diff --git a/.gitignore b/.gitignore index 19217f4e8..cd75da4de 100644 --- a/.gitignore +++ b/.gitignore @@ -24,10 +24,17 @@ _testmain.go *.test *.prof +# Apple cruft +.DS_Store + # for this repo only deck dist/ docs/cli-docs/ -# vscode editor files -.vscode/ \ No newline at end of file +# editor files +.vscode/ +.idea/ + +# generated test 'actuals' +kong2kic/testdata/**/*-actual.* diff --git a/cmd/file_kong2kic.go b/cmd/file_kong2kic.go new file mode 100644 index 000000000..52e637ed5 --- /dev/null +++ b/cmd/file_kong2kic.go @@ -0,0 +1,126 @@ +package cmd + +import ( + "fmt" + "log" + "strings" + + "github.com/kong/deck/kong2kic" + "github.com/kong/go-apiops/logbasics" + "github.com/kong/go-database-reconciler/pkg/file" + "github.com/spf13/cobra" +) + +var ( + cmdKong2KicInputFilename string + cmdKong2KicOutputFilename string + cmdKong2KicOutputFormat string + cmdKong2KicClassName string + cmdKong2KicIngress bool + cmdKong2KicVersion string +) + +// Executes the CLI command "kong2kic" +func executeKong2Kic(cmd *cobra.Command, _ []string) error { + _ = sendAnalytics("file-kong2kic", "", modeLocal) + var ( + outputContent *file.Content + err error + outputFileFormat file.Format + yamlOrJSON string + ) + + kong2kic.ClassName = cmdKong2KicClassName + verbosity, _ := cmd.Flags().GetInt("verbose") + logbasics.Initialize(log.LstdFlags, verbosity) + + inputContent, err := file.GetContentFromFiles([]string{cmdKong2KicInputFilename}, false) + if err != nil { + return fmt.Errorf("failed reading input file '%s'; %w", cmdKong2KicInputFilename, err) + } + + outputFileFormat, yamlOrJSON, err = validateInput(cmdKong2KicOutputFormat) + if err != nil { + return err + } + + outputContent = inputContent.DeepCopy() + err = kong2kic.WriteContentToFile(outputContent, cmdKong2KicOutputFilename, outputFileFormat, yamlOrJSON) + if err != nil { + return fmt.Errorf("failed converting Kong to Ingress '%s'; %w", cmdKong2KicInputFilename, err) + } + + return nil +} + +func validateInput(cmdKong2KicOutputFormat string) ( + outputFileFormat file.Format, + yamlOrJSON string, + err error, +) { + outputFormat := strings.ToUpper(cmdKong2KicOutputFormat) + version := cmdKong2KicVersion + ingress := cmdKong2KicIngress + + // if cmdKong2KicVersion is not 2 or 3 set an error + if version != "2" && version != "3" { + err = fmt.Errorf("invalid KIC version '%s'. Please use --help for more information", version) + } else { + switch { + case version == "3" && !ingress: + outputFileFormat = kong2kic.KICV3GATEWAY + case version == "3" && ingress: + outputFileFormat = kong2kic.KICV3INGRESS + case version == "2" && !ingress: + outputFileFormat = kong2kic.KICV2GATEWAY + case version == "2" && ingress: + outputFileFormat = kong2kic.KICV2INGRESS + default: + err = fmt.Errorf("invalid combination of parameters. Please use --help for more information") + } + + if outputFormat == file.YAML { + yamlOrJSON = file.YAML + } else if outputFormat == file.JSON { + yamlOrJSON = file.JSON + } + } + + return outputFileFormat, yamlOrJSON, err +} + +// +// +// Define the CLI data for the kong2kic command +// +// + +func newKong2KicCmd() *cobra.Command { + kong2KicCmd := &cobra.Command{ + Use: "kong2kic", + Short: "Convert Kong configuration files to Kong Ingress Controller (KIC) manifests", + Long: `Convert Kong configuration files to Kong Ingress Controller (KIC) manifests. + +The kong2kic subcommand transforms Kong’s configuration files, written in the deck format, +into Kubernetes manifests suitable for the Kong Ingress Controller. By default kong2kic generates +manifests for KIC v3.x using the Kubernetes Gateway API. Only HTTP/HTTPS routes are supported.`, + RunE: executeKong2Kic, + Args: cobra.NoArgs, + } + + kong2KicCmd.Flags().StringVarP(&cmdKong2KicInputFilename, "state", "s", "-", + "decK file to process. Use - to read from stdin.") + kong2KicCmd.Flags().StringVarP(&cmdKong2KicOutputFilename, "output-file", "o", "-", + "Output file to write. Use - to write to stdout.") + kong2KicCmd.Flags().StringVarP(&cmdKong2KicOutputFormat, "format", "f", "yaml", + "Output file format: json or yaml.") + kong2KicCmd.Flags().StringVar(&cmdKong2KicVersion, "kic-version", "3", + "Generate manifests for KIC v3 or v2. Possible values are 2 or 3.") + kong2KicCmd.Flags().StringVar(&cmdKong2KicClassName, "class-name", "kong", + `Value to use for "kubernetes.io/ingress.class" ObjectMeta.Annotations and for + "parentRefs.name" in the case of HTTPRoute.`) + kong2KicCmd.Flags().BoolVar(&cmdKong2KicIngress, "ingress", false, + `Use Kubernetes Ingress API manifests instead of Gateway API manifests.`) + + return kong2KicCmd +} diff --git a/cmd/root.go b/cmd/root.go index 00330b663..fd15edbd2 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -252,6 +252,7 @@ It can be used to export, import, or sync entities to Kong.`, fileCmd.AddCommand(newNamespaceCmd()) fileCmd.AddCommand(newConvertCmd(false)) fileCmd.AddCommand(newValidateCmd(false, false)) // file-based validation + fileCmd.AddCommand(newKong2KicCmd()) } return rootCmd } diff --git a/convert/convert_test.go b/convert/convert_test.go index bb4fb6a52..c5ca103d6 100644 --- a/convert/convert_test.go +++ b/convert/convert_test.go @@ -314,6 +314,7 @@ func Test_Convert(t *testing.T) { wantErr: true, }, } + for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { inputFiles := tt.args.inputFilenames diff --git a/go.mod b/go.mod index 785840e37..5d46fee59 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kong/deck -go 1.21.1 +go 1.21.6 replace github.com/yudai/gojsondiff v1.0.0 => github.com/Kong/gojsondiff v1.3.0 @@ -10,7 +10,7 @@ require ( github.com/daveshanley/vacuum v0.5.0 github.com/fatih/color v1.15.0 github.com/google/go-cmp v0.6.0 - github.com/kong/go-apiops v0.1.29 + github.com/kong/go-apiops v0.1.30 github.com/kong/go-database-reconciler v1.7.0 github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7 github.com/mitchellh/go-homedir v1.1.0 @@ -19,10 +19,30 @@ require ( github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.8.4 golang.org/x/sync v0.6.0 + k8s.io/api v0.29.1 + k8s.io/apiextensions-apiserver v0.29.1 + k8s.io/apimachinery v0.29.1 k8s.io/code-generator v0.29.1 + sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/yaml v1.4.0 ) +require ( + github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/google/go-querystring v1.1.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/hashicorp/go-memdb v1.3.4 // indirect + github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hexops/gotextdiff v1.0.3 // indirect + github.com/imdario/mergo v0.3.16 // indirect + github.com/pb33f/libopenapi v0.13.11 // indirect + github.com/pb33f/libopenapi-validator v0.0.28 // indirect + github.com/shirou/gopsutil/v3 v3.24.1 // indirect + github.com/ssgelm/cookiejarparser v1.0.1 // indirect + github.com/xeipuuv/gojsonschema v1.2.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect +) + require ( atomicgo.dev/cursor v0.2.0 // indirect atomicgo.dev/keyboard v0.2.9 // indirect @@ -30,13 +50,12 @@ require ( dario.cat/mergo v1.0.0 // indirect github.com/Kong/go-diff v1.2.2 // indirect github.com/Kong/gojsondiff v1.3.2 // indirect - github.com/adrg/strutil v0.2.3 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/adrg/strutil v0.3.0 // indirect github.com/containerd/console v1.0.3 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dlclark/regexp2 v1.10.0 // indirect github.com/dop251/goja v0.0.0-20231027120936-b396bb4c349d // indirect - github.com/dop251/goja_nodejs v0.0.0-20231022114343-5c1f9037c9ab // indirect + github.com/dop251/goja_nodejs v0.0.0-20231122114759-e84d9a924c5c // indirect github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -45,33 +64,31 @@ require ( github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.7 // indirect github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect - github.com/google/uuid v1.6.0 // indirect github.com/gookit/color v1.5.4 // indirect + github.com/gosimple/slug v1.13.1 + github.com/gosimple/unidecode v1.0.1 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-memdb v1.3.4 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect - github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hexops/gotextdiff v1.0.3 // indirect - github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/invopop/yaml v0.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kong/go-slugify v1.0.0 // indirect + github.com/kong/kubernetes-ingress-controller/v3 v3.1.0 github.com/kong/semver/v4 v4.0.1 // indirect github.com/lithammer/fuzzysearch v1.1.8 // indirect - github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect + github.com/lufia/plan9stats v0.0.0-20230326075908-cb1d2100619a // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -82,49 +99,47 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/mozillazg/go-unidecode v0.2.0 // indirect - github.com/pb33f/libopenapi v0.13.11 // indirect - github.com/pb33f/libopenapi-validator v0.0.28 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/pterm/pterm v0.12.70 // indirect + github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b // indirect + github.com/pterm/pterm v0.12.77 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect - github.com/shirou/gopsutil/v3 v3.24.1 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect - github.com/ssgelm/cookiejarparser v1.0.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tidwall/gjson v1.17.0 // indirect github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.0 // indirect + github.com/tidwall/pretty v1.2.1 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.19.0 // indirect + golang.org/x/net v0.20.0 // indirect golang.org/x/sys v0.17.0 // indirect golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.16.1 // indirect - google.golang.org/protobuf v1.31.0 // indirect + golang.org/x/tools v0.17.0 // indirect + google.golang.org/protobuf v1.32.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect + k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + sigs.k8s.io/controller-runtime v0.17.0 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index a13faea56..9d4cde97a 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -github.com/adrg/strutil v0.2.3 h1:WZVn3ItPBovFmP4wMHHVXUr8luRaHrbyIuLlHt32GZQ= -github.com/adrg/strutil v0.2.3/go.mod h1:+SNxbiH6t+O+5SZqIj5n/9i5yUjR+S3XXVrjEcN2mxg= +github.com/adrg/strutil v0.3.0 h1:bi/HB2zQbDihC8lxvATDTDzkT4bG7PATtVnDYp5rvq4= +github.com/adrg/strutil v0.3.0/go.mod h1:Jz0wzBVE6Uiy9wxo62YEqEY1Nwto3QlLl1Il5gkLKWU= github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= @@ -59,8 +59,8 @@ github.com/dop251/goja v0.0.0-20231027120936-b396bb4c349d h1:wi6jN5LVt/ljaBG4ue7 github.com/dop251/goja v0.0.0-20231027120936-b396bb4c349d/go.mod h1:QMWlm50DNe14hD7t24KEqZuUdC9sOTy8W6XbCU1mlw4= github.com/dop251/goja_nodejs v0.0.0-20210225215109-d91c329300e7/go.mod h1:hn7BA7c8pLvoGndExHudxTDKZ84Pyvv+90pbBjbTz0Y= github.com/dop251/goja_nodejs v0.0.0-20211022123610-8dd9abb0616d/go.mod h1:DngW8aVqWbuLRMHItjPUyqdj+HWPvnQe8V8y1nDpIbM= -github.com/dop251/goja_nodejs v0.0.0-20231022114343-5c1f9037c9ab h1:LrVf0AFnp5WiGKJ0a6cFf4RwNIN327uNUeVGJtmAFEE= -github.com/dop251/goja_nodejs v0.0.0-20231022114343-5c1f9037c9ab/go.mod h1:bhGPmCgCCTSRfiMYWjpS46IDo9EUZXlsuUaPXSWGbv0= +github.com/dop251/goja_nodejs v0.0.0-20231122114759-e84d9a924c5c h1:hLoodLRD4KLWIH8eyAQCLcH8EqIrjac7fCkp/fHnvuQ= +github.com/dop251/goja_nodejs v0.0.0-20231122114759-e84d9a924c5c/go.mod h1:bhGPmCgCCTSRfiMYWjpS46IDo9EUZXlsuUaPXSWGbv0= github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58= github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 h1:PRxIJD8XjimM5aTknUK9w6DHLDox2r2M3DI4i2pnd3w= github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936/go.mod h1:ttYvX5qlB+mlV1okblJqcSMtR4c52UKxDiX9GRBS8+Q= @@ -88,18 +88,20 @@ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= +github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-sourcemap/sourcemap v2.1.3+incompatible h1:W1iEw64niKVGogNgBN3ePyLFfuisuzeidWPMPWmECqU= github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v2.20.0+incompatible h1:4Xh3bDzO29j4TWNOI+24ubc0vbVFMg2PMnXKxK54/CA= github.com/go-task/slim-sprig v2.20.0+incompatible/go.mod h1:N/mhXZITr/EQAOErEHciKvO1bFei2Lld2Ym6h96pdy0= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -139,6 +141,10 @@ github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0= github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gosimple/slug v1.13.1 h1:bQ+kpX9Qa6tHRaK+fZR0A0M2Kd7Pa5eHPPsb1JpHD+Q= +github.com/gosimple/slug v1.13.1/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= +github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= +github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= @@ -154,8 +160,9 @@ github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5 github.com/hashicorp/go-uuid v1.0.0 h1:RS8zrF7PhGwyNPOtxSClXXj9HA8feRnJzgnI1RJCSnM= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= +github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= @@ -175,19 +182,23 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= -github.com/kong/go-apiops v0.1.29 h1:c+AB8MmGIr+K01Afm4GB2xaOmJnD/8KWMJQkr9qssnc= -github.com/kong/go-apiops v0.1.29/go.mod h1:ZNdiTZyVrAssB4wjEYWV7BfpcV9UME9LxnDDZhMPuNU= +github.com/kong/go-apiops v0.1.30 h1:FtzgDwPmkzobk532dxbeYG2+CAisnzQoirhFFdN6u3k= +github.com/kong/go-apiops v0.1.30/go.mod h1:ZNdiTZyVrAssB4wjEYWV7BfpcV9UME9LxnDDZhMPuNU= github.com/kong/go-database-reconciler v1.7.0 h1:Nztq15nVwwstqstQYveK+zEgVfA2bSaQh7fdfvlO4fo= github.com/kong/go-database-reconciler v1.7.0/go.mod h1:A45z0CFwPRMuBfJUlgdfLQw32svOkkjnQfZBNXTiU28= github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7 h1:/iV93Gwv410lIeJx8VCfCA4fpuvSuTw2LqZpDXsIE9Q= github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7/go.mod h1:YNkLvjxfOqS+BZ1J2YWOy/83wc26JM5QJbAukoeg1sY= github.com/kong/go-slugify v1.0.0 h1:vCFAyf2sdoSlBtLcrmDWUFn0ohlpKiKvQfXZkO5vSKY= github.com/kong/go-slugify v1.0.0/go.mod h1:dbR2h3J2QKXQ1k0aww6cN7o4cIcwlWflr6RKRdcoaiw= +github.com/kong/kubernetes-ingress-controller/v3 v3.1.0 h1:h+m5sng2HzK022RKFsZhhPFAKUs++7UKtTzzmF0dsVk= +github.com/kong/kubernetes-ingress-controller/v3 v3.1.0/go.mod h1:Ay+kBPnesWdBhHukspp079Tb53HKMuk15gKTdPgH+28= github.com/kong/semver/v4 v4.0.1 h1:DIcNR8W3gfx0KabFBADPalxxsp+q/5COwIFkkhrFQ2Y= github.com/kong/semver/v4 v4.0.1/go.mod h1:LImQ0oT15pJvSns/hs2laLca2zcYoHu5EsSNY0J6/QA= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -202,8 +213,9 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4= github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4= -github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= +github.com/lufia/plan9stats v0.0.0-20230326075908-cb1d2100619a h1:N9zuLhTvBSRt0gWSiJswwQ2HqDmtX/ZCDJURnKUt1Ik= +github.com/lufia/plan9stats v0.0.0-20230326075908-cb1d2100619a/go.mod h1:JKx41uQRwqlTZabZc+kILPrO/3jlKnQ2Z8b7YiVw5cE= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -258,8 +270,9 @@ github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdU github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= +github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b h1:0LFwY6Q3gMACTjAbMZBjXAqTOzOwFaj2Ld6cjeQ7Rig= +github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/pterm/pterm v0.12.27/go.mod h1:PhQ89w4i95rhgE+xedAoqous6K9X+r6aSOI2eFF7DZI= github.com/pterm/pterm v0.12.29/go.mod h1:WI3qxgvoQFFGKGjGnJR849gU0TsEOvKn5Q8LlY1U7lg= github.com/pterm/pterm v0.12.30/go.mod h1:MOqLIyMOgmTDz9yorcYbcw+HsgoZo3BQfg2wtl3HEFE= @@ -267,14 +280,14 @@ github.com/pterm/pterm v0.12.31/go.mod h1:32ZAWZVXD7ZfG0s8qqHXePte42kdz8ECtRyEej github.com/pterm/pterm v0.12.33/go.mod h1:x+h2uL+n7CP/rel9+bImHD5lF3nM9vJj80k9ybiiTTE= github.com/pterm/pterm v0.12.36/go.mod h1:NjiL09hFhT/vWjQHSj1athJpx6H8cjpHXNAK5bUw8T8= github.com/pterm/pterm v0.12.40/go.mod h1:ffwPLwlbXxP+rxT0GsgDTzS3y3rmpAO1NMjUkGTYf8s= -github.com/pterm/pterm v0.12.70 h1:8W0oBICz0xXvUeB8v9Pcfr2wNtsm7zfSb+FJzIbFB5w= -github.com/pterm/pterm v0.12.70/go.mod h1:SUAcoZjRt+yjPWlWba+/Fd8zJJ2lSXBQWf0Z0HbFiIQ= +github.com/pterm/pterm v0.12.77 h1:zPdVApDvzXwv9oFqkD3KxGcLWyUYXfQOd/IEUXyAoyo= +github.com/pterm/pterm v0.12.77/go.mod h1:1v/gzOF1N0FsjbgTHZ1wVycRkKiatFvJSJC4IGaQAAo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= @@ -325,8 +338,9 @@ github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk= @@ -360,10 +374,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= +golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -382,8 +396,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -442,11 +456,13 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -459,8 +475,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -468,6 +484,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -485,6 +503,12 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw= +k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ= +k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw= +k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU= +k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= +k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= k8s.io/code-generator v0.29.1 h1:8ba8BdtSmAVHgAMpzThb/fuyQeTRtN7NtN7VjMcDLew= k8s.io/code-generator v0.29.1/go.mod h1:FwFi3C9jCrmbPjekhaCYcYG1n07CYiW1+PAPCockaos= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= @@ -492,8 +516,14 @@ k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= +sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= +sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/kong2kic/builder.go b/kong2kic/builder.go new file mode 100644 index 000000000..8b6b04af9 --- /dev/null +++ b/kong2kic/builder.go @@ -0,0 +1,50 @@ +package kong2kic + +import ( + "github.com/kong/go-database-reconciler/pkg/file" +) + +type IBuilder interface { + buildServices(*file.Content) + buildRoutes(*file.Content) + buildGlobalPlugins(*file.Content) + buildConsumers(*file.Content) + buildConsumerGroups(*file.Content) + buildCACertificates(*file.Content) + buildCertificates(*file.Content) + getContent() *KICContent +} + +func getBuilder(builderType string) IBuilder { + if builderType == KICV3GATEWAY { + return newKICv3GatewayAPIBuilder() + } else if builderType == KICV3INGRESS { + return newKICv3IngressAPIBuilder() + } else if builderType == KICV2GATEWAY { + return newKICv2GatewayAPIBuilder() + } else if builderType == KICV2INGRESS { + return newKICv2IngressAPIBuilder() + } + return nil +} + +type Director struct { + builder IBuilder +} + +func newDirector(builder IBuilder) *Director { + return &Director{ + builder: builder, + } +} + +func (d *Director) buildManifests(content *file.Content) *KICContent { + d.builder.buildServices(content) + d.builder.buildRoutes(content) + d.builder.buildGlobalPlugins(content) + d.builder.buildConsumers(content) + d.builder.buildConsumerGroups(content) + d.builder.buildCACertificates(content) + d.builder.buildCertificates(content) + return d.builder.getContent() +} diff --git a/kong2kic/builder_v2_gw_api.go b/kong2kic/builder_v2_gw_api.go new file mode 100644 index 000000000..74b9a3db7 --- /dev/null +++ b/kong2kic/builder_v2_gw_api.go @@ -0,0 +1,64 @@ +package kong2kic + +import ( + "log" + + "github.com/kong/go-database-reconciler/pkg/file" +) + +type KICv2GatewayAPIBuilder struct { + kicContent *KICContent +} + +func newKICv2GatewayAPIBuilder() *KICv2GatewayAPIBuilder { + return &KICv2GatewayAPIBuilder{ + kicContent: &KICContent{}, + } +} + +func (b *KICv2GatewayAPIBuilder) buildServices(content *file.Content) { + err := populateKICServicesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2GatewayAPIBuilder) buildRoutes(content *file.Content) { + err := populateKICIngressesWithGatewayAPI(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2GatewayAPIBuilder) buildGlobalPlugins(content *file.Content) { + err := populateKICKongClusterPlugins(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2GatewayAPIBuilder) buildConsumers(content *file.Content) { + err := populateKICConsumers(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2GatewayAPIBuilder) buildConsumerGroups(content *file.Content) { + err := populateKICConsumerGroups(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2GatewayAPIBuilder) buildCACertificates(content *file.Content) { + populateKICCACertificate(content, b.kicContent) +} + +func (b *KICv2GatewayAPIBuilder) buildCertificates(content *file.Content) { + populateKICCertificates(content, b.kicContent) +} + +func (b *KICv2GatewayAPIBuilder) getContent() *KICContent { + return b.kicContent +} diff --git a/kong2kic/builder_v2_ingress_api.go b/kong2kic/builder_v2_ingress_api.go new file mode 100644 index 000000000..e4c71499b --- /dev/null +++ b/kong2kic/builder_v2_ingress_api.go @@ -0,0 +1,64 @@ +package kong2kic + +import ( + "log" + + "github.com/kong/go-database-reconciler/pkg/file" +) + +type KICv2IngressAPIBuilder struct { + kicContent *KICContent +} + +func newKICv2IngressAPIBuilder() *KICv2IngressAPIBuilder { + return &KICv2IngressAPIBuilder{ + kicContent: &KICContent{}, + } +} + +func (b *KICv2IngressAPIBuilder) buildServices(content *file.Content) { + err := populateKICServicesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2IngressAPIBuilder) buildRoutes(content *file.Content) { + err := populateKICIngressesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2IngressAPIBuilder) buildGlobalPlugins(content *file.Content) { + err := populateKICKongClusterPlugins(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2IngressAPIBuilder) buildConsumers(content *file.Content) { + err := populateKICConsumers(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2IngressAPIBuilder) buildConsumerGroups(content *file.Content) { + err := populateKICConsumerGroups(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv2IngressAPIBuilder) buildCACertificates(content *file.Content) { + populateKICCACertificate(content, b.kicContent) +} + +func (b *KICv2IngressAPIBuilder) buildCertificates(content *file.Content) { + populateKICCertificates(content, b.kicContent) +} + +func (b *KICv2IngressAPIBuilder) getContent() *KICContent { + return b.kicContent +} diff --git a/kong2kic/builder_v3_gw_api.go b/kong2kic/builder_v3_gw_api.go new file mode 100644 index 000000000..4f1b6820c --- /dev/null +++ b/kong2kic/builder_v3_gw_api.go @@ -0,0 +1,64 @@ +package kong2kic + +import ( + "log" + + "github.com/kong/go-database-reconciler/pkg/file" +) + +type KICv3GatewayAPIBuider struct { + kicContent *KICContent +} + +func newKICv3GatewayAPIBuilder() *KICv3GatewayAPIBuider { + return &KICv3GatewayAPIBuider{ + kicContent: &KICContent{}, + } +} + +func (b *KICv3GatewayAPIBuider) buildServices(content *file.Content) { + err := populateKICServicesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3GatewayAPIBuider) buildRoutes(content *file.Content) { + err := populateKICIngressesWithGatewayAPI(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3GatewayAPIBuider) buildGlobalPlugins(content *file.Content) { + err := populateKICKongClusterPlugins(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3GatewayAPIBuider) buildConsumers(content *file.Content) { + err := populateKICConsumers(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3GatewayAPIBuider) buildConsumerGroups(content *file.Content) { + err := populateKICConsumerGroups(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3GatewayAPIBuider) buildCACertificates(content *file.Content) { + populateKICCACertificate(content, b.kicContent) +} + +func (b *KICv3GatewayAPIBuider) buildCertificates(content *file.Content) { + populateKICCertificates(content, b.kicContent) +} + +func (b *KICv3GatewayAPIBuider) getContent() *KICContent { + return b.kicContent +} diff --git a/kong2kic/builder_v3_ingress_api.go b/kong2kic/builder_v3_ingress_api.go new file mode 100644 index 000000000..7981b7ad2 --- /dev/null +++ b/kong2kic/builder_v3_ingress_api.go @@ -0,0 +1,64 @@ +package kong2kic + +import ( + "log" + + "github.com/kong/go-database-reconciler/pkg/file" +) + +type KICv3IngressAPIBuilder struct { + kicContent *KICContent +} + +func newKICv3IngressAPIBuilder() *KICv3IngressAPIBuilder { + return &KICv3IngressAPIBuilder{ + kicContent: &KICContent{}, + } +} + +func (b *KICv3IngressAPIBuilder) buildServices(content *file.Content) { + err := populateKICServicesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3IngressAPIBuilder) buildRoutes(content *file.Content) { + err := populateKICIngressesWithAnnotations(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3IngressAPIBuilder) buildGlobalPlugins(content *file.Content) { + err := populateKICKongClusterPlugins(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3IngressAPIBuilder) buildConsumers(content *file.Content) { + err := populateKICConsumers(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3IngressAPIBuilder) buildConsumerGroups(content *file.Content) { + err := populateKICConsumerGroups(content, b.kicContent) + if err != nil { + log.Fatal(err) + } +} + +func (b *KICv3IngressAPIBuilder) buildCACertificates(content *file.Content) { + populateKICCACertificate(content, b.kicContent) +} + +func (b *KICv3IngressAPIBuilder) buildCertificates(content *file.Content) { + populateKICCertificates(content, b.kicContent) +} + +func (b *KICv3IngressAPIBuilder) getContent() *KICContent { + return b.kicContent +} diff --git a/kong2kic/ca_certificate.go b/kong2kic/ca_certificate.go new file mode 100644 index 000000000..a9a65a075 --- /dev/null +++ b/kong2kic/ca_certificate.go @@ -0,0 +1,32 @@ +package kong2kic + +import ( + "crypto/sha256" + "fmt" + + "github.com/kong/go-database-reconciler/pkg/file" + k8scorev1 "k8s.io/api/core/v1" +) + +func populateKICCACertificate(content *file.Content, file *KICContent) { + // iterate content.CACertificates and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, caCert := range content.CACertificates { + digest := sha256.Sum256([]byte(*caCert.Cert)) + var ( + secret k8scorev1.Secret + secretName = "ca-cert-" + fmt.Sprintf("%x", digest) + ) + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.Type = k8scorev1.SecretTypeOpaque + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + secret.StringData["ca.crt"] = *caCert.Cert + if caCert.CertDigest != nil { + secret.StringData["ca.digest"] = *caCert.CertDigest + } + + file.Secrets = append(file.Secrets, secret) + } +} diff --git a/kong2kic/certificate.go b/kong2kic/certificate.go new file mode 100644 index 000000000..6d409b37d --- /dev/null +++ b/kong2kic/certificate.go @@ -0,0 +1,31 @@ +package kong2kic + +import ( + "crypto/sha256" + "fmt" + + "github.com/kong/go-database-reconciler/pkg/file" + k8scorev1 "k8s.io/api/core/v1" +) + +func populateKICCertificates(content *file.Content, file *KICContent) { + // iterate content.Certificates and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, cert := range content.Certificates { + digest := sha256.Sum256([]byte(*cert.Cert)) + var ( + secret k8scorev1.Secret + secretName = "cert-" + fmt.Sprintf("%x", digest) + ) + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.Type = k8scorev1.SecretTypeTLS + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + secret.StringData["tls.crt"] = *cert.Cert + secret.StringData["tls.key"] = *cert.Key + // what to do with SNIs? + + file.Secrets = append(file.Secrets, secret) + } +} diff --git a/kong2kic/consumer.go b/kong2kic/consumer.go new file mode 100644 index 000000000..a23a4f7c1 --- /dev/null +++ b/kong2kic/consumer.go @@ -0,0 +1,330 @@ +package kong2kic + +import ( + "encoding/json" + "log" + "strconv" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + k8scorev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +func populateKICConsumers(content *file.Content, file *KICContent) error { + // Iterate Kong Consumers and copy them into KongConsumer + for i := range content.Consumers { + consumer := content.Consumers[i] + + var kongConsumer kicv1.KongConsumer + kongConsumer.APIVersion = KICAPIVersion + kongConsumer.Kind = "KongConsumer" + kongConsumer.ObjectMeta.Name = calculateSlug(*consumer.Username) + kongConsumer.