Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
06dd5456
Commit
06dd5456
authored
Aug 27, 2020
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add helm deployments and a Makefile for the rewrite example/test.
parent
7a52e844
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
479 additions
and
0 deletions
+479
-0
Makefile
examples/rewrite/Makefile
+73
-0
values.yaml
examples/rewrite/values.yaml
+406
-0
No files found.
examples/rewrite/Makefile
0 → 100644
View file @
06dd5456
# Copyright (c) 2020 UPLEX Nils Goroll Systemoptimierung
# All rights reserved
#
# Author: Geoffrey Simmons <geoffrey.simmons@uplex.de>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
# GNU make is required.
mkpath
:=
$
(
abspath
$
(
lastword
$(MAKEFILE_LIST)
))
mkdir
:=
$
(
dir
$(mkpath)
)
CHARTDIR
=
$(mkdir)
/../../charts
TESTDIR
=
$(mkdir)
/../../test
all
:
deploy
deploy-helm
:
@
helm
install
viking-ingress-rewrite
$(CHARTDIR)
/viking-test-app
\
--values
values.yaml
deploy-kubectl
:
@
kubectl apply
-f
$(mkdir)
/../hello/cafe.yaml
@
kubectl apply
-f
$(mkdir)
/../hello/cafe-ingress.yaml
@
kubectl apply
-f
rewrite.yaml
# TESTOPTS are passed to varnishtest, e.g.: make TESTOPTS=-v verify
verify
:
$(mkdir)
/verify.sh
wait
:
$(TESTDIR)
/wait.sh
app
=
varnish-ingress
uninstall-kubectl
:
@
kubectl delete
-f
rewrite.yaml
@
kubectl delete
-f
$(mkdir)
/../hello/cafe-ingress.yaml
@
kubectl delete
-f
$(mkdir)
/../hello/cafe.yaml
uninstall-helm
:
@
helm uninstall viking-ingress-rewrite
undeploy-kubectl
:
uninstall-kubectl wait
undeploy-helm
:
uninstall-helm wait
ifeq
($(DEPLOY),kubectl)
deploy
:
deploy-kubectl
undeploy
:
undeploy-kubectl
else
deploy
:
deploy-helm
undeploy
:
undeploy-helm
endif
.PHONY
:
all $(MAKECMDGOALS)
examples/rewrite/values.yaml
0 → 100644
View file @
06dd5456
apps
:
coffee
:
image
:
nginxdemos/hello:plain-text
replicas
:
2
tea
:
image
:
nginxdemos/hello:plain-text
replicas
:
3
ingress
:
name
:
cafe-ingress
rules
:
-
host
:
cafe.example.com
paths
:
-
path
:
/tea
app
:
tea
-
path
:
/coffee
app
:
coffee
vikingAdmSvc
:
varnish-ingress-admin
# rewrites is a non-empty array of rewrite specifications. Each
# element specifies a rewrite that is executed by the Varnish Service
# implementing Ingress.
#
# Each rewrite is executed in the VCL subroutine specified in the
# field vcl-sub; if vcl-sub is left out, the subroutine is inferred
# from the objects named in the target and source fields.
#
# If more than one rewrite is specified for the the same VCL subroutine,
# they are executed in the order in which they appear in this array.
rewrites
:
# Rewrite the URL path of the client request, so that other URL
# prefixes are used to route requests to the coffee-svc backend.
#
# When the source field is left out, it is implicitly equal to
# the target, so the rewrite is based on a match against the URL.
#
# compare:match specifies regex matching -- the source (implicitly
# req.url) is matched against the value fields in rules.
#
# method:sub specifies rewrite by substituting the first matching
# substring.
#
# anchor:start means that each regex is implicitly anchored at
# start-of-string, equivalent to prefixing each regex with ^.
#
# The vcl-sub field is left out, so this rewrite is executed in
# vcl_recv, since it applies only to req.url.
#
# When the URL matches a regex in one of the value fields of the
# rules, then substitute using the corresponding rewrite string,
# with \1 used to replace backreference 1.
-
target
:
req.url
compare
:
match
method
:
sub
rules
:
-
value
:
/espresso(/|$)
rewrite
:
/coffee\1
-
value
:
/capuccino(/|$)
rewrite
:
/coffee\1
-
value
:
/latte(/|$)
rewrite
:
/coffee\1
-
value
:
/macchiato(/|$)
rewrite
:
/coffee\1
-
value
:
/ristretto(/|$)
rewrite
:
/coffee\1
-
value
:
/americano(/|$)
rewrite
:
/coffee\1
match-flags
:
anchor
:
start
# Similar to the previous rewrite, this one rewrites URL prefixes
# so that the requests are routed to the tea-svc backend.
#
# In this case, compare:prefix is used to indicate fixed prefix
# matching -- req.url matches if it has a prefix equal to one of
# the values in the rules. With prefix, matches are always fixed
# at start-of-string.
#
# This configuration is simpler than the one above. But note that
# it does not prevent rewrites for matches that do end in / or
# end-of-string; for example, /chain/link is rewritten as /tean/link.
-
target
:
req.url
compare
:
prefix
rules
:
-
value
:
/camomille
rewrite
:
/tea
-
value
:
/earl-grey
rewrite
:
/tea
-
value
:
/chai
rewrite
:
/tea
-
value
:
/green
rewrite
:
/tea
-
value
:
/hibiscus
rewrite
:
/tea
-
value
:
/oolong
rewrite
:
/tea
method
:
sub
# Replace certain values of the client request header Host so that
# they may be routed by the Ingress (which specifies cafe.example.com).
#
# The source field is again left out, and is hence implicitly equal
# to the target -- the client request header Host is rewritten.
#
# Since vcl-sub is again left out, the rewrite is executed in vcl_recv,
# since it applies only to a client request header.
#
# compare:equal specifies fixed string equality -- a Host header matches
# if it is exactly equal to one of the values in the rules.
#
# method:replace means that the headers value is overwritten by the
# string in rewrite that corresponds to the match.
-
target
:
req.http.Host
compare
:
equal
rules
:
-
value
:
my-cafe.com
rewrite
:
cafe.example.com
-
value
:
my-example.com
rewrite
:
cafe.example.com
-
value
:
ingress.example.com
rewrite
:
cafe.example.com
-
value
:
varnish.example.com
rewrite
:
cafe.example.com
-
value
:
atomic-cafe.com
rewrite
:
cafe.example.com
method
:
replace
# Extract the value of a cookie into a client response header.
#
# The compare field is left out, and hence implicitly specifies
# regex matching.
#
# source:req.http.Cookie means that the regex in the value field
# is match against the client request header Cookie, and the
# backreference refers to the captured portion of the match.
#
# target:resp.http.Session-Token means that the result of the
# rewrite is written to the client response header Session-Token.
#
# Since vcl-sub is left out, the rewrite is executed in vcl_deliver,
# since the target is a client response header.
#
# method:rewrite means that backref \1, specified in the rewrite
# field, is written to the Session-Token header, and unmatched
# portions of the Cookie header are ignored.
-
target
:
resp.http.Session-Token
source
:
req.http.Cookie
rules
:
-
value
:
\bmysession\s*=\s*([^,;[:space:]]+)
rewrite
:
\1
method
:
