demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: demos:b926845dbfa5de7dcac61f7f013f50afa9551c68
Branches Tags
demos:main
...
compare: demos:78baa5ad2179a69b0f76c231d7de65ac9ffc0acf
Branches Tags
demos:main

2 Commits
b926845dbf ... 78baa5ad21

Author SHA1 Message Date
d.viti
78baa5ad21 Merge branch 'main' of ssh://git.commandware.com:2222/demos/api7-demo
All checks were successful
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Successful in 8s
Details
Build and Deploy / build-web (push) Successful in 25s
Details
Build and Deploy / build-api (push) Successful in 24s
Details
2025-10-07 15:02:32 +02:00
d.viti
e156b7c7a1 Refactor ADC config to use AI rate limiting for /api route 2025-10-07 15:01:22 +02:00
4 changed files with 245 additions and 84 deletions
Expand all files Collapse all files

50
adc.yaml Normal file
View File

@@ -0,0 +1,50 @@
services:
- name: apache-service
hosts:
- commandware.it
upstream:
name: apache-upstream
scheme: http
type: roundrobin
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
routes:
- name: apache-route
uris:
- /*
vars:
- - uri
- "~~"
- "^(?!/api)"
priority: 1
plugins:
redirect:
http_to_https: true
- name: nginx-api-service
hosts:
- commandware.it
upstream:
name: nginx-upstream
scheme: http
type: roundrobin
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
routes:
- name: nginx-api-route
uris:
- /api
- /api/*
priority: 10
plugins:
redirect:
http_to_https: true
ai-rate-limiting:
limit: 100
time_window: 60
rejected_code: 429
limit_strategy: "total_tokens"

164
diff.yaml Normal file
View File

@@ -0,0 +1,164 @@
- resourceType: route
type: update
resourceId: 300352210d490360aa898cc92cc1ebd72eaaa51a
resourceName: apache-route
oldValue:
uris:
- /*
name: apache-route
plugins:
redirect:
http_to_https: true
priority: 1
vars:
- - uri
- ~~
- ^(?!/api)
newValue:
name: apache-route
hosts:
- commandware.it
uris:
- /*
priority: 1
vars:
- - uri
- ~~
- ^(?!/api)
plugins:
redirect:
http_to_https: true
diff:
- kind: 'N'
path:
- hosts
rhs:
- commandware.it
parentId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
- resourceType: route
type: update
resourceId: 1704231ea22866bfc59bf5bc58efb578c6e4cb1a
resourceName: nginx-api-route
oldValue:
uris:
- /api
- /api/*
name: nginx-api-route
plugins:
ai-rate-limiting:
limit: 100
limit_strategy: total_tokens
rejected_code: 429
time_window: 60
redirect:
http_to_https: true
priority: 10
newValue:
name: nginx-api-route
hosts:
- commandware.it
uris:
- /api
- /api/*
priority: 10
plugins:
redirect:
http_to_https: true
ai-rate-limiting:
limit: 100
time_window: 60
rejected_code: 429
limit_strategy: total_tokens
diff:
- kind: 'N'
path:
- hosts
rhs:
- commandware.it
parentId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
- resourceType: service
type: update
resourceId: d67f707ab99345fbe8bf7e21a73b7c0136ad5a27
resourceName: apache-service
oldValue:
name: apache-service
upstream:
name: apache-upstream
type: roundrobin
hash_on: vars
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
retry_timeout: 0
pass_host: pass
strip_path_prefix: true
newValue:
name: apache-service
upstream:
name: apache-upstream
type: roundrobin
nodes:
- host: apache-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
pass_host: pass
strip_path_prefix: true
diff:
- kind: D
path:
- upstream
- hash_on
lhs: vars
- kind: D
path:
- upstream
- retry_timeout
lhs: 0
- resourceType: service
type: update
resourceId: c87a0166e1c37ecfd013d6e5db2dbec88b710939
resourceName: nginx-api-service
oldValue:
name: nginx-api-service
upstream:
name: nginx-upstream
type: roundrobin
hash_on: vars
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
retry_timeout: 0
pass_host: pass
strip_path_prefix: true
newValue:
name: nginx-api-service
upstream:
name: nginx-upstream
type: roundrobin
nodes:
- host: nginx-service.api7ee.svc.cluster.local
port: 80
weight: 100
priority: 0
scheme: http
pass_host: pass
strip_path_prefix: true
diff:
- kind: D
path:
- upstream
- hash_on
lhs: vars
- kind: D
path:
- upstream
- retry_timeout
lhs: 0

106
helm/api7ee-demo-k8s/templates/configmap-adc.yaml
View File

@@ -9,115 +9,61 @@ metadata:
data: data:
adc-config.yaml: | adc-config.yaml: |
services: services:
{{- if .Values.web.enabled }} - name: apache-service
- name: web-service hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream: upstream:
name: web-upstream name: apache-upstream
scheme: http scheme: http
type: roundrobin type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-web:http
{{- else }}
nodes: nodes:
- host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local - host: apache-service.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.web.service.port }} port: 80
weight: 100 weight: 100
{{- end }}
routes: routes:
- name: web-route - name: apache-route
uris: uris:
- /* - /*
hosts: vars:
{{- range .Values.api7.hosts }} - - uri
- {{ . | quote }} - "~~"
{{- end }} - "^(?!/api)"
priority: 0 priority: 1
plugins: plugins:
{{- if .Values.api7.tls.enabled }} {{- if .Values.api7.tls.enabled }}
redirect: redirect:
http_to_https: true http_to_https: true
{{- end }} {{- end }}
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credentials: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
{{- end }}
{{- if .Values.api.enabled }} - name: nginx-api-service
- name: api-service hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream: upstream:
name: api-upstream name: nginx-upstream
scheme: http scheme: http
type: roundrobin type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-api:http
{{- else }}
nodes: nodes:
- host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local - host: nginx-service.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.api.service.port }} port: 80
weight: 100 weight: 100
{{- end }}
routes: routes:
- name: api-route - name: nginx-api-route
uris: uris:
- /api - /api
- /api/* - /api/*
hosts:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
priority: 10 priority: 10
plugins: plugins:
{{- if .Values.api7.tls.enabled }} {{- if .Values.api7.tls.enabled }}
redirect: redirect:
http_to_https: true http_to_https: true
{{- end }} {{- end }}
proxy-rewrite: {{- if .Values.api7.plugins.aiRateLimit.enabled }}
regex_uri: ai-rate-limiting:
- ^/api/(.*) limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
- /$1 time_window: {{ .Values.api7.plugins.aiRateLimit.timeWindow }}
{{- if .Values.api7.plugins.rateLimit.enabled }} rejected_code: {{ .Values.api7.plugins.aiRateLimit.rejectedCode }}
limit-count: limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
count: {{ .Values.api7.plugins.rateLimit.apiCount | default .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- end }} {{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
key-auth:
header: {{ .Values.api7.plugins.auth.header | default "X-API-Key" }}
{{- end }}
{{- end }}
{{- if .Values.api7.tls.enabled }}
ssls:
- snis:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
certificates:
{{- if .Values.api7.tls.certManager.enabled }}
- certificate: /etc/ssl/certs/tls.crt
key: /etc/ssl/certs/tls.key
{{- else if .Values.api7.tls.certificate }}
- certificate: |
{{ .Values.api7.tls.certificate | nindent 14 }}
key: |
{{ .Values.api7.tls.key | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }} {{- if .Values.api7.plugins.auth.enabled }}
consumers: consumers:
@@ -144,4 +90,4 @@ data:
batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }} batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }} inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

9
helm/api7ee-demo-k8s/values.yaml
View File

@@ -247,12 +247,13 @@ api7:
# API7 Plugins Configuration # API7 Plugins Configuration
plugins: plugins:
# Rate limiting # AI Rate limiting (for /api route)
rateLimit: aiRateLimit:
enabled: true enabled: true
count: 100 limit: 100
timeWindow: 60 timeWindow: 60
apiCount: 1000 # Higher limit for API endpoints rejectedCode: 429
limitStrategy: "total_tokens"
# CORS configuration # CORS configuration
cors: cors: