forked from 3scale/APIcast
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstandalone.yml
174 lines (150 loc) · 4.22 KB
/
standalone.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
global:
log_level: debug
error_log: stderr
access_log: stdout
opentracing_tracer: jaeger
upstream:
load_balancer: least_conn
retry: 5xx
retry_times: 3
# we can pretend this would be nested inside `servers` block in the future
server:
# nginx config options like client_body_timeout or send_timeout
listen:
- port: 8090
name: management
- port: 8081
name: echo # and also fake backend
- port: 8080
name: default # default would be the default name
- port: 8089
name: default # default would be the default name
proxy_protocol: true
- port: 8443
# name: default # several listen could have the same name
protocol: http2 # | spdy | http
tls: true
- port: 8444
name: default
protocol: http2 # | spdy | http
proxy_protocol: true
tls:
protocols: TLSv1.3
# those two could be the defaults as policies have ssl_certificate phase
certificate: conf/server.crt
certificate_key: conf/server.key
ciphers: "HIGH:!aNULL:!MD5"
- port: 9421
name: prometheus
tls:
protocols: TLSv1.3
# those two could be the defaults as policies have ssl_certificate phase
certificate: conf/server.crt
certificate_key: conf/server.key
ciphers:
- HIGH
- "!aNULL"
- "!MD5"
routes:
- # Route object
name: management
match:
# Condition DSL to be defined by Rate limit policy and Conditional policy evaluation
server_port: management # otherwise would match the default
destination: # Destination DSL, AB testing, traffic split, etc. to be extended in the future
service: management
policy_chain: management
upstream: management
- name: echo
match:
server_port: echo # otherwise would match the default
destination:
service: echo
- match:
server_port: prometheus
routes:
- match:
uri_path: '/metrics'
http_method: 'GET'
destination:
service: prometheus
- match:
http_method: 'POST'
destination:
http_response: 405
# I'd like to treat this as a route tree.
# If it matches all conditions of this rule then we can route it deeper.
# But if it does not match the child rules we should reject the request with 404 (or with some other policy).
destination:
service: not_found
- match:
http_host: auth.example.com
destination:
service: auth-server
- match:
server_port: default # could be ommited, default would be the default
destination:
service: 3scale
- match:
always: true
destination:
service: not_found
internal: # TODO: if we can figure out better name than "service" we would make our life much easier, vhost?
- name: auth-server
policy_chain:
- policy: example.authentication.server
configuration:
redis: external://redis
- name: 3scale
policy_chain:
- policy: apicast.policy.load_configuration
- policy: apicast.policy.find_service
- policy: apicast.policy.local_chain
- name: simple
policy_chain:
- policy: example.authentication.client
configuration:
server: internal://auth-server
upstream: http://echo-api.3scale.net
- name: echo
policy_chain:
- logging
# - echo
# upstream: http://echo-api.3scale.net
upstream: external://echo
- name: backend # this is fake backend
policy_chain:
- echo
- name: management
policy_chain:
- policy: apicast.policy.management
configuration:
mode: debug
- name: prometheus
policy_chain:
- policy: apicast.policy.prometheus
- name: echo
policy_chain:
- policy: apicast.policy.cors
configuration:
allow_methods: GET
allow_origin: '*'
- policy: apicast.policy.echo
- name: logging
policy_chain:
- policy: log
configuration:
url: syslog://localhost
fields: url, path, client_ip
external: # kind of like egress, but it could also be an internal service
# an abstraction for stubbing out external services with policies (fake backend vs external service)
- name: backend
server: https://su1.3scale.net
load_balancer: least_conn
- name: echo
server: https://echo-api.3scale.net
load_balancer: least_conn
- name: redis
server: tcp://localhost:6879
load_balancer: least_conn
retries: 3