rewrite
# The next sequence implements a common use case for Varnish: write
# a value to the client request and response headers X-Cache to
# reflect the cache disposition of the request -- hit, miss or pass.
#
# The vcl-sub fields specify the VCL subroutines in which the
# rewrites are executed. Since the target in the fourth rewrite is
# the client response header, it is executed in vcl_deliver.
#
# method:replace means that the value of the target is overwritten.
#
# The first three rewrites specify exactly one rule, each with no
# value field. This means that the string in the corresponding
# rewrite field is written as the new value of the header.
#
# The fourth rewrite specifies replace with the request header as
# source and the response header as target, meaning that the value
# of the response header is set to the value of the request header.
-
target
:
req.http.X-Cache
vcl-sub
:
hit
rules
:
-
rewrite
:
HIT
method
:
replace
-
target
:
req.http.X-Cache
vcl-sub
:
miss
rules
:
-
rewrite
:
MISS
method
:
replace
-
target
:
req.http.X-Cache
vcl-sub
:
pass
rules
:
-
rewrite
:
PASS
method
:
replace
-
target
:
resp.http.X-Cache
source
:
req.http.X-Cache
method
:
replace
# Rewrite the backend request URL path by exchanging the next two path
# components after /coffee/, if the URL begins with /coffee/.
# For example, /coffee/cream/sugar is rewritten as /coffee/sugar/cream.
#
# method:rewrite means that the URL is rewritten as given in the rewrite
# field of the rule, and non-matching parts of the URL are ignored.
-
target
:
bereq.url
rules
:
-
value
:
^/coffee/([^/]+)/([^/]+)(.*)
rewrite
:
/coffee/\2/\1\3
method
:
rewrite
# Unconditionally delete the client response header Server.
-
target
:
resp.http.Server
method
:
delete
# Delete the client response header Via if the client request header
# Delete-Via matches (case-insensitively) one of the strings given
# as a value in the rules.
-
target
:
resp.http.Via
method
:
delete
source
:
req.http.Delete-Via
compare
:
equal
rules
:
-
value
:
"
true"
-
value
:
"
yes"
-
value
:
"
on"
-
value
:
"
1"
match-flags
:
case-sensitive
:
false
# To unconditionally write the value of one header to another, specify
# method:replace with no rules, and specify the headers as source and
# target.
#
# In other words: set Replace-Hdr-Target = Replace-Hdr-Src
-
target
:
resp.http.Replace-Hdr-Target
source
:
req.http.Replace-Hdr-Src
method
:
replace
# To write a fixed string to a header, specify method:replace with no
# source, and exactly one rule with no value field, and the fixed
# string in the rewrite field.
#
# That is: set Replace-String-Target = "ReplaceString"
-
target
:
resp.http.Replace-String-Target
rules
:
-
rewrite
:
ReplaceString
method
:
replace
# method:append concatenates a string after another one, and writes the
# result to the target.
#
# This specification appends the fixed string "AppendString" after the
# value of the client request header Append-String-Src, and assigns
# the result to the client response header Append-String-Target.
#
# That is: set Append-String-Target = Append-String-Src + "AppendString"
#
# Since the rule has no value field, the append is executed
# unconditionally, even if there is no client request header
# Append-String-Src. In that case, just the string "AppendString"
# is assigned to the response header.
-
target
:
resp.http.Append-String-Target
source
:
req.http.Append-String-Src
rules
:
-
rewrite
:
AppendString
method
:
append
# Like the rule above, but the append is only executed if the source
# (the client request header) matches the regex in value.
#
# Since the regex is just . (match any character), this has the effect
# of only executing the append if the request header exists and is
# non-empty.
#
# In other words:
# if (request header Append-Rule-Src exists),
# then set Append-Rule-Target = Append-Rule-Src + "AppendString"
-
target
:
resp.http.Append-Rule-Target
source
:
req.http.Append-Rule-Src
rules
:
-
value
:
.
rewrite
:
AppendString
method
:
append
# If no rules are specified with method:append, then the value of the
# the source is appended to the value of target, and the result is
# assigned to the target. In other words:
#
# set Append-Hdr-Target = Append-Hdr-Target + Append-Hdr-Src
-
target
:
req.http.Append-Hdr-Target
source
:
req.http.Append-Hdr-Src
method
:
append
# method:prepend reverses the order of concatentation. So this
# specification is similar to the unconditional append shown above:
#
# set Prepend-String-Target = "PrependString" + Prepend-String-Src
#
# If there is no client request header Prepend-String-Src, then just
# assign the string "PrependString" to the client response header
# Prepend-String-Target.
-
target
:
resp.http.Prepend-String-Target
source
:
req.http.Prepend-String-Src
rules
:
-
rewrite
:
PrependString
method
:
prepend
# Like the conditional append shown above: execute the prepend, but
# only if the header specified as source matches the value in the
# rule; or in other words, only if the source header exists and is
# non-empty:
#
# if (Prepend-Rule-Src exists and is non-empty),
# then: set Prepend-Rule-Target = "PrependString" + Prepend-Rule-Src
-
target
:
resp.http.Prepend-Rule-Target
source
:
req.http.Prepend-Rule-Src
rules
:
-
value
:
.
rewrite
:
PrependString
method
:
prepend
# Prepend the source header to the target:
#
# set Prepend-Hdr-Target = Prepend-Hdr-Src + Prepend-Hdr-Target
-
target
:
req.http.Prepend-Hdr-Target
source
:
req.http.Prepend-Hdr-Src
method
:
prepend
# The remaining examples illustrate the use of the select field to
# specify the rewrite rule when more than one value in a rule may
# match the source.
#
# This example sets the client response header Select-First to one
# of the fixed strings in a rewrite field, depending on which prefix
# matches the client request URL path.
#
# If the URL has a matching prefix, then select:first means that the
# the first matching value in the rules array is chosen, and the
# string from the corresponding rewrite field is assigned.
#
# For example, the URL /tea/foo/bar/4711 matches the regexen in the
# last two rules. Since select:first is specified, assign the string
# "Bar" to the header.
-
target
:
resp.http.Select-First
source
:
req.url
rules
:
-
value
:
/tea/foo/bar/baz/quux
rewrite
:
Quux
-
value
:
/tea/foo/bar/baz
rewrite
:
Baz
-
value
:
/tea/foo/bar
rewrite
:
Bar
-
value
:
/tea/foo
rewrite
:
Foo
compare
:
prefix
method
:
replace
select
:
first
# This example is similar to the previous one, but select:longest
# means that the longest prefix that matches the URL in one of the
# rules is chosen, and the corresponding value of rewrite is
# assigned to the header.
#
# The effects are the same, but do not depend on the order of rules
# in the rules array.
-
target
:
resp.http.Select-Longest
source
:
req.url
rules
:
-
value
:
/tea/foo
rewrite
:
Foo
-
value
:
/tea/foo/bar/baz
rewrite
:
Baz
-
value
:
/tea/foo/bar
rewrite
:
Bar
-
value
:
/tea/foo/bar/baz/quux
rewrite
:
Quux
compare
:
prefix
method
:
replace
select
:
longest
# In this example, the value of a cookie is extracted from the
# Cookie request header, and a string with the extracted value
# is assigned to the client response header Cookie-Select.
#
# select:last means that if more than one pattern in the rules
# array matches the Cookie header, then choose the matching pattern
# that appears last in the rules array. The value assigned to
# Cookie-Select is formed from the corresponding rewrite pattern.
#
# Examples: if the Cookie header has this value:
# Cookie: cookie2=val2; cookie3=val3; cookie1=val1
# then "cookie3:val3" is assigned to Cookie-Select.
#
# If the Cookie header has this value:
# Cookie: cookie3=val3; cookie4=val4
# then "cookie4:val4" is assigned to Cookie-Select.
-
target
:
resp.http.Cookie-Select
source
:
req.http.Cookie
rules
:
-
value
:
\bcookie1\s*=\s*([^,;[:space:]]+)
rewrite
:
cookie1:\1
-
value
:
\bcookie2\s*=\s*([^,;[:space:]]+)
rewrite
:
cookie2:\1
-
value
:
\bcookie3\s*=\s*([^,;[:space:]]+)
rewrite
:
cookie3:\1
-
value
:
\bcookie4\s*=\s*([^,;[:space:]]+)
rewrite
:
cookie4:\1
-
value
:
\bcookie5\s*=\s*([^,;[:space:]]+)
rewrite
:
cookie5:\1
method
:
rewrite
select
:
last
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment