
      {{- end }}
-{{- end }}
+{{- end }}
--- a/helm/api7ee-demo-k8s/values.yaml
+++ b/helm/api7ee-demo-k8s/values.yaml
@@ -247,12 +247,13 @@ api7:

  # API7 Plugins Configuration
  plugins:
-    # Rate limiting
-    rateLimit:
+    # AI Rate limiting (for /api route)
+    aiRateLimit:
      enabled: true
-      count: 100
+      limit: 100
      timeWindow: 60
-      apiCount: 1000 # Higher limit for API endpoints
+      rejectedCode: 429
+      limitStrategy: "total_tokens"

    # CORS configuration
    cors:
Author	SHA1	Message	Date
d.viti	78baa5ad21	Merge branch 'main' of ssh://git.commandware.com:2222/demos/api7-demo All checks were successful Helm Chart Build / lint-only (push) Has been skipped Details Helm Chart Build / build-helm (push) Successful in 8s Details Build and Deploy / build-web (push) Successful in 25s Details Build and Deploy / build-api (push) Successful in 24s Details	2025-10-07 15:02:32 +02:00
d.viti	e156b7c7a1	Refactor ADC config to use AI rate limiting for /api route	2025-10-07 15:01:22 +02:00