varnitgoyal95/deployment-portal-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8f192f76895af1debf2e29284782c40cb7ce4fdf
deployment-portal-be/templates/common_api_gateway.jsonnet
Ashvin S ef9cc1b0fc INFRA-2881 | Ashvin | Add support for multiple EFS (#818) 
* INFRA-2881 | Ashvin | Remove EFS flag from manifest and jsonnetfmt the directory

* INFRA-2881 | Ashvin | Support multiple EFS volumes

* INFRA-2881 | Ashvin | Add null field check and fix tests

* INFRA-2881 | Ashvin | Add EFS jsonschema for validation

* INFRA-2881 | Ashvin | Extract EFS required condition in a variable
2024-02-27 22:39:25 +05:30

214 lines
9.8 KiB
Jsonnet
Raw Blame History

//Imports
local chart = import 'chart.jsonnet';
local cluster_values = import 'cluster_values.jsonnet';
local common = import 'common.jsonnet';
local deployment_manifest = import 'deployment_manifest.jsonnet';
local load_balancer_util = import 'load_balancer_util.jsonnet';
local namespace_values = import 'namespace_values.jsonnet';
local port_map = import 'port_map.jsonnet';
local util = import 'util.jsonnet';
local deployment = deployment_manifest.deployment;
local create_gateway_ingress(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = {
local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName],
local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
local rateLimitIdentifier = '%s-%s-%s' % [environment, servicePrefix, typeIdentifier],
local pathName = if 'pathName' in gateway.gatewayAttributes[attributeIndex] then gateway.gatewayAttributes[attributeIndex].pathName,
local urlRewritePlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'sourceGatewayPath'))
&& (gateway.gatewayAttributes[attributeIndex].sourceGatewayPath != gateway.gatewayAttributes[attributeIndex].targetGatewayPath)
then commonResourceName + '-url-rewrite',
local externalAuthPlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'externalAuth') && typeIdentifier == 'external')
then (if gateway.gatewayAttributes[attributeIndex].externalAuth then resourceName + '-external-auth'),
local ipRestrictedPlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'whitelistedGatewayIps') && typeIdentifier == 'external')
then resourceName + '-ip-restriction',
local rateLimitRules = if 'rateLimitRules' in gateway.gatewayAttributes[attributeIndex]
then gateway.gatewayAttributes[attributeIndex].rateLimitRules else [],
local rateLimitPlugin = std.map(function(rule)
'%s-%s-%s-%s-%s' % [environment, servicePrefix, pathName, rule.name, 'rl'],
rateLimitRules),
local kongPluginsList = [
urlRewritePlugin,
ipRestrictedPlugin,
externalAuthPlugin,
(if typeIdentifier == 'external' then std.join(',', rateLimitPlugin)),
],
local filteresKongPluginsList = std.filter(function(plugin) plugin != null && std.length(plugin) > 0, kongPluginsList),
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
name: resourceName,
labels: common.labels {
Name: resourceName,
'gateway-resource-identifier': commonResourceName,
},
annotations: common.annotations {
[if filteresKongPluginsList != null && std.length(filteresKongPluginsList) > 0 then 'konghq.com/plugins']: std.join(',', filteresKongPluginsList),
'external-dns.alpha.kubernetes.io/exclude': 'true',
},
namespace: deployment_manifest.deployment.namespace,
},
spec: {
ingressClassName: 'kong-' + typeIdentifier,
rules: [
{
host: if (typeIdentifier == 'external') then gateway.commonApiGatewayUrl else gateway.internalCommonApiGatewayUrl,
http: {
paths: [
{
path: gateway.gatewayAttributes[attributeIndex].sourceGatewayPath,
pathType: 'ImplementationSpecific',
backend: {
service: {
name: serviceName,
port: {
number: port_map.getPort('serviceport'),
},
},
},
},
],
},
},
],
},
};
// This will be a common resource across internal & external gateways
local create_gateway_url_plugin(environment, servicePrefix, gateway, attributeIndex, serviceName) = {
local resourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
apiVersion: 'configuration.konghq.com/v1',
kind: 'KongPlugin',
metadata: {
name: resourceName + '-url-rewrite',
labels: common.labels {
Name: resourceName + '-url-rewrite',
'gateway-resource-identifier': resourceName,
},
namespace: deployment_manifest.deployment.namespace,
},
config: {
replace: {
uri: gateway.gatewayAttributes[attributeIndex].targetGatewayPath,
},
},
plugin: 'request-transformer',
};
local create_external_auth_plugin(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = {
local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName],
local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
local currentCluster = deployment_manifest.cluster,
local currentNamespace = deployment_manifest.deployment.namespace,
local configValues = cluster_values[deployment_manifest.cluster],
local configUrl = if currentNamespace in configValues
then configValues[currentNamespace].commonApiGateway.externalAuth.config.url
else configValues.default.commonApiGateway.externalAuth.config.url,
apiVersion: 'configuration.konghq.com/v1',
kind: 'KongPlugin',
metadata: {
name: resourceName + '-external-auth',
labels: common.labels {
Name: resourceName + '-external-auth',
'gateway-resource-identifier': resourceName,
},
namespace: currentNamespace,
},
config: {
url: configUrl,
},
plugin: 'external-auth',
};
// This will only be required for External Gateway
local create_gateway_ip_plugin(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = {
local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName],
local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
apiVersion: 'configuration.konghq.com/v1',
kind: 'KongPlugin',
metadata: {
name: resourceName + '-ip-restriction',
labels: common.labels {
Name: resourceName + '-ip-restriction',
'gateway-resource-identifier': commonResourceName,
},
namespace: deployment_manifest.deployment.namespace,
},
config: {
allow: std.split(std.strReplace(gateway.gatewayAttributes[attributeIndex].whitelistedGatewayIps, ' ', ''), ','),
},
plugin: 'ip-restriction',
};
// This is only for external api gateways currently.
local create_kong_rate_limiter(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = {
local resourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName],
local forTheGateway = gateway.gatewayAttributes[attributeIndex].sourceGatewayPath,
local rateLimitRules = if 'rateLimitRules' in gateway.gatewayAttributes[attributeIndex]
then gateway.gatewayAttributes[attributeIndex].rateLimitRules else [],
kongrules: [{
apiVersion: 'configuration.konghq.com/v1',
kind: 'KongPlugin',
plugin: 'rate-limiting',
metadata: {
name: resourceName + '-%s' % rule.name + '-rl', // shortening due 63 character limits
labels: common.labels {
'gateway-resource-identifier': resourceName,
},
},
config: {
minute: rule.limit,
limit_by: '%s' % rule.options,
[if rule.options == 'path' then 'path' else null]: '%s' % forTheGateway,
[if rule.options == 'header' then 'header_name' else null]: '%s' % rule.header,
},
} for rule in rateLimitRules],
};
local gateways = deployment.commonApiGateways;
local gatewaysLen = std.length(deployment.commonApiGateways);
std.map(
function(apiGatewayIndex) {
local gateway = gateways[apiGatewayIndex],
local serviceName = chart.full_service_name(deployment.name),
local servicePrefix = deployment.name,
local environment = deployment_manifest.environment,
local gatewayAttributeLen = std.length(gateway.gatewayAttributes),
local kongRateLimits = [
create_kong_rate_limiter(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName)
for attributeIndex in std.range(0, gatewayAttributeLen - 1)
if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'rateLimitRules'))
],
apiVersion: 'v1',
kind: 'List',
items: [create_gateway_ingress(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName) for attributeIndex in std.range(0, gatewayAttributeLen - 1)] +
[create_gateway_ingress(environment, servicePrefix, 'internal', gateway, attributeIndex, serviceName) for attributeIndex in std.range(0, gatewayAttributeLen - 1)] +
[
create_gateway_url_plugin(environment, servicePrefix, gateway, attributeIndex, serviceName)
for attributeIndex in std.range(0, gatewayAttributeLen - 1)
if (gateway.gatewayAttributes[attributeIndex].sourceGatewayPath != gateway.gatewayAttributes[attributeIndex].targetGatewayPath)
] +
[
create_gateway_ip_plugin(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName)
for attributeIndex in std.range(0, gatewayAttributeLen - 1)
if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'whitelistedGatewayIps'))
] +
[
create_external_auth_plugin(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName)
for attributeIndex in std.range(0, gatewayAttributeLen - 1)
if (gateway.gatewayAttributes[attributeIndex].externalAuth)
] +
if (std.length(kongRateLimits) > 0) then kongRateLimits[0].kongrules else [],
},
std.range(0, gatewaysLen - 1)
)
Reference in New Issue View Git Blame Copy Permalink