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + kongConsumer.Username = *consumer.Username + if consumer.CustomID != nil { + kongConsumer.CustomID = *consumer.CustomID + } + + populateKICKeyAuthSecrets(&consumer, &kongConsumer, file) + populateKICHMACSecrets(&consumer, &kongConsumer, file) + populateKICJWTAuthSecrets(&consumer, &kongConsumer, file) + populateKICBasicAuthSecrets(&consumer, &kongConsumer, file) + populateKICOAuth2CredSecrets(&consumer, &kongConsumer, file) + populateKICACLGroupSecrets(&consumer, &kongConsumer, file) + populateKICMTLSAuthSecrets(&consumer, &kongConsumer, file) + + // for each consumer.plugin, create a KongPlugin and a plugin annotation in the kongConsumer + // to link the plugin + for _, plugin := range consumer.Plugins { + var kongPlugin kicv1.KongPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = KongPluginKind + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + if plugin.Name != nil { + kongPlugin.PluginName = *plugin.Name + kongPlugin.ObjectMeta.Name = calculateSlug(*consumer.Username + "-" + *plugin.Name) + } else { + log.Println("Plugin name is empty. This is not recommended." + + "Please, provide a name for the plugin before generating Kong Ingress Controller manifests.") + continue + } + + // transform the plugin config from map[string]interface{} to apiextensionsv1.JSON + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + file.KongPlugins = append(file.KongPlugins, kongPlugin) + + if kongConsumer.ObjectMeta.Annotations["konghq.com/plugins"] == "" { + kongConsumer.ObjectMeta.Annotations["konghq.com/plugins"] = kongPlugin.ObjectMeta.Name + } else { + annotations := kongConsumer.ObjectMeta.Annotations["konghq.com/plugins"] + "," + kongPlugin.ObjectMeta.Name + kongConsumer.ObjectMeta.Annotations["konghq.com/plugins"] = annotations + } + } + + file.KongConsumers = append(file.KongConsumers, kongConsumer) + } + + return nil +} + +func populateKICMTLSAuthSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.MTLSAuths and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, mtlsAuth := range consumer.MTLSAuths { + var secret k8scorev1.Secret + secretName := "mtls-auth-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.Type = "Opaque" + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "mtls-auth"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "mtls-auth" + } + + if mtlsAuth.SubjectName != nil { + secret.StringData["subject_name"] = *mtlsAuth.SubjectName + } + + if mtlsAuth.ID != nil { + secret.StringData["id"] = *mtlsAuth.ID + } + + if mtlsAuth.CACertificate != nil && mtlsAuth.CACertificate.Cert != nil { + secret.StringData["ca_certificate"] = *mtlsAuth.CACertificate.Cert + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICACLGroupSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.ACLGroups and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, aclGroup := range consumer.ACLGroups { + var secret k8scorev1.Secret + secretName := "acl-group-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "acl"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "acl" + } + + if aclGroup.Group != nil { + secret.StringData["group"] = *aclGroup.Group + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICOAuth2CredSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.OAuth2Creds and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, oauth2Cred := range consumer.Oauth2Creds { + var secret k8scorev1.Secret + secretName := "oauth2cred-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "oauth2"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "oauth2" + } + + if oauth2Cred.Name != nil { + secret.StringData["name"] = *oauth2Cred.Name + } + + if oauth2Cred.ClientID != nil { + secret.StringData["client_id"] = *oauth2Cred.ClientID + } + + if oauth2Cred.ClientSecret != nil { + secret.StringData["client_secret"] = *oauth2Cred.ClientSecret + } + + if oauth2Cred.ClientType != nil { + secret.StringData["client_type"] = *oauth2Cred.ClientType + } + + if oauth2Cred.HashSecret != nil { + secret.StringData["hash_secret"] = strconv.FormatBool(*oauth2Cred.HashSecret) + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICBasicAuthSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.BasicAuths and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, basicAuth := range consumer.BasicAuths { + var secret k8scorev1.Secret + secretName := "basic-auth-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "basic-auth"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "basic-auth" + } + + if basicAuth.Username != nil { + secret.StringData["username"] = *basicAuth.Username + } + if basicAuth.Password != nil { + secret.StringData["password"] = *basicAuth.Password + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICJWTAuthSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.JWTAuths and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, jwtAuth := range consumer.JWTAuths { + var secret k8scorev1.Secret + secretName := "jwt-auth-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "jwt"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "jwt" + } + + // only do the following assignments if not null + if jwtAuth.Key != nil { + secret.StringData["key"] = *jwtAuth.Key + } + + if jwtAuth.Algorithm != nil { + secret.StringData["algorithm"] = *jwtAuth.Algorithm + } + + if jwtAuth.RSAPublicKey != nil { + secret.StringData["rsa_public_key"] = *jwtAuth.RSAPublicKey + } + + if jwtAuth.Secret != nil { + secret.StringData["secret"] = *jwtAuth.Secret + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICHMACSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.HMACAuths and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + for _, hmacAuth := range consumer.HMACAuths { + var secret k8scorev1.Secret + secretName := "hmac-auth-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "hmac-auth"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "hmac-auth" + } + + if hmacAuth.Username != nil { + secret.StringData["username"] = *hmacAuth.Username + } + + if hmacAuth.Secret != nil { + secret.StringData["secret"] = *hmacAuth.Secret + } + + // add the secret name to the kongConsumer.credentials + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + } +} + +func populateKICKeyAuthSecrets(consumer *file.FConsumer, kongConsumer *kicv1.KongConsumer, file *KICContent) { + // iterate consumer.KeyAuths and copy them into k8scorev1.Secret, then add them to kicContent.Secrets + // add the secret name to the kongConsumer.credentials + for _, keyAuth := range consumer.KeyAuths { + var secret k8scorev1.Secret + secretName := "key-auth-" + *consumer.Username + secret.TypeMeta.APIVersion = "v1" + secret.TypeMeta.Kind = SecretKind + secret.ObjectMeta.Name = calculateSlug(secretName) + secret.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + secret.StringData = make(map[string]string) + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // for KIC v3, use the konghq.com/credential label to identify the credential type + secret.ObjectMeta.Labels = map[string]string{"konghq.com/credential": "key-auth"} + } else { + // for KIC v2, use the kongCredType field to identify the credential type + secret.StringData["kongCredType"] = "key-auth" + } + + if keyAuth.Key != nil { + secret.StringData["key"] = *keyAuth.Key + } + + kongConsumer.Credentials = append(kongConsumer.Credentials, secretName) + + file.Secrets = append(file.Secrets, secret) + + } +} diff --git a/kong2kic/consumer_group.go b/kong2kic/consumer_group.go new file mode 100644 index 000000000..a252a1861 --- /dev/null +++ b/kong2kic/consumer_group.go @@ -0,0 +1,84 @@ +package kong2kic + +import ( + "encoding/json" + "log" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + kicv1beta1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1beta1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +func populateKICConsumerGroups(content *file.Content, kicContent *KICContent) error { + // iterate over the consumer groups and create a KongConsumerGroup for each one + for _, consumerGroup := range content.ConsumerGroups { + var kongConsumerGroup kicv1beta1.KongConsumerGroup + kongConsumerGroup.APIVersion = "configuration.konghq.com/v1beta1" + kongConsumerGroup.Kind = "KongConsumerGroup" + if consumerGroup.Name != nil { + kongConsumerGroup.ObjectMeta.Name = calculateSlug(*consumerGroup.Name) + } else { + log.Println("Consumer group name is empty. This is not recommended." + + "Please, provide a name for the consumer group before generating Kong Ingress Controller manifests.") + continue + } + kongConsumerGroup.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + kongConsumerGroup.Name = *consumerGroup.Name + + // Iterate over the consumers in consumerGroup and + // find the KongConsumer with the same username in kicContent.KongConsumers + // and add it to the KongConsumerGroup + for _, consumer := range consumerGroup.Consumers { + for idx := range kicContent.KongConsumers { + if kicContent.KongConsumers[idx].Username == *consumer.Username { + if kicContent.KongConsumers[idx].ConsumerGroups == nil { + kicContent.KongConsumers[idx].ConsumerGroups = make([]string, 0) + } + consumerGroups := append(kicContent.KongConsumers[idx].ConsumerGroups, *consumerGroup.Name) + kicContent.KongConsumers[idx].ConsumerGroups = consumerGroups + } + } + } + + // for each consumerGroup plugin, create a KongPlugin and a plugin annotation in the kongConsumerGroup + // to link the plugin. Consumer group plugins are "global plugins" with a consumer_group property + for _, plugin := range content.Plugins { + if plugin.ConsumerGroup.ID != nil && *plugin.ConsumerGroup.ID == *consumerGroup.Name { + var kongPlugin kicv1.KongPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = KongPluginKind + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + if plugin.Name != nil { + kongPlugin.PluginName = *consumerGroup.Name + "-" + *plugin.Name + kongPlugin.ObjectMeta.Name = calculateSlug(*consumerGroup.Name + "-" + *plugin.Name) + } else { + log.Println("Plugin name is empty. This is not recommended." + + "Please, provide a name for the plugin before generating Kong Ingress Controller manifests.") + continue + } + + // transform the plugin config from map[string]interface{} to apiextensionsv1.JSON + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + kicContent.KongPlugins = append(kicContent.KongPlugins, kongPlugin) + + if kongConsumerGroup.ObjectMeta.Annotations["konghq.com/plugins"] == "" { + kongConsumerGroup.ObjectMeta.Annotations["konghq.com/plugins"] = kongPlugin.ObjectMeta.Name + } else { + annotations := kongConsumerGroup.ObjectMeta.Annotations["konghq.com/plugins"] + "," + kongPlugin.ObjectMeta.Name + kongConsumerGroup.ObjectMeta.Annotations["konghq.com/plugins"] = annotations + } + } + } + + kicContent.KongConsumerGroups = append(kicContent.KongConsumerGroups, kongConsumerGroup) + } + + return nil +} diff --git a/kong2kic/global_plugin.go b/kong2kic/global_plugin.go new file mode 100644 index 000000000..5c7b7e5cc --- /dev/null +++ b/kong2kic/global_plugin.go @@ -0,0 +1,46 @@ +package kong2kic + +import ( + "encoding/json" + "log" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +func populateKICKongClusterPlugins(content *file.Content, file *KICContent) error { + // Global Plugins map to KongClusterPlugins + // iterate content.Plugins and copy them into kicv1.KongPlugin manifests + // add the kicv1.KongPlugin to the KICContent.KongClusterPlugins slice + for _, plugin := range content.Plugins { + // skip this plugin instance if it is a kongconsumergroup plugin. + // It is a kongconsumergroup plugin if it has a consumer_group property + if plugin.ConsumerGroup != nil { + continue + } + var kongPlugin kicv1.KongClusterPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = "KongClusterPlugin" + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + if plugin.Name != nil { + kongPlugin.PluginName = *plugin.Name + kongPlugin.ObjectMeta.Name = calculateSlug(*plugin.Name) + } else { + log.Println("Global Plugin name is empty. This is not recommended." + + "Please, provide a name for the plugin before generating Kong Ingress Controller manifests.") + continue + } + + // transform the plugin config from map[string]interface{} to apiextensionsv1.JSON + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + file.KongClusterPlugins = append(file.KongClusterPlugins, kongPlugin) + } + return nil +} diff --git a/kong2kic/kong2kic.go b/kong2kic/kong2kic.go new file mode 100644 index 000000000..981826a2f --- /dev/null +++ b/kong2kic/kong2kic.go @@ -0,0 +1,69 @@ +package kong2kic + +import ( + "crypto/sha256" + "fmt" + "strings" + + "github.com/gosimple/slug" + "github.com/kong/go-database-reconciler/pkg/file" +) + +const ( + KICV3GATEWAY = "KICV3_GATEWAY" + KICV3INGRESS = "KICV3_INGRESS" + KICV2GATEWAY = "KICV2_GATEWAY" + KICV2INGRESS = "KICV2_INGRESS" + KICAPIVersion = "configuration.konghq.com/v1" + KICAPIVersionV1Beta1 = "configuration.konghq.com/v1beta1" + GatewayAPIVersionV1Beta1 = "gateway.networking.k8s.io/v1beta1" + GatewayAPIVersionV1 = "gateway.networking.k8s.io/v1" + KongPluginKind = "KongPlugin" + SecretKind = "Secret" + IngressKind = "KongIngress" + UpstreamPolicyKind = "KongUpstreamPolicy" + IngressClass = "kubernetes.io/ingress.class" +) + +// ClassName is set by the CLI flag --class-name +var ClassName = "kong" + +// targetKICVersionAPI is KIC v3.x Gateway API by default. +// Can be overridden by CLI flags. +var targetKICVersionAPI = KICV3GATEWAY + +func MarshalKongToKIC(content *file.Content, builderType string, format string) ([]byte, error) { + targetKICVersionAPI = builderType + kicContent := convertKongToKIC(content, builderType) + return kicContent.marshalKICContentToFormat(format) +} + +func convertKongToKIC(content *file.Content, builderType string) *KICContent { + builder := getBuilder(builderType) + director := newDirector(builder) + return director.buildManifests(content) +} + +// utility function to make sure that objectmeta.name is always +// compatible with kubernetes naming conventions. +func calculateSlug(input string) string { + // Use the slug library to create a slug + slugStr := slug.Make(input) + + // Replace underscores with dashes + slugStr = strings.ReplaceAll(slugStr, "_", "-") + + // If the resulting string has more than 63 characters + if len(slugStr) > 63 { + // Calculate the sha256 sum of the string + hash := sha256.Sum256([]byte(slugStr)) + + // Truncate the slug to 53 characters + slugStr = slugStr[:53] + + // Replace the last 10 characters with the first 10 characters of the sha256 sum + slugStr = slugStr[:len(slugStr)-10] + fmt.Sprintf("%x", hash)[:10] + } + + return slugStr +} diff --git a/kong2kic/kong2kic_test.go b/kong2kic/kong2kic_test.go new file mode 100644 index 000000000..fc5031a8f --- /dev/null +++ b/kong2kic/kong2kic_test.go @@ -0,0 +1,123 @@ +package kong2kic + +import ( + "os" + "strings" + "testing" + + "github.com/kong/go-database-reconciler/pkg/file" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +var baseLocation = "testdata/" + +func fixJSONstream(input string) string { + // this is a stream of json files, must update to an actual json array + return "[" + strings.Replace(input, "}{", "},{", -1) + "]" +} + +func compareFileContent(t *testing.T, expectedFilename string, actualContent []byte) { + expected, err := os.ReadFile(baseLocation + expectedFilename) + if err != nil { + assert.Fail(t, err.Error()) + } + + actualFilename := baseLocation + strings.Replace(expectedFilename, "-expected.", "-actual.", 1) + os.WriteFile(actualFilename, actualContent, 0o600) + + if strings.HasSuffix(expectedFilename, ".json") { + // this is a stream of json files, must update to an actual json array + require.JSONEq(t, fixJSONstream(string(expected)), fixJSONstream(string(actualContent))) + } else { + require.YAMLEq(t, string(expected), string(actualContent)) + } +} + +func Test_convertKongGatewayToIngress(t *testing.T) { + tests := []struct { + name string + inputFilename string + outputFilename string + builderType string + wantErr bool + }{ + { + name: "Kong to KIC: kic v3.x Gateway API, yaml", + inputFilename: "input.yaml", + outputFilename: "kicv3_gateway/output-expected.yaml", + builderType: KICV3GATEWAY, + wantErr: false, + }, + { + name: "Kong to KIC: kic v3.x Gateway API, json", + inputFilename: "input.yaml", + outputFilename: "kicv3_gateway/output-expected.json", + builderType: KICV3GATEWAY, + wantErr: false, + }, + { + name: "Kong to KIC: kic v3.x Ingress API, yaml", + inputFilename: "input.yaml", + outputFilename: "kicv3_ingress/output-expected.yaml", + builderType: KICV3INGRESS, + wantErr: false, + }, + { + name: "Kong to KIC: kic v3.x Ingress API, json", + inputFilename: "input.yaml", + outputFilename: "kicv3_ingress/output-expected.json", + builderType: KICV3INGRESS, + wantErr: false, + }, + { + name: "Kong to KIC: kic v2.x Gateway API, yaml", + inputFilename: "input.yaml", + outputFilename: "kicv2_gateway/output-expected.yaml", + builderType: KICV2GATEWAY, + wantErr: false, + }, + { + name: "Kong to KIC: kic v2.x Gateway API, json", + inputFilename: "input.yaml", + outputFilename: "kicv2_gateway/output-expected.json", + builderType: KICV2GATEWAY, + wantErr: false, + }, + { + name: "Kong to KIC: kic v2.x Ingress API, yaml", + inputFilename: "input.yaml", + outputFilename: "kicv2_ingress/output-expected.yaml", + builderType: KICV2INGRESS, + wantErr: false, + }, + { + name: "Kong to KIC: kic v2.x Ingress API, json", + inputFilename: "input.yaml", + outputFilename: "kicv2_ingress/output-expected.json", + builderType: KICV2INGRESS, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + inputContent, err := file.GetContentFromFiles([]string{baseLocation + tt.inputFilename}, false) + if err != nil { + assert.Fail(t, err.Error()) + } + + var output []byte + if strings.HasSuffix(tt.outputFilename, ".json") { + output, err = MarshalKongToKIC(inputContent, tt.builderType, file.JSON) + } else { + output, err = MarshalKongToKIC(inputContent, tt.builderType, file.YAML) + } + + if err == nil { + compareFileContent(t, tt.outputFilename, output) + } else if (err != nil) != tt.wantErr { + t.Errorf("KongToKIC() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/kong2kic/route.go b/kong2kic/route.go new file mode 100644 index 000000000..23661427c --- /dev/null +++ b/kong2kic/route.go @@ -0,0 +1,504 @@ +package kong2kic + +import ( + "encoding/json" + "log" + "strconv" + "strings" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + k8snetv1 "k8s.io/api/networking/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + k8sgwapiv1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// Convert route to Ingress (Ingress API) +func populateKICIngressesWithAnnotations(content *file.Content, kicContent *KICContent) error { + // For each route under each service create one ingress. + // If the route has multiple hosts, create the relevant host declarations in the ingress + // and under each hosts create a declaration for each path in the route. + // If the route has no hosts, create a declaration in the ingress for each path in the route. + // Map additional fields in the route to annotations in the ingress. + // If the route has plugins, create a KongPlugin for each one and add an annotation to the ingress + // to link the plugin to it. + for _, service := range content.Services { + for _, route := range service.Routes { + // save all ingresses we create for this route so we can then + // assign them the plugins defined for the route + var ( + k8sIngress k8snetv1.Ingress + pathTypeImplSpecific = k8snetv1.PathTypeImplementationSpecific + ) + + k8sIngress.TypeMeta.APIVersion = "networking.k8s.io/v1" + k8sIngress.TypeMeta.Kind = "Ingress" + if service.Name != nil && route.Name != nil { + k8sIngress.ObjectMeta.Name = calculateSlug(*service.Name + "-" + *route.Name) + } else { + log.Println("Service name or route name is empty. This is not recommended." + + "Please, provide a name for the service and the route before generating Kong Ingress Controller manifests.") + continue + } + ingressClassName := ClassName + k8sIngress.Spec.IngressClassName = &ingressClassName + k8sIngress.ObjectMeta.Annotations = make(map[string]string) + + // add konghq.com/protocols annotation if route.Protocols is not nil + if route.Protocols != nil { + var protocols string + for _, protocol := range route.Protocols { + if protocols == "" { + protocols = *protocol + } else { + protocols = protocols + "," + *protocol + } + } + k8sIngress.ObjectMeta.Annotations["konghq.com/protocols"] = protocols + } + + // add konghq.com/strip-path annotation if route.StripPath is not nil + if route.StripPath != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/strip-path"] = strconv.FormatBool(*route.StripPath) + } + + // add konghq.com/preserve-host annotation if route.PreserveHost is not nil + if route.PreserveHost != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/preserve-host"] = strconv.FormatBool(*route.PreserveHost) + } + + // add konghq.com/regex-priority annotation if route.RegexPriority is not nil + if route.RegexPriority != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/regex-priority"] = strconv.Itoa(*route.RegexPriority) + } + + // add konghq.com/https-redirect-status-code annotation if route.HTTPSRedirectStatusCode is not nil + if route.HTTPSRedirectStatusCode != nil { + value := strconv.Itoa(*route.HTTPSRedirectStatusCode) + k8sIngress.ObjectMeta.Annotations["konghq.com/https-redirect-status-code"] = value + } + + // add konghq.com/headers.* annotation if route.Headers is not nil + if route.Headers != nil { + for key, value := range route.Headers { + k8sIngress.ObjectMeta.Annotations["konghq.com/headers."+key] = strings.Join(value, ",") + } + } + + // add konghq.com/path-handling annotation if route.PathHandling is not nil + if route.PathHandling != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/path-handling"] = *route.PathHandling + } + + // add konghq.com/snis annotation if route.SNIs is not nil + if route.SNIs != nil { + var snis string + for _, sni := range route.SNIs { + if snis == "" { + snis = *sni + } else { + snis = snis + "," + *sni + } + } + k8sIngress.ObjectMeta.Annotations["konghq.com/snis"] = snis + } + + // add konghq.com/request-buffering annotation if route.RequestBuffering is not nil + if route.RequestBuffering != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/request-buffering"] = strconv.FormatBool(*route.RequestBuffering) + } + + // add konghq.com/response-buffering annotation if route.ResponseBuffering is not nil + if route.ResponseBuffering != nil { + k8sIngress.ObjectMeta.Annotations["konghq.com/response-buffering"] = strconv.FormatBool(*route.ResponseBuffering) + } + + // add konghq.com/methods annotation if route.Methods is not nil + if route.Methods != nil { + var methods string + for _, method := range route.Methods { + if methods == "" { + methods = *method + } else { + methods = methods + "," + *method + } + } + k8sIngress.ObjectMeta.Annotations["konghq.com/methods"] = methods + } + + if len(route.Hosts) == 0 { + // iterate route.Paths and create a k8sIngress.Spec.Rules for each one. + // If service.Port is not nil, add it to the k8sIngress.Spec.Rules + ingressRule := k8snetv1.IngressRule{ + IngressRuleValue: k8snetv1.IngressRuleValue{ + HTTP: &k8snetv1.HTTPIngressRuleValue{ + Paths: []k8snetv1.HTTPIngressPath{}, + }, + }, + } + for _, path := range route.Paths { + // if path starts with ~ then add / to the beginning of the path + // see: https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/upgrade-kong-3x/#update-ingr + // ess-regular-expression-paths-for-kong-3x-compatibility + sCopy := *path + if strings.HasPrefix(*path, "~") { + sCopy = "/" + *path + } + if service.Port != nil { + ingressRule.IngressRuleValue.HTTP.Paths = append(ingressRule.IngressRuleValue.HTTP.Paths, + k8snetv1.HTTPIngressPath{ + Path: sCopy, + PathType: &pathTypeImplSpecific, + Backend: k8snetv1.IngressBackend{ + Service: &k8snetv1.IngressServiceBackend{ + Name: *service.Name, + Port: k8snetv1.ServiceBackendPort{ + Number: int32(*service.Port), + }, + }, + }, + }) + } else { + ingressRule.IngressRuleValue.HTTP.Paths = append(ingressRule.IngressRuleValue.HTTP.Paths, + k8snetv1.HTTPIngressPath{ + Path: sCopy, + PathType: &pathTypeImplSpecific, + Backend: k8snetv1.IngressBackend{ + Service: &k8snetv1.IngressServiceBackend{ + Name: *service.Name, + }, + }, + }) + } + } + k8sIngress.Spec.Rules = append(k8sIngress.Spec.Rules, ingressRule) + } else { + // Iterate route.Hosts and create a k8sIngress.Spec.Rules for each one. + // For each host, iterate route.Paths and add a k8snetv1.HTTPIngressPath to the k8sIngress.Spec.Rules. + // If service.Port is not nil, add it to the k8sIngress.Spec.Rules + for _, host := range route.Hosts { + ingressRule := k8snetv1.IngressRule{ + Host: *host, + IngressRuleValue: k8snetv1.IngressRuleValue{ + HTTP: &k8snetv1.HTTPIngressRuleValue{ + Paths: []k8snetv1.HTTPIngressPath{}, + }, + }, + } + for _, path := range route.Paths { + // if path starts with ~ then add / to the beginning of the path + // see: https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/upgrade-kong-3x/#update-ingr + // ess-regular-expression-paths-for-kong-3x-compatibility + sCopy := *path + if strings.HasPrefix(*path, "~") { + sCopy = "/" + *path + } + if service.Port != nil { + ingressRule.IngressRuleValue.HTTP.Paths = append(ingressRule.IngressRuleValue.HTTP.Paths, + k8snetv1.HTTPIngressPath{ + Path: sCopy, + PathType: &pathTypeImplSpecific, + Backend: k8snetv1.IngressBackend{ + Service: &k8snetv1.IngressServiceBackend{ + Name: *service.Name, + Port: k8snetv1.ServiceBackendPort{ + Number: int32(*service.Port), + }, + }, + }, + }) + } else { + ingressRule.IngressRuleValue.HTTP.Paths = append(ingressRule.IngressRuleValue.HTTP.Paths, + k8snetv1.HTTPIngressPath{ + Path: sCopy, + PathType: &pathTypeImplSpecific, + Backend: k8snetv1.IngressBackend{ + Service: &k8snetv1.IngressServiceBackend{ + Name: *service.Name, + }, + }, + }) + } + } + k8sIngress.Spec.Rules = append(k8sIngress.Spec.Rules, ingressRule) + } + } + + err := addPluginsToRoute(service, route, k8sIngress, kicContent) + if err != nil { + return err + } + kicContent.Ingresses = append(kicContent.Ingresses, k8sIngress) + } + } + return nil +} + +func addPluginsToRoute( + service file.FService, + route *file.FRoute, + ingress k8snetv1.Ingress, + kicContent *KICContent, +) error { + for _, plugin := range route.Plugins { + var kongPlugin kicv1.KongPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = KongPluginKind + if plugin.Name != nil && route.Name != nil && service.Name != nil { + kongPlugin.ObjectMeta.Name = calculateSlug(*service.Name + "-" + *route.Name + "-" + *plugin.Name) + } else { + log.Println("Service name, route name or plugin name is empty. This is not recommended." + + "Please, provide a name for the service, route and the plugin before generating Kong Ingress Controller manifests.") + continue + } + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + kongPlugin.PluginName = *plugin.Name + + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + + if ingress.ObjectMeta.Annotations["konghq.com/plugins"] == "" { + ingress.ObjectMeta.Annotations["konghq.com/plugins"] = kongPlugin.ObjectMeta.Name + } else { + annotations := ingress.ObjectMeta.Annotations["konghq.com/plugins"] + "," + kongPlugin.ObjectMeta.Name + ingress.ObjectMeta.Annotations["konghq.com/plugins"] = annotations + } + + kicContent.KongPlugins = append(kicContent.KongPlugins, kongPlugin) + } + return nil +} + +// Convert route to HTTPRoute (Gateway API) +func populateKICIngressesWithGatewayAPI(content *file.Content, kicContent *KICContent) error { + for _, service := range content.Services { + for _, route := range service.Routes { + var httpRoute k8sgwapiv1.HTTPRoute + httpRoute.Kind = "HTTPRoute" + if targetKICVersionAPI == KICV3GATEWAY { + httpRoute.APIVersion = GatewayAPIVersionV1 + } else { + httpRoute.APIVersion = GatewayAPIVersionV1Beta1 + } + if service.Name != nil && route.Name != nil { + httpRoute.ObjectMeta.Name = calculateSlug(*service.Name + "-" + *route.Name) + } else { + log.Println("Service name or route name is empty. This is not recommended." + + "Please, provide a name for the service and the route before generating HTTPRoute manifests.") + continue + } + httpRoute.ObjectMeta.Annotations = make(map[string]string) + + // add konghq.com/preserve-host annotation if route.PreserveHost is not nil + if route.PreserveHost != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/preserve-host"] = strconv.FormatBool(*route.PreserveHost) + } + + // add konghq.com/strip-path annotation if route.StripPath is not nil + if route.StripPath != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/strip-path"] = strconv.FormatBool(*route.StripPath) + } + + // add konghq.com/https-redirect-status-code annotation if route.HTTPSRedirectStatusCode is not nil + if route.HTTPSRedirectStatusCode != nil { + value := strconv.Itoa(*route.HTTPSRedirectStatusCode) + httpRoute.ObjectMeta.Annotations["konghq.com/https-redirect-status-code"] = value + } + + // add konghq.com/regex-priority annotation if route.RegexPriority is not nil + if route.RegexPriority != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/regex-priority"] = strconv.Itoa(*route.RegexPriority) + } + + // add konghq.com/path-handling annotation if route.PathHandling is not nil + if route.PathHandling != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/path-handling"] = *route.PathHandling + } + + // add konghq.com/snis annotation if route.SNIs is not nil + if route.SNIs != nil { + var snis string + for _, sni := range route.SNIs { + if snis == "" { + snis = *sni + } else { + snis = snis + "," + *sni + } + } + httpRoute.ObjectMeta.Annotations["konghq.com/snis"] = snis + } + + // add konghq.com/request-buffering annotation if route.RequestBuffering is not nil + if route.RequestBuffering != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/request-buffering"] = strconv.FormatBool(*route.RequestBuffering) + } + + // add konghq.com/response-buffering annotation if route.ResponseBuffering is not nil + if route.ResponseBuffering != nil { + httpRoute.ObjectMeta.Annotations["konghq.com/response-buffering"] = strconv.FormatBool(*route.ResponseBuffering) + } + + // if route.hosts is not nil, add them to the httpRoute + if route.Hosts != nil { + for _, host := range route.Hosts { + httpRoute.Spec.Hostnames = append(httpRoute.Spec.Hostnames, k8sgwapiv1.Hostname(*host)) + } + } + + // add kong as the spec.parentRef.name + httpRoute.Spec.ParentRefs = append(httpRoute.Spec.ParentRefs, k8sgwapiv1.ParentReference{ + Name: k8sgwapiv1.ObjectName(ClassName), + }) + + // add service details to HTTPBackendRef + portNumber := k8sgwapiv1.PortNumber(*service.Port) + backendRef := k8sgwapiv1.BackendRef{ + BackendObjectReference: k8sgwapiv1.BackendObjectReference{ + Name: k8sgwapiv1.ObjectName(*service.Name), + Port: &portNumber, + }, + } + + var httpHeaderMatch []k8sgwapiv1.HTTPHeaderMatch + headerMatchExact := k8sgwapiv1.HeaderMatchExact + headerMatchRegex := k8sgwapiv1.HeaderMatchRegularExpression + // if route.Headers is not nil, add them to the httpHeaderMatch + if route.Headers != nil { + for key, values := range route.Headers { + // if values has only one value and that value starts with + // the special prefix ~*, the value is interpreted as a regular expression. + if len(values) == 1 && strings.HasPrefix(values[0], "~*") { + httpHeaderMatch = append(httpHeaderMatch, k8sgwapiv1.HTTPHeaderMatch{ + Name: k8sgwapiv1.HTTPHeaderName(key), + Value: values[0][2:], + Type: &headerMatchRegex, + }) + } else { + // if multiple values are present, add them as comma separated values + // if only one value is present, add it as a single value + var value string + if len(values) > 1 { + value = strings.Join(values, ",") + } else { + value = values[0] + } + httpHeaderMatch = append(httpHeaderMatch, k8sgwapiv1.HTTPHeaderMatch{ + Name: k8sgwapiv1.HTTPHeaderName(key), + Value: value, + Type: &headerMatchExact, + }) + } + } + } + + // If path is not nil, then for each path, for each method, add a httpRouteRule + // to the httpRoute + if route.Paths != nil { + for _, path := range route.Paths { + var httpPathMatch k8sgwapiv1.HTTPPathMatch + pathMatchRegex := k8sgwapiv1.PathMatchRegularExpression + pathMatchPrefix := k8sgwapiv1.PathMatchPathPrefix + + if strings.HasPrefix(*path, "~") { + httpPathMatch.Type = &pathMatchRegex + regexPath := (*path)[1:] + httpPathMatch.Value = ®exPath + } else { + httpPathMatch.Type = &pathMatchPrefix + httpPathMatch.Value = path + } + + for _, method := range route.Methods { + httpMethod := k8sgwapiv1.HTTPMethod(*method) + httpRoute.Spec.Rules = append(httpRoute.Spec.Rules, k8sgwapiv1.HTTPRouteRule{ + Matches: []k8sgwapiv1.HTTPRouteMatch{ + { + Path: &httpPathMatch, + Method: &httpMethod, + Headers: httpHeaderMatch, + }, + }, + BackendRefs: []k8sgwapiv1.HTTPBackendRef{ + { + BackendRef: backendRef, + }, + }, + }) + } + } + } else { + // If path is nil, then for each method, add a httpRouteRule + // to the httpRoute with headers and no path + for _, method := range route.Methods { + httpMethod := k8sgwapiv1.HTTPMethod(*method) + httpRoute.Spec.Rules = append(httpRoute.Spec.Rules, k8sgwapiv1.HTTPRouteRule{ + Matches: []k8sgwapiv1.HTTPRouteMatch{ + { + Method: &httpMethod, + Headers: httpHeaderMatch, + }, + }, + BackendRefs: []k8sgwapiv1.HTTPBackendRef{ + { + BackendRef: backendRef, + }, + }, + }) + } + } + err := addPluginsToGatewayAPIRoute(service, route, httpRoute, kicContent) + if err != nil { + return err + } + kicContent.HTTPRoutes = append(kicContent.HTTPRoutes, httpRoute) + } + } + return nil +} + +func addPluginsToGatewayAPIRoute( + service file.FService, route *file.FRoute, httpRoute k8sgwapiv1.HTTPRoute, kicContent *KICContent, +) error { + for _, plugin := range route.Plugins { + var kongPlugin kicv1.KongPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = KongPluginKind + if plugin.Name != nil && route.Name != nil && service.Name != nil { + kongPlugin.ObjectMeta.Name = calculateSlug(*service.Name + "-" + *route.Name + "-" + *plugin.Name) + } else { + log.Println("Service name, route name or plugin name is empty. This is not recommended." + + "Please, provide a name for the service, route and the plugin before generating Kong Ingress Controller manifests.") + continue + } + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + kongPlugin.PluginName = *plugin.Name + + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + + // add plugins as extensionRef under filters for every rule + for i := range httpRoute.Spec.Rules { + httpRoute.Spec.Rules[i].Filters = append(httpRoute.Spec.Rules[i].Filters, k8sgwapiv1.HTTPRouteFilter{ + ExtensionRef: &k8sgwapiv1.LocalObjectReference{ + Name: k8sgwapiv1.ObjectName(kongPlugin.ObjectMeta.Name), + Kind: KongPluginKind, + Group: "configuration.konghq.com", + }, + Type: k8sgwapiv1.HTTPRouteFilterExtensionRef, + }) + } + + kicContent.KongPlugins = append(kicContent.KongPlugins, kongPlugin) + } + return nil +} diff --git a/kong2kic/service.go b/kong2kic/service.go new file mode 100644 index 000000000..a5303ae6a --- /dev/null +++ b/kong2kic/service.go @@ -0,0 +1,145 @@ +package kong2kic + +import ( + "encoding/json" + "log" + "strconv" + "strings" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + k8scorev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func populateKICServicesWithAnnotations(content *file.Content, kicContent *KICContent) error { + // Iterate Kong Services and create k8s Services, + // then create KongIngress resources for Kong Service Upstream data. + // Finally, create KongPlugin resources for each plugin + // associated with the service. + for i := range content.Services { + service := content.Services[i] + + var k8sService k8scorev1.Service + var protocol k8scorev1.Protocol + + k8sService.TypeMeta.APIVersion = "v1" + k8sService.TypeMeta.Kind = "Service" + if service.Name != nil { + k8sService.ObjectMeta.Name = calculateSlug(*service.Name) + } else { + log.Println("Service name is empty. This is not recommended." + + "Please, provide a name for the service before generating Kong Ingress Controller manifests.") + continue + } + k8sService.ObjectMeta.Annotations = make(map[string]string) + + // default TCP unless service.Protocol is equal to k8scorev1.ProtocolUDP + if service.Protocol != nil && k8scorev1.Protocol(strings.ToUpper(*service.Protocol)) == k8scorev1.ProtocolUDP { + protocol = k8scorev1.ProtocolUDP + } else { + protocol = k8scorev1.ProtocolTCP + } + + if service.Port != nil { + sPort := k8scorev1.ServicePort{ + Protocol: protocol, + Port: int32(*service.Port), + TargetPort: intstr.IntOrString{IntVal: int32(*service.Port)}, + } + k8sService.Spec.Ports = append(k8sService.Spec.Ports, sPort) + } + + if service.Name != nil { + k8sService.Spec.Selector = map[string]string{"app": *service.Name} + } else { + log.Println("Service without a name is not recommended") + } + + // add konghq.com/read-timeout annotation if service.ReadTimeout is not nil + if service.ReadTimeout != nil { + k8sService.ObjectMeta.Annotations["konghq.com/read-timeout"] = strconv.Itoa(*service.ReadTimeout) + } + + // add konghq.com/write-timeout annotation if service.WriteTimeout is not nil + if service.WriteTimeout != nil { + k8sService.ObjectMeta.Annotations["konghq.com/write-timeout"] = strconv.Itoa(*service.WriteTimeout) + } + + // add konghq.com/connect-timeout annotation if service.ConnectTimeout is not nil + if service.ConnectTimeout != nil { + k8sService.ObjectMeta.Annotations["konghq.com/connect-timeout"] = strconv.Itoa(*service.ConnectTimeout) + } + + // add konghq.com/protocol annotation if service.Protocol is not nil + if service.Protocol != nil { + k8sService.ObjectMeta.Annotations["konghq.com/protocol"] = *service.Protocol + } + + // add konghq.com/path annotation if service.Path is not nil + if service.Path != nil { + k8sService.ObjectMeta.Annotations["konghq.com/path"] = *service.Path + } + + // add konghq.com/retries annotation if service.Retries is not nil + if service.Retries != nil { + k8sService.ObjectMeta.Annotations["konghq.com/retries"] = strconv.Itoa(*service.Retries) + } + + if targetKICVersionAPI == KICV3GATEWAY || targetKICVersionAPI == KICV3INGRESS { + // Use KongUpstreamPolicy for KICv3 + populateKICUpstreamPolicy(content, &service, &k8sService, kicContent) + } else { + // Use KongIngress for KICv2 + populateKICUpstream(content, &service, &k8sService, kicContent) + } + + // iterate over the plugins for this service, create a KongPlugin for each one and add an annotation to the service + // transform the plugin config from map[string]interface{} to apiextensionsv1.JSON + // create a plugins annotation in the k8sservice to link the plugin to it + err := addPluginsToService(service, k8sService, kicContent) + if err != nil { + return err + } + + kicContent.Services = append(kicContent.Services, k8sService) + + } + return nil +} + +func addPluginsToService(service file.FService, k8sService k8scorev1.Service, kicContent *KICContent) error { + for _, plugin := range service.Plugins { + var kongPlugin kicv1.KongPlugin + kongPlugin.APIVersion = KICAPIVersion + kongPlugin.Kind = KongPluginKind + if plugin.Name != nil && service.Name != nil { + kongPlugin.ObjectMeta.Name = calculateSlug(*service.Name + "-" + *plugin.Name) + } else { + log.Println("Service name or plugin name is empty. This is not recommended." + + "Please, provide a name for the service and the plugin before generating Kong Ingress Controller manifests.") + continue + } + kongPlugin.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + kongPlugin.PluginName = *plugin.Name + + var configJSON apiextensionsv1.JSON + var err error + configJSON.Raw, err = json.Marshal(plugin.Config) + if err != nil { + return err + } + kongPlugin.Config = configJSON + + if k8sService.ObjectMeta.Annotations["konghq.com/plugins"] == "" { + k8sService.ObjectMeta.Annotations["konghq.com/plugins"] = kongPlugin.ObjectMeta.Name + } else { + annotations := k8sService.ObjectMeta.Annotations["konghq.com/plugins"] + "," + kongPlugin.ObjectMeta.Name + k8sService.ObjectMeta.Annotations["konghq.com/plugins"] = annotations + } + + kicContent.KongPlugins = append(kicContent.KongPlugins, kongPlugin) + } + return nil +} diff --git a/kong2kic/testdata/input.yaml b/kong2kic/testdata/input.yaml new file mode 100644 index 000000000..369872baa --- /dev/null +++ b/kong2kic/testdata/input.yaml @@ -0,0 +1,505 @@ +ca_certificates: +- cert: | + -----BEGIN CERTIFICATE----- + MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa + MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw + NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG + SM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx + 7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB + /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2 + ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR + PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ + -----END CERTIFICATE----- + cert_digest: f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5 + id: 8ccca140-aff4-411d-8e1c-fcfb3f932a8e + tags: + - root-ca +- cert: | + -----BEGIN CERTIFICATE----- + MIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow + GAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2 + MTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0 + ZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of + e0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM + o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E + FgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE + Q8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3 + ZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl + -----END CERTIFICATE----- + cert_digest: dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308 + id: 2e5f8ad1-21ca-47f5-8af7-899486e82731 + tags: + - intermediate_ca1 +- cert: | + -----BEGIN CERTIFICATE----- + MIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo + MCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2 + MTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS + b290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB + my/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws + Y9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw + BgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw + FoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc + azM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX + gxUhveuHBXMWnzUbn6U= + -----END CERTIFICATE----- + cert_digest: 45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600 + id: cab2565d-fed6-4a07-b25c-bab76fdfe071 + tags: + - intermediate_ca2 +certificates: +- cert: |- + -----BEGIN CERTIFICATE----- + MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy + b3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu + eLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD + /WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz + m5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F + uCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT + EP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA + AaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw + ADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI + hvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4 + pJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS + GdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM + ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9 + Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj + Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ= + -----END CERTIFICATE----- + id: 507cc555-5b92-496d-9e89-bfc78dfcddbe + key: |- + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ + P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi + 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat + IoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q + XxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i + lIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy + E56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU + tyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda + DZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj + Dv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW + nYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5 + RNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo + kQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/ + zmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5 + SrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C + 4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO + P0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu + reoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC + rDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI + kOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg + ECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm + zKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2 + fXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu + LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY + iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3 + NNSvLxPAempmiFPSk9AtobYV + -----END PRIVATE KEY----- + snis: + - name: proxy.kong.lan + tags: + - proxy.kong.lan +- cert: |- + -----BEGIN CERTIFICATE----- + MIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10 + bHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1 + BYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo + byOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu + 3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z + 0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO + 1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa + 71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn + 3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2 + OsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD + PgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj + vdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD + 55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE + AwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl + cnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME + GDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l + BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ + WELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY + I58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC + Xb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ + Ipmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa + aQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5 + T8tqV6i5miKWwvfZ + -----END CERTIFICATE----- + id: f3ae1bb2-ea6a-4caf-a7a7-2f078b7842db + key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/ + DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45 + 8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N + VYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB + 29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x + tvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0 + DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z + f+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z + 1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr + jRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM + kupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA + AQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB + 0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb + r+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt + wguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD + bqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl + RBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx + pbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC + e9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0 + B29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH + aDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1 + i/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e + oPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/ + Ta3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH + AHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x + YdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC + IS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp + QztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI + 3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1 + rpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8 + BLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF + wQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1 + +u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0 + /z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5 + WZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT + pIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4 + R7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H + MNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S + kB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+ + atZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi + Y0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP + mRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J + wcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ + xDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd + REdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA + G/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN + abpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS + wG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3 + Sbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh + -----END RSA PRIVATE KEY----- +services: + - name: example-service + url: http://example-api.com + protocol: http + host: example-api.com + port: 80 + path: /v1 + retries: 5 + connect_timeout: 5000 + write_timeout: 60000 + read_timeout: 60000 + enabled: true + client_certificate: 4e3ad2e4-0bc4-4638-8e34-c84a417ba39b + plugins: + - name: rate-limiting-advanced + config: + limit: + - 5 + window_size: + - 30 + identifier: consumer + sync_rate: -1 + namespace: example_namespace + strategy: local + hide_client_headers: false + tags: + - example + - api + routes: + - name: _route_thisISAveryvery_long_+name_toVALIDATEthat(the slugify functionality w0rks4s3xp3ct3d)_ + methods: + - GET + - POST + hosts: + - example.com + - another-example.com + - yet-another-example.com + paths: + - ~/v1/example/?$ + - /v1/another-example + - /v1/yet-another-example + protocols: + - http + - https + headers: + x-my-header: + - ~*foos?bar$ + x-another-header: + - first-header-value + - second-header-value + regex_priority: 1 + strip_path: false + preserve_host: true + tags: + - version:v1 + https_redirect_status_code: 302 + snis: + - example.com + sources: + - ip: 192.168.0.1 + plugins: + - name: aws-lambda + config: + aws_key: my_key + aws_secret: my_secret + function_name: my_function + aws_region: us-west-2 + - name: cors + config: + origins: + - example.com + methods: + - GET + - POST + headers: + - Authorization + exposed_headers: + - X-My-Header + max_age: 3600 + credentials: true + - name: file-log + config: + path: /var/log/kong/kong.log + reopen: true + - name: http-log + config: + http_endpoint: http://example.com/logs + method: POST + content_type: application/json + timeout: 10000 + keepalive: 60000 + retry_count: 10 + queue_size: 1000 + - name: ip-restriction + config: + allow: + - 192.168.0.1/24 + deny: + - 192.168.0.2/32 + - name: rate-limiting-advanced + config: + limit: + - 5 + window_size: + - 30 + identifier: consumer + sync_rate: -1 + namespace: example_namespace + strategy: local + hide_client_headers: false + - name: request-termination + config: + status_code: 403 + message: Forbidden + - name: response-ratelimiting + config: + limits: + limit_name: + minute: 10 + policy: local + - name: tcp-log + config: + host: example.com + port: 1234 + - name: basic-auth + config: + hide_credentials: false + - name: jwt + config: + uri_param_names: + - token + claims_to_verify: + - exp + - nbf + key_claim_name: kid + secret_is_base64: false + anonymous: null + run_on_preflight: true + maximum_expiration: 3600 + header_names: + - Authorization + - name: key-auth + config: + hide_credentials: false + key_names: + - apikey + key_in_body: false + run_on_preflight: true + - name: mtls-auth + config: + ca_certificates: + - cce8c384-721f-4f58-85dd-50834e3e733a + skip_consumer_lookup: false + revocation_check_mode: SKIP + - name: acl + config: + allow: + - admin +upstreams: + - name: example-api.com + algorithm: round-robin + hash_on: none + hash_fallback: none + hash_on_cookie_path: "/" + slots: 10000 + healthchecks: + passive: + type: http + healthy: + http_statuses: + - 200 + - 201 + - 202 + - 203 + - 204 + - 205 + - 206 + - 207 + - 208 + - 226 + - 300 + - 301 + - 302 + - 303 + - 304 + - 305 + - 306 + - 307 + - 308 + successes: 0 + unhealthy: + http_statuses: + - 429 + - 500 + - 503 + timeouts: 0 + http_failures: 0 + tcp_failures: 0 + active: + https_verify_certificate: true + healthy: + http_statuses: + - 200 + - 302 + successes: 0 + interval: 0 + unhealthy: + http_failures: 0 + http_statuses: + - 429 + - 404 + - 500 + - 501 + - 502 + - 503 + - 504 + - 505 + timeouts: 0 + tcp_failures: 0 + interval: 0 + type: http + concurrency: 10 + headers: + x-my-header: + - foo + - bar + x-another-header: + - bla + timeout: 1 + http_path: "/" + https_sni: example.com + threshold: 0 + tags: + - user-level + - low-priority + host_header: example.com + client_certificate: + id: ea29aaa3-3b2d-488c-b90c-56df8e0dd8c6 + use_srv_name: false +consumers: + - username: example-user + custom_id: "1234567890" + tags: + - internal + acls: + - group: acl_group + tags: + - internal + basicauth_credentials: + - username: my_basic_user + password: my_basic_password + tags: + - internal + jwt_secrets: + - key: my_jwt_secret + algorithm: HS256 + secret: my_secret_key + rsa_public_key: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX + ZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3 + oWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4 + 4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ + DfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw + O/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6 + ewIDAQAB + -----END PUBLIC KEY----- + tags: + - internal + keyauth_credentials: + - key: my_api_key + tags: + - internal + mtls_auth_credentials: + - id: cce8c384-721f-4f58-85dd-50834e3e733a + subject_name: example-user@example.com + plugins: + - name: rate-limiting-advanced + config: + limit: + - 5 + window_size: + - 30 + identifier: consumer + sync_rate: -1 + namespace: example_namespace + strategy: local + hide_client_headers: false +consumer_groups: + - name: example-consumer-group + consumers: + - username: example-user + plugins: + - name: rate-limiting-advanced + config: + limit: + - 5 + window_size: + - 30 + identifier: consumer + sync_rate: -1 + namespace: example_namespace + strategy: local + hide_client_headers: false + window_type: sliding + retry_after_jitter_max: + - 0 + + + \ No newline at end of file diff --git a/kong2kic/testdata/kicv2_gateway/output-expected.json b/kong2kic/testdata/kicv2_gateway/output-expected.json new file mode 100644 index 000000000..f18d118f2 --- /dev/null +++ b/kong2kic/testdata/kicv2_gateway/output-expected.json @@ -0,0 +1,1483 @@ +{ + "apiVersion": "configuration.konghq.com/v1", + "kind": "KongIngress", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-upstream" + }, + "upstream": { + "algorithm": "round-robin", + "hash_fallback": "none", + "hash_on": "none", + "hash_on_cookie_path": "/", + "healthchecks": { + "active": { + "concurrency": 10, + "headers": { + "x-another-header": [ + "bla" + ], + "x-my-header": [ + "foo", + "bar" + ] + }, + "healthy": { + "http_statuses": [ + 200, + 302 + ], + "interval": 0, + "successes": 0 + }, + "http_path": "/", + "https_sni": "example.com", + "https_verify_certificate": true, + "timeout": 1, + "type": "http", + "unhealthy": { + "http_failures": 0, + "http_statuses": [ + 429, + 404, + 500, + 501, + 502, + 503, + 504, + 505 + ], + "interval": 0, + "tcp_failures": 0, + "timeouts": 0 + } + }, + "passive": { + "healthy": { + "http_statuses": [ + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 226, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308 + ], + "successes": 0 + }, + "type": "http", + "unhealthy": { + "http_failures": 0, + "http_statuses": [ + 429, + 500, + 503 + ], + "tcp_failures": 0, + "timeouts": 0 + } + }, + "threshold": 0 + }, + "host_header": "example.com", + "slots": 10000 + } +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "aws_key": "my_key", + "aws_region": "us-west-2", + "aws_secret": "my_secret", + "function_name": "my_function" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "plugin": "aws-lambda" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "credentials": true, + "exposed_headers": [ + "X-My-Header" + ], + "headers": [ + "Authorization" + ], + "max_age": 3600, + "methods": [ + "GET", + "POST" + ], + "origins": [ + "example.com" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "plugin": "cors" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "path": "/var/log/kong/kong.log", + "reopen": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "plugin": "file-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "content_type": "application/json", + "http_endpoint": "http://example.com/logs", + "keepalive": 60000, + "method": "POST", + "queue_size": 1000, + "retry_count": 10, + "timeout": 10000 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "plugin": "http-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "192.168.0.1/24" + ], + "deny": [ + "192.168.0.2/32" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "plugin": "ip-restriction" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "message": "Forbidden", + "status_code": 403 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "plugin": "request-termination" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "limits": { + "limit_name": { + "minute": 10 + } + }, + "policy": "local" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "plugin": "response-ratelimiting" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "host": "example.com", + "port": 1234 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "plugin": "tcp-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "plugin": "basic-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "anonymous": null, + "claims_to_verify": [ + "exp", + "nbf" + ], + "header_names": [ + "Authorization" + ], + "key_claim_name": "kid", + "maximum_expiration": 3600, + "run_on_preflight": true, + "secret_is_base64": false, + "uri_param_names": [ + "token" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "plugin": "jwt" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false, + "key_in_body": false, + "key_names": [ + "apikey" + ], + "run_on_preflight": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "plugin": "key-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "ca_certificates": [ + "cce8c384-721f-4f58-85dd-50834e3e733a" + ], + "revocation_check_mode": "SKIP", + "skip_consumer_lookup": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "plugin": "mtls-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "admin" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "plugin": "acl" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "gateway.networking.k8s.io/v1beta1", + "kind": "HTTPRoute", + "metadata": { + "annotations": { + "konghq.com/https-redirect-status-code": "302", + "konghq.com/preserve-host": "true", + "konghq.com/regex-priority": "1", + "konghq.com/snis": "example.com", + "konghq.com/strip-path": "false" + }, + "name": "example-service--route-thisisaveryvery-long2093a020ca" + }, + "spec": { + "hostnames": [ + "example.com", + "another-example.com", + "yet-another-example.com" + ], + "parentRefs": [ + { + "name": "kong" + } + ], + "rules": [ + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "RegularExpression", + "value": "/v1/example/?$" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "RegularExpression", + "value": "/v1/example/?$" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "PathPrefix", + "value": "/v1/another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "PathPrefix", + "value": "/v1/another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "PathPrefix", + "value": "/v1/yet-another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "PathPrefix", + "value": "/v1/yet-another-example" + } + } + ] + } + ] + } +}{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + "konghq.com/connect-timeout": "5000", + "konghq.com/override": "example-service-upstream", + "konghq.com/path": "/v1", + "konghq.com/plugins": "example-service-rate-limiting-advanced", + "konghq.com/protocol": "http", + "konghq.com/read-timeout": "60000", + "konghq.com/retries": "5", + "konghq.com/write-timeout": "60000" + }, + "name": "example-service" + }, + "spec": { + "ports": [ + { + "port": 80, + "protocol": "TCP", + "targetPort": 80 + } + ], + "selector": { + "app": "example-service" + } + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "key-auth-example-user" + }, + "stringData": { + "key": "my_api_key", + "kongCredType": "key-auth" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "jwt-auth-example-user" + }, + "stringData": { + "algorithm": "HS256", + "key": "my_jwt_secret", + "kongCredType": "jwt", + "rsa_public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX\nZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3\noWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4\n4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ\nDfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw\nO/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6\newIDAQAB\n-----END PUBLIC KEY-----", + "secret": "my_secret_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "basic-auth-example-user" + }, + "stringData": { + "kongCredType": "basic-auth", + "password": "my_basic_password", + "username": "my_basic_user" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "acl-group-example-user" + }, + "stringData": { + "group": "acl_group", + "kongCredType": "acl" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "mtls-auth-example-user" + }, + "stringData": { + "id": "cce8c384-721f-4f58-85dd-50834e3e733a", + "kongCredType": "mtls-auth", + "subject_name": "example-user@example.com" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa\nMBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw\nNjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx\n7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB\n/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2\nScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR\nPSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ\n-----END CERTIFICATE-----\n", + "ca.digest": "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow\nGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2\nMTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0\nZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of\ne0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM\no2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E\nFgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE\nQ8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3\nZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl\n-----END CERTIFICATE-----\n", + "ca.digest": "dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo\nMCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2\nMTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS\nb290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB\nmy/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws\nY9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw\nBgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw\nFoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc\nazM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX\ngxUhveuHBXMWnzUbn6U=\n-----END CERTIFICATE-----\n", + "ca.digest": "45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy\nb3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu\neLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD\n/WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz\nm5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F\nuCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT\nEP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA\nAaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI\nhvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4\npJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS\nGdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM\novZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9\nFk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj\nEwxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ=\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ\nP+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi\n53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat\nIoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q\nXxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i\nlIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy\nE56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU\ntyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda\nDZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj\nDv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW\nnYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5\nRNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo\nkQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/\nzmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5\nSrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C\n4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO\nP0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu\nreoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC\nrDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI\nkOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg\nECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm\nzKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2\nfXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu\nLwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY\niVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3\nNNSvLxPAempmiFPSk9AtobYV\n-----END PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10\nbHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1\nBYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo\nbyOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu\n3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z\n0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO\n1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa\n71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn\n3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2\nOsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD\nPgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj\nvdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD\n55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE\nAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl\ncnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME\nGDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l\nBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ\nWELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY\nI58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC\nXb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ\nIpmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa\naQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5\nT8tqV6i5miKWwvfZ\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/\nDKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45\n8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N\nVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB\n29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x\ntvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0\nDZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z\nf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z\n1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr\njRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM\nkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA\nAQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB\n0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb\nr+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt\nwguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD\nbqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl\nRBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx\npbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC\ne9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0\nB29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH\naDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1\ni/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e\noPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/\nTa3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH\nAHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x\nYdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC\nIS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp\nQztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI\n3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1\nrpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8\nBLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF\nwQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1\n+u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0\n/z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5\nWZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT\npIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4\nR7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H\nMNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S\nkB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+\natZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi\nY0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP\nmRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J\nwcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ\nxDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd\nREdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA\nG/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN\nabpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS\nwG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3\nSbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh\n-----END RSA PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "configuration.konghq.com/v1", + "consumerGroups": [ + "example-consumer-group" + ], + "credentials": [ + "key-auth-example-user", + "jwt-auth-example-user", + "basic-auth-example-user", + "acl-group-example-user", + "mtls-auth-example-user" + ], + "custom_id": "1234567890", + "kind": "KongConsumer", + "metadata": { + "annotations": { + "konghq.com/plugins": "example-user-rate-limiting-advanced", + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user" + }, + "username": "example-user" +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongConsumerGroup", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-consumer-group" + } +} \ No newline at end of file diff --git a/kong2kic/testdata/kicv2_gateway/output-expected.yaml b/kong2kic/testdata/kicv2_gateway/output-expected.yaml new file mode 100644 index 000000000..484b07206 --- /dev/null +++ b/kong2kic/testdata/kicv2_gateway/output-expected.yaml @@ -0,0 +1,1181 @@ +apiVersion: configuration.konghq.com/v1 +kind: KongIngress +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-upstream +upstream: + algorithm: round-robin + hash_fallback: none + hash_on: none + hash_on_cookie_path: / + healthchecks: + active: + concurrency: 10 + headers: + x-another-header: + - bla + x-my-header: + - foo + - bar + healthy: + http_statuses: + - 200 + - 302 + interval: 0 + successes: 0 + http_path: / + https_sni: example.com + https_verify_certificate: true + timeout: 1 + type: http + unhealthy: + http_failures: 0 + http_statuses: + - 429 + - 404 + - 500 + - 501 + - 502 + - 503 + - 504 + - 505 + interval: 0 + tcp_failures: 0 + timeouts: 0 + passive: + healthy: + http_statuses: + - 200 + - 201 + - 202 + - 203 + - 204 + - 205 + - 206 + - 207 + - 208 + - 226 + - 300 + - 301 + - 302 + - 303 + - 304 + - 305 + - 306 + - 307 + - 308 + successes: 0 + type: http + unhealthy: + http_failures: 0 + http_statuses: + - 429 + - 500 + - 503 + tcp_failures: 0 + timeouts: 0 + threshold: 0 + host_header: example.com + slots: 10000 +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + aws_key: my_key + aws_region: us-west-2 + aws_secret: my_secret + function_name: my_function +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long9344b5559f +plugin: aws-lambda +--- +apiVersion: configuration.konghq.com/v1 +config: + credentials: true + exposed_headers: + - X-My-Header + headers: + - Authorization + max_age: 3600 + methods: + - GET + - POST + origins: + - example.com +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longfdeaa51f90 +plugin: cors +--- +apiVersion: configuration.konghq.com/v1 +config: + path: /var/log/kong/kong.log + reopen: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long3b4b1fae8e +plugin: file-log +--- +apiVersion: configuration.konghq.com/v1 +config: + content_type: application/json + http_endpoint: http://example.com/logs + keepalive: 60000 + method: POST + queue_size: 1000 + retry_count: 10 + timeout: 10000 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long59030a424c +plugin: http-log +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - 192.168.0.1/24 + deny: + - 192.168.0.2/32 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb44edd01cf +plugin: ip-restriction +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longef35b834c6 +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + message: Forbidden + status_code: 403 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2c08ebc54 +plugin: request-termination +--- +apiVersion: configuration.konghq.com/v1 +config: + limits: + limit_name: + minute: 10 + policy: local +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longc400f1ab11 +plugin: response-ratelimiting +--- +apiVersion: configuration.konghq.com/v1 +config: + host: example.com + port: 1234 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long47f9f5054d +plugin: tcp-log +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long26f9714514 +plugin: basic-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + anonymous: null + claims_to_verify: + - exp + - nbf + header_names: + - Authorization + key_claim_name: kid + maximum_expiration: 3600 + run_on_preflight: true + secret_is_base64: false + uri_param_names: + - token +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long0239c8f63e +plugin: jwt +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false + key_in_body: false + key_names: + - apikey + run_on_preflight: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long5494737f3e +plugin: key-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + ca_certificates: + - cce8c384-721f-4f58-85dd-50834e3e733a + revocation_check_mode: SKIP + skip_consumer_lookup: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long89ae2d2b5d +plugin: mtls-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - admin +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2440ac898 +plugin: acl +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-user-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + annotations: + konghq.com/https-redirect-status-code: "302" + konghq.com/preserve-host: "true" + konghq.com/regex-priority: "1" + konghq.com/snis: example.com + konghq.com/strip-path: "false" + name: example-service--route-thisisaveryvery-long2093a020ca +spec: + hostnames: + - example.com + - another-example.com + - yet-another-example.com + parentRefs: + - name: kong + rules: + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: RegularExpression + value: /v1/example/?$ + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: RegularExpression + value: /v1/example/?$ + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: PathPrefix + value: /v1/another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: PathPrefix + value: /v1/another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: PathPrefix + value: /v1/yet-another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: PathPrefix + value: /v1/yet-another-example +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + konghq.com/connect-timeout: "5000" + konghq.com/override: example-service-upstream + konghq.com/path: /v1 + konghq.com/plugins: example-service-rate-limiting-advanced + konghq.com/protocol: http + konghq.com/read-timeout: "60000" + konghq.com/retries: "5" + konghq.com/write-timeout: "60000" + name: example-service +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + app: example-service +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: key-auth-example-user +stringData: + key: my_api_key + kongCredType: key-auth +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: jwt-auth-example-user +stringData: + algorithm: HS256 + key: my_jwt_secret + kongCredType: jwt + rsa_public_key: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX + ZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3 + oWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4 + 4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ + DfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw + O/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6 + ewIDAQAB + -----END PUBLIC KEY----- + secret: my_secret_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: basic-auth-example-user +stringData: + kongCredType: basic-auth + password: my_basic_password + username: my_basic_user +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: acl-group-example-user +stringData: + group: acl_group + kongCredType: acl +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: mtls-auth-example-user +stringData: + id: cce8c384-721f-4f58-85dd-50834e3e733a + kongCredType: mtls-auth + subject_name: example-user@example.com +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa + MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw + NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG + SM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx + 7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB + /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2 + ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR + PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ + -----END CERTIFICATE----- + ca.digest: f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471 +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow + GAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2 + MTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0 + ZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of + e0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM + o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E + FgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE + Q8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3 + ZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl + -----END CERTIFICATE----- + ca.digest: dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo + MCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2 + MTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS + b290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB + my/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws + Y9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw + BgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw + FoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc + azM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX + gxUhveuHBXMWnzUbn6U= + -----END CERTIFICATE----- + ca.digest: 45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy + b3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu + eLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD + /WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz + m5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F + uCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT + EP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA + AaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw + ADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI + hvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4 + pJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS + GdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM + ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9 + Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj + Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ= + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ + P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi + 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat + IoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q + XxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i + lIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy + E56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU + tyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda + DZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj + Dv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW + nYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5 + RNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo + kQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/ + zmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5 + SrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C + 4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO + P0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu + reoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC + rDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI + kOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg + ECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm + zKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2 + fXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu + LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY + iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3 + NNSvLxPAempmiFPSk9AtobYV + -----END PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323 +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10 + bHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1 + BYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo + byOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu + 3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z + 0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO + 1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa + 71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn + 3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2 + OsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD + PgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj + vdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD + 55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE + AwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl + cnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME + GDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l + BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ + WELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY + I58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC + Xb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ + Ipmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa + aQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5 + T8tqV6i5miKWwvfZ + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/ + DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45 + 8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N + VYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB + 29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x + tvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0 + DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z + f+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z + 1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr + jRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM + kupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA + AQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB + 0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb + r+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt + wguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD + bqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl + RBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx + pbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC + e9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0 + B29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH + aDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1 + i/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e + oPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/ + Ta3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH + AHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x + YdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC + IS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp + QztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI + 3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1 + rpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8 + BLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF + wQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1 + +u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0 + /z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5 + WZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT + pIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4 + R7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H + MNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S + kB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+ + atZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi + Y0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP + mRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J + wcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ + xDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd + REdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA + G/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN + abpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS + wG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3 + Sbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh + -----END RSA PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: configuration.konghq.com/v1 +consumerGroups: +- example-consumer-group +credentials: +- key-auth-example-user +- jwt-auth-example-user +- basic-auth-example-user +- acl-group-example-user +- mtls-auth-example-user +custom_id: "1234567890" +kind: KongConsumer +metadata: + annotations: + konghq.com/plugins: example-user-rate-limiting-advanced + kubernetes.io/ingress.class: kong + name: example-user +username: example-user +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongConsumerGroup +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-consumer-group +--- diff --git a/kong2kic/testdata/kicv2_ingress/output-expected.json b/kong2kic/testdata/kicv2_ingress/output-expected.json new file mode 100644 index 000000000..37e4191ed --- /dev/null +++ b/kong2kic/testdata/kicv2_ingress/output-expected.json @@ -0,0 +1,750 @@ +{ + "apiVersion": "configuration.konghq.com/v1", + "kind": "KongIngress", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-upstream" + }, + "upstream": { + "algorithm": "round-robin", + "hash_fallback": "none", + "hash_on": "none", + "hash_on_cookie_path": "/", + "healthchecks": { + "active": { + "concurrency": 10, + "headers": { + "x-another-header": [ + "bla" + ], + "x-my-header": [ + "foo", + "bar" + ] + }, + "healthy": { + "http_statuses": [ + 200, + 302 + ], + "interval": 0, + "successes": 0 + }, + "http_path": "/", + "https_sni": "example.com", + "https_verify_certificate": true, + "timeout": 1, + "type": "http", + "unhealthy": { + "http_failures": 0, + "http_statuses": [ + 429, + 404, + 500, + 501, + 502, + 503, + 504, + 505 + ], + "interval": 0, + "tcp_failures": 0, + "timeouts": 0 + } + }, + "passive": { + "healthy": { + "http_statuses": [ + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 226, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308 + ], + "successes": 0 + }, + "type": "http", + "unhealthy": { + "http_failures": 0, + "http_statuses": [ + 429, + 500, + 503 + ], + "tcp_failures": 0, + "timeouts": 0 + } + }, + "threshold": 0 + }, + "host_header": "example.com", + "slots": 10000 + } +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "aws_key": "my_key", + "aws_region": "us-west-2", + "aws_secret": "my_secret", + "function_name": "my_function" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "plugin": "aws-lambda" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "credentials": true, + "exposed_headers": [ + "X-My-Header" + ], + "headers": [ + "Authorization" + ], + "max_age": 3600, + "methods": [ + "GET", + "POST" + ], + "origins": [ + "example.com" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "plugin": "cors" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "path": "/var/log/kong/kong.log", + "reopen": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "plugin": "file-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "content_type": "application/json", + "http_endpoint": "http://example.com/logs", + "keepalive": 60000, + "method": "POST", + "queue_size": 1000, + "retry_count": 10, + "timeout": 10000 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "plugin": "http-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "192.168.0.1/24" + ], + "deny": [ + "192.168.0.2/32" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "plugin": "ip-restriction" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "message": "Forbidden", + "status_code": 403 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "plugin": "request-termination" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "limits": { + "limit_name": { + "minute": 10 + } + }, + "policy": "local" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "plugin": "response-ratelimiting" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "host": "example.com", + "port": 1234 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "plugin": "tcp-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "plugin": "basic-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "anonymous": null, + "claims_to_verify": [ + "exp", + "nbf" + ], + "header_names": [ + "Authorization" + ], + "key_claim_name": "kid", + "maximum_expiration": 3600, + "run_on_preflight": true, + "secret_is_base64": false, + "uri_param_names": [ + "token" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "plugin": "jwt" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false, + "key_in_body": false, + "key_names": [ + "apikey" + ], + "run_on_preflight": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "plugin": "key-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "ca_certificates": [ + "cce8c384-721f-4f58-85dd-50834e3e733a" + ], + "revocation_check_mode": "SKIP", + "skip_consumer_lookup": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "plugin": "mtls-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "admin" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "plugin": "acl" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "networking.k8s.io/v1", + "kind": "Ingress", + "metadata": { + "annotations": { + "konghq.com/headers.x-another-header": "first-header-value,second-header-value", + "konghq.com/headers.x-my-header": "~*foos?bar$", + "konghq.com/https-redirect-status-code": "302", + "konghq.com/methods": "GET,POST", + "konghq.com/plugins": "example-service--route-thisisaveryvery-long9344b5559f,example-service--route-thisisaveryvery-longfdeaa51f90,example-service--route-thisisaveryvery-long3b4b1fae8e,example-service--route-thisisaveryvery-long59030a424c,example-service--route-thisisaveryvery-longb44edd01cf,example-service--route-thisisaveryvery-longef35b834c6,example-service--route-thisisaveryvery-longb2c08ebc54,example-service--route-thisisaveryvery-longc400f1ab11,example-service--route-thisisaveryvery-long47f9f5054d,example-service--route-thisisaveryvery-long26f9714514,example-service--route-thisisaveryvery-long0239c8f63e,example-service--route-thisisaveryvery-long5494737f3e,example-service--route-thisisaveryvery-long89ae2d2b5d,example-service--route-thisisaveryvery-longb2440ac898", + "konghq.com/preserve-host": "true", + "konghq.com/protocols": "http,https", + "konghq.com/regex-priority": "1", + "konghq.com/snis": "example.com", + "konghq.com/strip-path": "false" + }, + "name": "example-service--route-thisisaveryvery-long2093a020ca" + }, + "spec": { + "ingressClassName": "kong", + "rules": [ + { + "host": "example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + }, + { + "host": "another-example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + }, + { + "host": "yet-another-example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + } + ] + } +}{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + "konghq.com/connect-timeout": "5000", + "konghq.com/override": "example-service-upstream", + "konghq.com/path": "/v1", + "konghq.com/plugins": "example-service-rate-limiting-advanced", + "konghq.com/protocol": "http", + "konghq.com/read-timeout": "60000", + "konghq.com/retries": "5", + "konghq.com/write-timeout": "60000" + }, + "name": "example-service" + }, + "spec": { + "ports": [ + { + "port": 80, + "protocol": "TCP", + "targetPort": 80 + } + ], + "selector": { + "app": "example-service" + } + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "key-auth-example-user" + }, + "stringData": { + "key": "my_api_key", + "kongCredType": "key-auth" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "jwt-auth-example-user" + }, + "stringData": { + "algorithm": "HS256", + "key": "my_jwt_secret", + "kongCredType": "jwt", + "rsa_public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX\nZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3\noWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4\n4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ\nDfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw\nO/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6\newIDAQAB\n-----END PUBLIC KEY-----", + "secret": "my_secret_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "basic-auth-example-user" + }, + "stringData": { + "kongCredType": "basic-auth", + "password": "my_basic_password", + "username": "my_basic_user" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "acl-group-example-user" + }, + "stringData": { + "group": "acl_group", + "kongCredType": "acl" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "mtls-auth-example-user" + }, + "stringData": { + "id": "cce8c384-721f-4f58-85dd-50834e3e733a", + "kongCredType": "mtls-auth", + "subject_name": "example-user@example.com" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa\nMBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw\nNjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx\n7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB\n/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2\nScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR\nPSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ\n-----END CERTIFICATE-----\n", + "ca.digest": "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow\nGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2\nMTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0\nZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of\ne0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM\no2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E\nFgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE\nQ8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3\nZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl\n-----END CERTIFICATE-----\n", + "ca.digest": "dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo\nMCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2\nMTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS\nb290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB\nmy/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws\nY9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw\nBgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw\nFoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc\nazM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX\ngxUhveuHBXMWnzUbn6U=\n-----END CERTIFICATE-----\n", + "ca.digest": "45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy\nb3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu\neLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD\n/WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz\nm5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F\nuCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT\nEP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA\nAaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI\nhvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4\npJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS\nGdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM\novZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9\nFk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj\nEwxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ=\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ\nP+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi\n53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat\nIoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q\nXxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i\nlIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy\nE56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU\ntyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda\nDZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj\nDv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW\nnYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5\nRNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo\nkQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/\nzmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5\nSrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C\n4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO\nP0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu\nreoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC\nrDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI\nkOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg\nECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm\nzKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2\nfXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu\nLwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY\niVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3\nNNSvLxPAempmiFPSk9AtobYV\n-----END PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10\nbHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1\nBYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo\nbyOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu\n3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z\n0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO\n1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa\n71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn\n3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2\nOsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD\nPgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj\nvdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD\n55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE\nAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl\ncnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME\nGDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l\nBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ\nWELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY\nI58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC\nXb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ\nIpmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa\naQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5\nT8tqV6i5miKWwvfZ\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/\nDKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45\n8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N\nVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB\n29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x\ntvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0\nDZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z\nf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z\n1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr\njRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM\nkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA\nAQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB\n0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb\nr+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt\nwguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD\nbqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl\nRBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx\npbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC\ne9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0\nB29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH\naDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1\ni/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e\noPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/\nTa3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH\nAHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x\nYdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC\nIS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp\nQztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI\n3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1\nrpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8\nBLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF\nwQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1\n+u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0\n/z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5\nWZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT\npIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4\nR7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H\nMNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S\nkB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+\natZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi\nY0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP\nmRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J\nwcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ\nxDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd\nREdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA\nG/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN\nabpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS\nwG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3\nSbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh\n-----END RSA PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "configuration.konghq.com/v1", + "consumerGroups": [ + "example-consumer-group" + ], + "credentials": [ + "key-auth-example-user", + "jwt-auth-example-user", + "basic-auth-example-user", + "acl-group-example-user", + "mtls-auth-example-user" + ], + "custom_id": "1234567890", + "kind": "KongConsumer", + "metadata": { + "annotations": { + "konghq.com/plugins": "example-user-rate-limiting-advanced", + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user" + }, + "username": "example-user" +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongConsumerGroup", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-consumer-group" + } +} \ No newline at end of file diff --git a/kong2kic/testdata/kicv2_ingress/output-expected.yaml b/kong2kic/testdata/kicv2_ingress/output-expected.yaml new file mode 100644 index 000000000..a6b26955d --- /dev/null +++ b/kong2kic/testdata/kicv2_ingress/output-expected.yaml @@ -0,0 +1,737 @@ +apiVersion: configuration.konghq.com/v1 +kind: KongIngress +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-upstream +upstream: + algorithm: round-robin + hash_fallback: none + hash_on: none + hash_on_cookie_path: / + healthchecks: + active: + concurrency: 10 + headers: + x-another-header: + - bla + x-my-header: + - foo + - bar + healthy: + http_statuses: + - 200 + - 302 + interval: 0 + successes: 0 + http_path: / + https_sni: example.com + https_verify_certificate: true + timeout: 1 + type: http + unhealthy: + http_failures: 0 + http_statuses: + - 429 + - 404 + - 500 + - 501 + - 502 + - 503 + - 504 + - 505 + interval: 0 + tcp_failures: 0 + timeouts: 0 + passive: + healthy: + http_statuses: + - 200 + - 201 + - 202 + - 203 + - 204 + - 205 + - 206 + - 207 + - 208 + - 226 + - 300 + - 301 + - 302 + - 303 + - 304 + - 305 + - 306 + - 307 + - 308 + successes: 0 + type: http + unhealthy: + http_failures: 0 + http_statuses: + - 429 + - 500 + - 503 + tcp_failures: 0 + timeouts: 0 + threshold: 0 + host_header: example.com + slots: 10000 +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + aws_key: my_key + aws_region: us-west-2 + aws_secret: my_secret + function_name: my_function +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long9344b5559f +plugin: aws-lambda +--- +apiVersion: configuration.konghq.com/v1 +config: + credentials: true + exposed_headers: + - X-My-Header + headers: + - Authorization + max_age: 3600 + methods: + - GET + - POST + origins: + - example.com +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longfdeaa51f90 +plugin: cors +--- +apiVersion: configuration.konghq.com/v1 +config: + path: /var/log/kong/kong.log + reopen: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long3b4b1fae8e +plugin: file-log +--- +apiVersion: configuration.konghq.com/v1 +config: + content_type: application/json + http_endpoint: http://example.com/logs + keepalive: 60000 + method: POST + queue_size: 1000 + retry_count: 10 + timeout: 10000 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long59030a424c +plugin: http-log +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - 192.168.0.1/24 + deny: + - 192.168.0.2/32 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb44edd01cf +plugin: ip-restriction +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longef35b834c6 +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + message: Forbidden + status_code: 403 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2c08ebc54 +plugin: request-termination +--- +apiVersion: configuration.konghq.com/v1 +config: + limits: + limit_name: + minute: 10 + policy: local +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longc400f1ab11 +plugin: response-ratelimiting +--- +apiVersion: configuration.konghq.com/v1 +config: + host: example.com + port: 1234 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long47f9f5054d +plugin: tcp-log +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long26f9714514 +plugin: basic-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + anonymous: null + claims_to_verify: + - exp + - nbf + header_names: + - Authorization + key_claim_name: kid + maximum_expiration: 3600 + run_on_preflight: true + secret_is_base64: false + uri_param_names: + - token +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long0239c8f63e +plugin: jwt +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false + key_in_body: false + key_names: + - apikey + run_on_preflight: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long5494737f3e +plugin: key-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + ca_certificates: + - cce8c384-721f-4f58-85dd-50834e3e733a + revocation_check_mode: SKIP + skip_consumer_lookup: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long89ae2d2b5d +plugin: mtls-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - admin +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2440ac898 +plugin: acl +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-user-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + konghq.com/headers.x-another-header: first-header-value,second-header-value + konghq.com/headers.x-my-header: ~*foos?bar$ + konghq.com/https-redirect-status-code: "302" + konghq.com/methods: GET,POST + konghq.com/plugins: example-service--route-thisisaveryvery-long9344b5559f,example-service--route-thisisaveryvery-longfdeaa51f90,example-service--route-thisisaveryvery-long3b4b1fae8e,example-service--route-thisisaveryvery-long59030a424c,example-service--route-thisisaveryvery-longb44edd01cf,example-service--route-thisisaveryvery-longef35b834c6,example-service--route-thisisaveryvery-longb2c08ebc54,example-service--route-thisisaveryvery-longc400f1ab11,example-service--route-thisisaveryvery-long47f9f5054d,example-service--route-thisisaveryvery-long26f9714514,example-service--route-thisisaveryvery-long0239c8f63e,example-service--route-thisisaveryvery-long5494737f3e,example-service--route-thisisaveryvery-long89ae2d2b5d,example-service--route-thisisaveryvery-longb2440ac898 + konghq.com/preserve-host: "true" + konghq.com/protocols: http,https + konghq.com/regex-priority: "1" + konghq.com/snis: example.com + konghq.com/strip-path: "false" + name: example-service--route-thisisaveryvery-long2093a020ca +spec: + ingressClassName: kong + rules: + - host: example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific + - host: another-example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific + - host: yet-another-example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + konghq.com/connect-timeout: "5000" + konghq.com/override: example-service-upstream + konghq.com/path: /v1 + konghq.com/plugins: example-service-rate-limiting-advanced + konghq.com/protocol: http + konghq.com/read-timeout: "60000" + konghq.com/retries: "5" + konghq.com/write-timeout: "60000" + name: example-service +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + app: example-service +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: key-auth-example-user +stringData: + key: my_api_key + kongCredType: key-auth +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: jwt-auth-example-user +stringData: + algorithm: HS256 + key: my_jwt_secret + kongCredType: jwt + rsa_public_key: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX + ZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3 + oWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4 + 4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ + DfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw + O/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6 + ewIDAQAB + -----END PUBLIC KEY----- + secret: my_secret_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: basic-auth-example-user +stringData: + kongCredType: basic-auth + password: my_basic_password + username: my_basic_user +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: acl-group-example-user +stringData: + group: acl_group + kongCredType: acl +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: mtls-auth-example-user +stringData: + id: cce8c384-721f-4f58-85dd-50834e3e733a + kongCredType: mtls-auth + subject_name: example-user@example.com +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa + MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw + NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG + SM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx + 7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB + /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2 + ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR + PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ + -----END CERTIFICATE----- + ca.digest: f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471 +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow + GAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2 + MTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0 + ZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of + e0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM + o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E + FgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE + Q8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3 + ZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl + -----END CERTIFICATE----- + ca.digest: dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo + MCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2 + MTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS + b290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB + my/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws + Y9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw + BgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw + FoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc + azM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX + gxUhveuHBXMWnzUbn6U= + -----END CERTIFICATE----- + ca.digest: 45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy + b3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu + eLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD + /WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz + m5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F + uCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT + EP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA + AaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw + ADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI + hvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4 + pJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS + GdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM + ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9 + Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj + Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ= + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ + P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi + 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat + IoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q + XxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i + lIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy + E56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU + tyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda + DZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj + Dv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW + nYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5 + RNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo + kQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/ + zmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5 + SrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C + 4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO + P0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu + reoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC + rDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI + kOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg + ECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm + zKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2 + fXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu + LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY + iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3 + NNSvLxPAempmiFPSk9AtobYV + -----END PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323 +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10 + bHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1 + BYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo + byOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu + 3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z + 0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO + 1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa + 71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn + 3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2 + OsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD + PgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj + vdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD + 55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE + AwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl + cnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME + GDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l + BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ + WELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY + I58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC + Xb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ + Ipmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa + aQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5 + T8tqV6i5miKWwvfZ + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/ + DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45 + 8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N + VYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB + 29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x + tvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0 + DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z + f+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z + 1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr + jRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM + kupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA + AQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB + 0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb + r+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt + wguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD + bqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl + RBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx + pbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC + e9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0 + B29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH + aDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1 + i/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e + oPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/ + Ta3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH + AHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x + YdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC + IS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp + QztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI + 3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1 + rpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8 + BLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF + wQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1 + +u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0 + /z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5 + WZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT + pIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4 + R7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H + MNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S + kB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+ + atZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi + Y0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP + mRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J + wcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ + xDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd + REdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA + G/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN + abpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS + wG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3 + Sbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh + -----END RSA PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: configuration.konghq.com/v1 +consumerGroups: +- example-consumer-group +credentials: +- key-auth-example-user +- jwt-auth-example-user +- basic-auth-example-user +- acl-group-example-user +- mtls-auth-example-user +custom_id: "1234567890" +kind: KongConsumer +metadata: + annotations: + konghq.com/plugins: example-user-rate-limiting-advanced + kubernetes.io/ingress.class: kong + name: example-user +username: example-user +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongConsumerGroup +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-consumer-group +--- diff --git a/kong2kic/testdata/kicv3_gateway/output-expected.json b/kong2kic/testdata/kicv3_gateway/output-expected.json new file mode 100644 index 000000000..3be1f7ce6 --- /dev/null +++ b/kong2kic/testdata/kicv3_gateway/output-expected.json @@ -0,0 +1,1486 @@ +{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "aws_key": "my_key", + "aws_region": "us-west-2", + "aws_secret": "my_secret", + "function_name": "my_function" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "plugin": "aws-lambda" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "credentials": true, + "exposed_headers": [ + "X-My-Header" + ], + "headers": [ + "Authorization" + ], + "max_age": 3600, + "methods": [ + "GET", + "POST" + ], + "origins": [ + "example.com" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "plugin": "cors" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "path": "/var/log/kong/kong.log", + "reopen": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "plugin": "file-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "content_type": "application/json", + "http_endpoint": "http://example.com/logs", + "keepalive": 60000, + "method": "POST", + "queue_size": 1000, + "retry_count": 10, + "timeout": 10000 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "plugin": "http-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "192.168.0.1/24" + ], + "deny": [ + "192.168.0.2/32" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "plugin": "ip-restriction" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "message": "Forbidden", + "status_code": 403 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "plugin": "request-termination" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "limits": { + "limit_name": { + "minute": 10 + } + }, + "policy": "local" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "plugin": "response-ratelimiting" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "host": "example.com", + "port": 1234 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "plugin": "tcp-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "plugin": "basic-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "anonymous": null, + "claims_to_verify": [ + "exp", + "nbf" + ], + "header_names": [ + "Authorization" + ], + "key_claim_name": "kid", + "maximum_expiration": 3600, + "run_on_preflight": true, + "secret_is_base64": false, + "uri_param_names": [ + "token" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "plugin": "jwt" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false, + "key_in_body": false, + "key_names": [ + "apikey" + ], + "run_on_preflight": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "plugin": "key-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "ca_certificates": [ + "cce8c384-721f-4f58-85dd-50834e3e733a" + ], + "revocation_check_mode": "SKIP", + "skip_consumer_lookup": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "plugin": "mtls-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "admin" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "plugin": "acl" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "gateway.networking.k8s.io/v1", + "kind": "HTTPRoute", + "metadata": { + "annotations": { + "konghq.com/https-redirect-status-code": "302", + "konghq.com/preserve-host": "true", + "konghq.com/regex-priority": "1", + "konghq.com/snis": "example.com", + "konghq.com/strip-path": "false" + }, + "name": "example-service--route-thisisaveryvery-long2093a020ca" + }, + "spec": { + "hostnames": [ + "example.com", + "another-example.com", + "yet-another-example.com" + ], + "parentRefs": [ + { + "name": "kong" + } + ], + "rules": [ + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "RegularExpression", + "value": "/v1/example/?$" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "RegularExpression", + "value": "/v1/example/?$" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "PathPrefix", + "value": "/v1/another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "PathPrefix", + "value": "/v1/another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "GET", + "path": { + "type": "PathPrefix", + "value": "/v1/yet-another-example" + } + } + ] + }, + { + "backendRefs": [ + { + "name": "example-service", + "port": 80 + } + ], + "filters": [ + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "type": "ExtensionRef" + }, + { + "extensionRef": { + "group": "configuration.konghq.com", + "kind": "KongPlugin", + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "type": "ExtensionRef" + } + ], + "matches": [ + { + "headers": [ + { + "name": "x-another-header", + "type": "Exact", + "value": "first-header-value,second-header-value" + }, + { + "name": "x-my-header", + "type": "RegularExpression", + "value": "foos?bar$" + } + ], + "method": "POST", + "path": { + "type": "PathPrefix", + "value": "/v1/yet-another-example" + } + } + ] + } + ] + } +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongUpstreamPolicy", + "metadata": { + "name": "example-service-upstream" + }, + "spec": { + "algorithm": "round-robin", + "healthchecks": { + "active": { + "concurrency": 10, + "headers": { + "x-another-header": [ + "bla" + ], + "x-my-header": [ + "foo", + "bar" + ] + }, + "healthy": { + "httpStatuses": [ + 200, + 302 + ], + "interval": 0, + "successes": 0 + }, + "httpPath": "/", + "httpsSni": "example.com", + "httpsVerifyCertificate": true, + "timeout": 1, + "type": "http", + "unhealthy": { + "httpFailures": 0, + "httpStatuses": [ + 429, + 404, + 500, + 501, + 502, + 503, + 504, + 505 + ], + "interval": 0, + "tcpFailures": 0, + "timeouts": 0 + } + }, + "passive": { + "healthy": { + "httpStatuses": [ + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 226, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308 + ], + "successes": 0 + }, + "type": "http", + "unhealthy": { + "httpFailures": 0, + "httpStatuses": [ + 429, + 500, + 503 + ], + "tcpFailures": 0, + "timeouts": 0 + } + }, + "threshold": 0 + }, + "slots": 10000 + } +}{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + "konghq.com/connect-timeout": "5000", + "konghq.com/path": "/v1", + "konghq.com/plugins": "example-service-rate-limiting-advanced", + "konghq.com/protocol": "http", + "konghq.com/read-timeout": "60000", + "konghq.com/retries": "5", + "konghq.com/upstream-policy": "example-service-upstream", + "konghq.com/write-timeout": "60000" + }, + "name": "example-service" + }, + "spec": { + "ports": [ + { + "port": 80, + "protocol": "TCP", + "targetPort": 80 + } + ], + "selector": { + "app": "example-service" + } + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "key-auth" + }, + "name": "key-auth-example-user" + }, + "stringData": { + "key": "my_api_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "jwt" + }, + "name": "jwt-auth-example-user" + }, + "stringData": { + "algorithm": "HS256", + "key": "my_jwt_secret", + "rsa_public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX\nZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3\noWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4\n4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ\nDfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw\nO/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6\newIDAQAB\n-----END PUBLIC KEY-----", + "secret": "my_secret_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "basic-auth" + }, + "name": "basic-auth-example-user" + }, + "stringData": { + "password": "my_basic_password", + "username": "my_basic_user" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "acl" + }, + "name": "acl-group-example-user" + }, + "stringData": { + "group": "acl_group" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "mtls-auth" + }, + "name": "mtls-auth-example-user" + }, + "stringData": { + "id": "cce8c384-721f-4f58-85dd-50834e3e733a", + "subject_name": "example-user@example.com" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa\nMBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw\nNjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx\n7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB\n/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2\nScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR\nPSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ\n-----END CERTIFICATE-----\n", + "ca.digest": "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow\nGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2\nMTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0\nZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of\ne0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM\no2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E\nFgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE\nQ8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3\nZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl\n-----END CERTIFICATE-----\n", + "ca.digest": "dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo\nMCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2\nMTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS\nb290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB\nmy/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws\nY9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw\nBgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw\nFoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc\nazM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX\ngxUhveuHBXMWnzUbn6U=\n-----END CERTIFICATE-----\n", + "ca.digest": "45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy\nb3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu\neLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD\n/WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz\nm5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F\nuCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT\nEP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA\nAaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI\nhvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4\npJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS\nGdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM\novZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9\nFk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj\nEwxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ=\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ\nP+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi\n53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat\nIoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q\nXxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i\nlIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy\nE56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU\ntyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda\nDZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj\nDv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW\nnYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5\nRNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo\nkQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/\nzmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5\nSrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C\n4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO\nP0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu\nreoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC\nrDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI\nkOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg\nECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm\nzKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2\nfXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu\nLwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY\niVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3\nNNSvLxPAempmiFPSk9AtobYV\n-----END PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10\nbHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1\nBYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo\nbyOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu\n3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z\n0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO\n1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa\n71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn\n3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2\nOsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD\nPgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj\nvdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD\n55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE\nAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl\ncnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME\nGDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l\nBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ\nWELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY\nI58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC\nXb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ\nIpmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa\naQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5\nT8tqV6i5miKWwvfZ\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/\nDKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45\n8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N\nVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB\n29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x\ntvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0\nDZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z\nf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z\n1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr\njRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM\nkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA\nAQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB\n0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb\nr+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt\nwguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD\nbqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl\nRBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx\npbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC\ne9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0\nB29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH\naDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1\ni/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e\noPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/\nTa3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH\nAHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x\nYdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC\nIS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp\nQztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI\n3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1\nrpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8\nBLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF\nwQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1\n+u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0\n/z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5\nWZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT\npIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4\nR7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H\nMNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S\nkB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+\natZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi\nY0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP\nmRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J\nwcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ\nxDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd\nREdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA\nG/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN\nabpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS\nwG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3\nSbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh\n-----END RSA PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "configuration.konghq.com/v1", + "consumerGroups": [ + "example-consumer-group" + ], + "credentials": [ + "key-auth-example-user", + "jwt-auth-example-user", + "basic-auth-example-user", + "acl-group-example-user", + "mtls-auth-example-user" + ], + "custom_id": "1234567890", + "kind": "KongConsumer", + "metadata": { + "annotations": { + "konghq.com/plugins": "example-user-rate-limiting-advanced", + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user" + }, + "username": "example-user" +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongConsumerGroup", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-consumer-group" + } +} \ No newline at end of file diff --git a/kong2kic/testdata/kicv3_gateway/output-expected.yaml b/kong2kic/testdata/kicv3_gateway/output-expected.yaml new file mode 100644 index 000000000..9077d04df --- /dev/null +++ b/kong2kic/testdata/kicv3_gateway/output-expected.yaml @@ -0,0 +1,1180 @@ +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + aws_key: my_key + aws_region: us-west-2 + aws_secret: my_secret + function_name: my_function +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long9344b5559f +plugin: aws-lambda +--- +apiVersion: configuration.konghq.com/v1 +config: + credentials: true + exposed_headers: + - X-My-Header + headers: + - Authorization + max_age: 3600 + methods: + - GET + - POST + origins: + - example.com +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longfdeaa51f90 +plugin: cors +--- +apiVersion: configuration.konghq.com/v1 +config: + path: /var/log/kong/kong.log + reopen: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long3b4b1fae8e +plugin: file-log +--- +apiVersion: configuration.konghq.com/v1 +config: + content_type: application/json + http_endpoint: http://example.com/logs + keepalive: 60000 + method: POST + queue_size: 1000 + retry_count: 10 + timeout: 10000 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long59030a424c +plugin: http-log +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - 192.168.0.1/24 + deny: + - 192.168.0.2/32 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb44edd01cf +plugin: ip-restriction +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longef35b834c6 +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + message: Forbidden + status_code: 403 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2c08ebc54 +plugin: request-termination +--- +apiVersion: configuration.konghq.com/v1 +config: + limits: + limit_name: + minute: 10 + policy: local +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longc400f1ab11 +plugin: response-ratelimiting +--- +apiVersion: configuration.konghq.com/v1 +config: + host: example.com + port: 1234 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long47f9f5054d +plugin: tcp-log +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long26f9714514 +plugin: basic-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + anonymous: null + claims_to_verify: + - exp + - nbf + header_names: + - Authorization + key_claim_name: kid + maximum_expiration: 3600 + run_on_preflight: true + secret_is_base64: false + uri_param_names: + - token +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long0239c8f63e +plugin: jwt +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false + key_in_body: false + key_names: + - apikey + run_on_preflight: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long5494737f3e +plugin: key-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + ca_certificates: + - cce8c384-721f-4f58-85dd-50834e3e733a + revocation_check_mode: SKIP + skip_consumer_lookup: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long89ae2d2b5d +plugin: mtls-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - admin +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2440ac898 +plugin: acl +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-user-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + annotations: + konghq.com/https-redirect-status-code: "302" + konghq.com/preserve-host: "true" + konghq.com/regex-priority: "1" + konghq.com/snis: example.com + konghq.com/strip-path: "false" + name: example-service--route-thisisaveryvery-long2093a020ca +spec: + hostnames: + - example.com + - another-example.com + - yet-another-example.com + parentRefs: + - name: kong + rules: + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: RegularExpression + value: /v1/example/?$ + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: RegularExpression + value: /v1/example/?$ + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: PathPrefix + value: /v1/another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: PathPrefix + value: /v1/another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: GET + path: + type: PathPrefix + value: /v1/yet-another-example + - backendRefs: + - name: example-service + port: 80 + filters: + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long9344b5559f + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longfdeaa51f90 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long3b4b1fae8e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long59030a424c + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb44edd01cf + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longef35b834c6 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2c08ebc54 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longc400f1ab11 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long47f9f5054d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long26f9714514 + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long0239c8f63e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long5494737f3e + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-long89ae2d2b5d + type: ExtensionRef + - extensionRef: + group: configuration.konghq.com + kind: KongPlugin + name: example-service--route-thisisaveryvery-longb2440ac898 + type: ExtensionRef + matches: + - headers: + - name: x-another-header + type: Exact + value: first-header-value,second-header-value + - name: x-my-header + type: RegularExpression + value: foos?bar$ + method: POST + path: + type: PathPrefix + value: /v1/yet-another-example +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongUpstreamPolicy +metadata: + name: example-service-upstream +spec: + algorithm: round-robin + healthchecks: + active: + concurrency: 10 + headers: + x-another-header: + - bla + x-my-header: + - foo + - bar + healthy: + httpStatuses: + - 200 + - 302 + interval: 0 + successes: 0 + httpPath: / + httpsSni: example.com + httpsVerifyCertificate: true + timeout: 1 + type: http + unhealthy: + httpFailures: 0 + httpStatuses: + - 429 + - 404 + - 500 + - 501 + - 502 + - 503 + - 504 + - 505 + interval: 0 + tcpFailures: 0 + timeouts: 0 + passive: + healthy: + httpStatuses: + - 200 + - 201 + - 202 + - 203 + - 204 + - 205 + - 206 + - 207 + - 208 + - 226 + - 300 + - 301 + - 302 + - 303 + - 304 + - 305 + - 306 + - 307 + - 308 + successes: 0 + type: http + unhealthy: + httpFailures: 0 + httpStatuses: + - 429 + - 500 + - 503 + tcpFailures: 0 + timeouts: 0 + threshold: 0 + slots: 10000 +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + konghq.com/connect-timeout: "5000" + konghq.com/path: /v1 + konghq.com/plugins: example-service-rate-limiting-advanced + konghq.com/protocol: http + konghq.com/read-timeout: "60000" + konghq.com/retries: "5" + konghq.com/upstream-policy: example-service-upstream + konghq.com/write-timeout: "60000" + name: example-service +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + app: example-service +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: key-auth + name: key-auth-example-user +stringData: + key: my_api_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: jwt + name: jwt-auth-example-user +stringData: + algorithm: HS256 + key: my_jwt_secret + rsa_public_key: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX + ZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3 + oWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4 + 4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ + DfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw + O/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6 + ewIDAQAB + -----END PUBLIC KEY----- + secret: my_secret_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: basic-auth + name: basic-auth-example-user +stringData: + password: my_basic_password + username: my_basic_user +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: acl + name: acl-group-example-user +stringData: + group: acl_group +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: mtls-auth + name: mtls-auth-example-user +stringData: + id: cce8c384-721f-4f58-85dd-50834e3e733a + subject_name: example-user@example.com +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa + MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw + NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG + SM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx + 7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB + /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2 + ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR + PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ + -----END CERTIFICATE----- + ca.digest: f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471 +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow + GAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2 + MTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0 + ZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of + e0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM + o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E + FgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE + Q8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3 + ZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl + -----END CERTIFICATE----- + ca.digest: dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo + MCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2 + MTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS + b290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB + my/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws + Y9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw + BgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw + FoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc + azM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX + gxUhveuHBXMWnzUbn6U= + -----END CERTIFICATE----- + ca.digest: 45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy + b3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu + eLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD + /WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz + m5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F + uCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT + EP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA + AaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw + ADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI + hvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4 + pJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS + GdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM + ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9 + Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj + Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ= + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ + P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi + 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat + IoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q + XxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i + lIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy + E56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU + tyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda + DZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj + Dv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW + nYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5 + RNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo + kQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/ + zmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5 + SrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C + 4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO + P0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu + reoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC + rDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI + kOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg + ECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm + zKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2 + fXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu + LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY + iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3 + NNSvLxPAempmiFPSk9AtobYV + -----END PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323 +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10 + bHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1 + BYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo + byOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu + 3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z + 0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO + 1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa + 71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn + 3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2 + OsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD + PgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj + vdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD + 55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE + AwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl + cnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME + GDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l + BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ + WELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY + I58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC + Xb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ + Ipmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa + aQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5 + T8tqV6i5miKWwvfZ + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/ + DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45 + 8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N + VYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB + 29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x + tvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0 + DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z + f+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z + 1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr + jRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM + kupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA + AQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB + 0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb + r+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt + wguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD + bqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl + RBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx + pbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC + e9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0 + B29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH + aDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1 + i/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e + oPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/ + Ta3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH + AHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x + YdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC + IS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp + QztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI + 3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1 + rpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8 + BLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF + wQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1 + +u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0 + /z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5 + WZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT + pIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4 + R7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H + MNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S + kB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+ + atZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi + Y0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP + mRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J + wcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ + xDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd + REdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA + G/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN + abpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS + wG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3 + Sbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh + -----END RSA PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: configuration.konghq.com/v1 +consumerGroups: +- example-consumer-group +credentials: +- key-auth-example-user +- jwt-auth-example-user +- basic-auth-example-user +- acl-group-example-user +- mtls-auth-example-user +custom_id: "1234567890" +kind: KongConsumer +metadata: + annotations: + konghq.com/plugins: example-user-rate-limiting-advanced + kubernetes.io/ingress.class: kong + name: example-user +username: example-user +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongConsumerGroup +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-consumer-group +--- diff --git a/kong2kic/testdata/kicv3_ingress/output-expected.json b/kong2kic/testdata/kicv3_ingress/output-expected.json new file mode 100644 index 000000000..2a444ceff --- /dev/null +++ b/kong2kic/testdata/kicv3_ingress/output-expected.json @@ -0,0 +1,753 @@ +{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "aws_key": "my_key", + "aws_region": "us-west-2", + "aws_secret": "my_secret", + "function_name": "my_function" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long9344b5559f" + }, + "plugin": "aws-lambda" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "credentials": true, + "exposed_headers": [ + "X-My-Header" + ], + "headers": [ + "Authorization" + ], + "max_age": 3600, + "methods": [ + "GET", + "POST" + ], + "origins": [ + "example.com" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longfdeaa51f90" + }, + "plugin": "cors" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "path": "/var/log/kong/kong.log", + "reopen": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long3b4b1fae8e" + }, + "plugin": "file-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "content_type": "application/json", + "http_endpoint": "http://example.com/logs", + "keepalive": 60000, + "method": "POST", + "queue_size": 1000, + "retry_count": 10, + "timeout": 10000 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long59030a424c" + }, + "plugin": "http-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "192.168.0.1/24" + ], + "deny": [ + "192.168.0.2/32" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb44edd01cf" + }, + "plugin": "ip-restriction" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longef35b834c6" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "message": "Forbidden", + "status_code": 403 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2c08ebc54" + }, + "plugin": "request-termination" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "limits": { + "limit_name": { + "minute": 10 + } + }, + "policy": "local" + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longc400f1ab11" + }, + "plugin": "response-ratelimiting" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "host": "example.com", + "port": 1234 + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long47f9f5054d" + }, + "plugin": "tcp-log" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long26f9714514" + }, + "plugin": "basic-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "anonymous": null, + "claims_to_verify": [ + "exp", + "nbf" + ], + "header_names": [ + "Authorization" + ], + "key_claim_name": "kid", + "maximum_expiration": 3600, + "run_on_preflight": true, + "secret_is_base64": false, + "uri_param_names": [ + "token" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long0239c8f63e" + }, + "plugin": "jwt" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_credentials": false, + "key_in_body": false, + "key_names": [ + "apikey" + ], + "run_on_preflight": true + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long5494737f3e" + }, + "plugin": "key-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "ca_certificates": [ + "cce8c384-721f-4f58-85dd-50834e3e733a" + ], + "revocation_check_mode": "SKIP", + "skip_consumer_lookup": false + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-long89ae2d2b5d" + }, + "plugin": "mtls-auth" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "allow": [ + "admin" + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-service--route-thisisaveryvery-longb2440ac898" + }, + "plugin": "acl" +}{ + "apiVersion": "configuration.konghq.com/v1", + "config": { + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 5 + ], + "namespace": "example_namespace", + "strategy": "local", + "sync_rate": -1, + "window_size": [ + 30 + ] + }, + "kind": "KongPlugin", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user-rate-limiting-advanced" + }, + "plugin": "rate-limiting-advanced" +}{ + "apiVersion": "networking.k8s.io/v1", + "kind": "Ingress", + "metadata": { + "annotations": { + "konghq.com/headers.x-another-header": "first-header-value,second-header-value", + "konghq.com/headers.x-my-header": "~*foos?bar$", + "konghq.com/https-redirect-status-code": "302", + "konghq.com/methods": "GET,POST", + "konghq.com/plugins": "example-service--route-thisisaveryvery-long9344b5559f,example-service--route-thisisaveryvery-longfdeaa51f90,example-service--route-thisisaveryvery-long3b4b1fae8e,example-service--route-thisisaveryvery-long59030a424c,example-service--route-thisisaveryvery-longb44edd01cf,example-service--route-thisisaveryvery-longef35b834c6,example-service--route-thisisaveryvery-longb2c08ebc54,example-service--route-thisisaveryvery-longc400f1ab11,example-service--route-thisisaveryvery-long47f9f5054d,example-service--route-thisisaveryvery-long26f9714514,example-service--route-thisisaveryvery-long0239c8f63e,example-service--route-thisisaveryvery-long5494737f3e,example-service--route-thisisaveryvery-long89ae2d2b5d,example-service--route-thisisaveryvery-longb2440ac898", + "konghq.com/preserve-host": "true", + "konghq.com/protocols": "http,https", + "konghq.com/regex-priority": "1", + "konghq.com/snis": "example.com", + "konghq.com/strip-path": "false" + }, + "name": "example-service--route-thisisaveryvery-long2093a020ca" + }, + "spec": { + "ingressClassName": "kong", + "rules": [ + { + "host": "example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + }, + { + "host": "another-example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + }, + { + "host": "yet-another-example.com", + "http": { + "paths": [ + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/~/v1/example/?$", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/another-example", + "pathType": "ImplementationSpecific" + }, + { + "backend": { + "service": { + "name": "example-service", + "port": { + "number": 80 + } + } + }, + "path": "/v1/yet-another-example", + "pathType": "ImplementationSpecific" + } + ] + } + } + ] + } +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongUpstreamPolicy", + "metadata": { + "name": "example-service-upstream" + }, + "spec": { + "algorithm": "round-robin", + "healthchecks": { + "active": { + "concurrency": 10, + "headers": { + "x-another-header": [ + "bla" + ], + "x-my-header": [ + "foo", + "bar" + ] + }, + "healthy": { + "httpStatuses": [ + 200, + 302 + ], + "interval": 0, + "successes": 0 + }, + "httpPath": "/", + "httpsSni": "example.com", + "httpsVerifyCertificate": true, + "timeout": 1, + "type": "http", + "unhealthy": { + "httpFailures": 0, + "httpStatuses": [ + 429, + 404, + 500, + 501, + 502, + 503, + 504, + 505 + ], + "interval": 0, + "tcpFailures": 0, + "timeouts": 0 + } + }, + "passive": { + "healthy": { + "httpStatuses": [ + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 226, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308 + ], + "successes": 0 + }, + "type": "http", + "unhealthy": { + "httpFailures": 0, + "httpStatuses": [ + 429, + 500, + 503 + ], + "tcpFailures": 0, + "timeouts": 0 + } + }, + "threshold": 0 + }, + "slots": 10000 + } +}{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + "konghq.com/connect-timeout": "5000", + "konghq.com/path": "/v1", + "konghq.com/plugins": "example-service-rate-limiting-advanced", + "konghq.com/protocol": "http", + "konghq.com/read-timeout": "60000", + "konghq.com/retries": "5", + "konghq.com/upstream-policy": "example-service-upstream", + "konghq.com/write-timeout": "60000" + }, + "name": "example-service" + }, + "spec": { + "ports": [ + { + "port": 80, + "protocol": "TCP", + "targetPort": 80 + } + ], + "selector": { + "app": "example-service" + } + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "key-auth" + }, + "name": "key-auth-example-user" + }, + "stringData": { + "key": "my_api_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "jwt" + }, + "name": "jwt-auth-example-user" + }, + "stringData": { + "algorithm": "HS256", + "key": "my_jwt_secret", + "rsa_public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX\nZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3\noWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4\n4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ\nDfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw\nO/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6\newIDAQAB\n-----END PUBLIC KEY-----", + "secret": "my_secret_key" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "basic-auth" + }, + "name": "basic-auth-example-user" + }, + "stringData": { + "password": "my_basic_password", + "username": "my_basic_user" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "acl" + }, + "name": "acl-group-example-user" + }, + "stringData": { + "group": "acl_group" + } +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "labels": { + "konghq.com/credential": "mtls-auth" + }, + "name": "mtls-auth-example-user" + }, + "stringData": { + "id": "cce8c384-721f-4f58-85dd-50834e3e733a", + "subject_name": "example-user@example.com" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa\nMBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw\nNjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx\n7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB\n/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2\nScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR\nPSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ\n-----END CERTIFICATE-----\n", + "ca.digest": "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow\nGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2\nMTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0\nZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of\ne0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM\no2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E\nFgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE\nQ8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3\nZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl\n-----END CERTIFICATE-----\n", + "ca.digest": "dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf" + }, + "stringData": { + "ca.crt": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo\nMCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2\nMTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS\nb290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB\nmy/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws\nY9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw\nBgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw\nFoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc\nazM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX\ngxUhveuHBXMWnzUbn6U=\n-----END CERTIFICATE-----\n", + "ca.digest": "45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600" + }, + "type": "Opaque" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy\nb3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu\neLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD\n/WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz\nm5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F\nuCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT\nEP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA\nAaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI\nhvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4\npJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS\nGdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM\novZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9\nFk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj\nEwxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ=\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ\nP+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi\n53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat\nIoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q\nXxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i\nlIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy\nE56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU\ntyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda\nDZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj\nDv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW\nnYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5\nRNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo\nkQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/\nzmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5\nSrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C\n4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO\nP0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu\nreoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC\nrDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI\nkOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg\nECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm\nzKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2\nfXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu\nLwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY\niVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3\nNNSvLxPAempmiFPSk9AtobYV\n-----END PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323" + }, + "stringData": { + "tls.crt": "-----BEGIN CERTIFICATE-----\nMIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL\nBQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM\nCUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY\nMBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u\nZ2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD\nVQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx\nEDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10\nbHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1\nBYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo\nbyOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu\n3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z\n0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO\n1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa\n71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn\n3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2\nOsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD\nPgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj\nvdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD\n55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE\nAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl\ncnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME\nGDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l\nBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ\nWELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY\nI58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC\nXb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ\nIpmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa\naQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5\nT8tqV6i5miKWwvfZ\n-----END CERTIFICATE-----", + "tls.key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/\nDKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45\n8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N\nVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB\n29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x\ntvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0\nDZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z\nf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z\n1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr\njRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM\nkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA\nAQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB\n0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb\nr+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt\nwguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD\nbqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl\nRBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx\npbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC\ne9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0\nB29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH\naDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1\ni/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e\noPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/\nTa3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH\nAHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x\nYdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC\nIS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp\nQztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI\n3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1\nrpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8\nBLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF\nwQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1\n+u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0\n/z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5\nWZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT\npIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4\nR7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H\nMNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S\nkB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+\natZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi\nY0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP\nmRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J\nwcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ\nxDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd\nREdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA\nG/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN\nabpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS\nwG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3\nSbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh\n-----END RSA PRIVATE KEY-----" + }, + "type": "kubernetes.io/tls" +}{ + "apiVersion": "configuration.konghq.com/v1", + "consumerGroups": [ + "example-consumer-group" + ], + "credentials": [ + "key-auth-example-user", + "jwt-auth-example-user", + "basic-auth-example-user", + "acl-group-example-user", + "mtls-auth-example-user" + ], + "custom_id": "1234567890", + "kind": "KongConsumer", + "metadata": { + "annotations": { + "konghq.com/plugins": "example-user-rate-limiting-advanced", + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-user" + }, + "username": "example-user" +}{ + "apiVersion": "configuration.konghq.com/v1beta1", + "kind": "KongConsumerGroup", + "metadata": { + "annotations": { + "kubernetes.io/ingress.class": "kong" + }, + "name": "example-consumer-group" + } +} \ No newline at end of file diff --git a/kong2kic/testdata/kicv3_ingress/output-expected.yaml b/kong2kic/testdata/kicv3_ingress/output-expected.yaml new file mode 100644 index 000000000..19dcabdb3 --- /dev/null +++ b/kong2kic/testdata/kicv3_ingress/output-expected.yaml @@ -0,0 +1,736 @@ +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + aws_key: my_key + aws_region: us-west-2 + aws_secret: my_secret + function_name: my_function +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long9344b5559f +plugin: aws-lambda +--- +apiVersion: configuration.konghq.com/v1 +config: + credentials: true + exposed_headers: + - X-My-Header + headers: + - Authorization + max_age: 3600 + methods: + - GET + - POST + origins: + - example.com +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longfdeaa51f90 +plugin: cors +--- +apiVersion: configuration.konghq.com/v1 +config: + path: /var/log/kong/kong.log + reopen: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long3b4b1fae8e +plugin: file-log +--- +apiVersion: configuration.konghq.com/v1 +config: + content_type: application/json + http_endpoint: http://example.com/logs + keepalive: 60000 + method: POST + queue_size: 1000 + retry_count: 10 + timeout: 10000 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long59030a424c +plugin: http-log +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - 192.168.0.1/24 + deny: + - 192.168.0.2/32 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb44edd01cf +plugin: ip-restriction +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longef35b834c6 +plugin: rate-limiting-advanced +--- +apiVersion: configuration.konghq.com/v1 +config: + message: Forbidden + status_code: 403 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2c08ebc54 +plugin: request-termination +--- +apiVersion: configuration.konghq.com/v1 +config: + limits: + limit_name: + minute: 10 + policy: local +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longc400f1ab11 +plugin: response-ratelimiting +--- +apiVersion: configuration.konghq.com/v1 +config: + host: example.com + port: 1234 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long47f9f5054d +plugin: tcp-log +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long26f9714514 +plugin: basic-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + anonymous: null + claims_to_verify: + - exp + - nbf + header_names: + - Authorization + key_claim_name: kid + maximum_expiration: 3600 + run_on_preflight: true + secret_is_base64: false + uri_param_names: + - token +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long0239c8f63e +plugin: jwt +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_credentials: false + key_in_body: false + key_names: + - apikey + run_on_preflight: true +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long5494737f3e +plugin: key-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + ca_certificates: + - cce8c384-721f-4f58-85dd-50834e3e733a + revocation_check_mode: SKIP + skip_consumer_lookup: false +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-long89ae2d2b5d +plugin: mtls-auth +--- +apiVersion: configuration.konghq.com/v1 +config: + allow: + - admin +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-service--route-thisisaveryvery-longb2440ac898 +plugin: acl +--- +apiVersion: configuration.konghq.com/v1 +config: + hide_client_headers: false + identifier: consumer + limit: + - 5 + namespace: example_namespace + strategy: local + sync_rate: -1 + window_size: + - 30 +kind: KongPlugin +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-user-rate-limiting-advanced +plugin: rate-limiting-advanced +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + konghq.com/headers.x-another-header: first-header-value,second-header-value + konghq.com/headers.x-my-header: ~*foos?bar$ + konghq.com/https-redirect-status-code: "302" + konghq.com/methods: GET,POST + konghq.com/plugins: example-service--route-thisisaveryvery-long9344b5559f,example-service--route-thisisaveryvery-longfdeaa51f90,example-service--route-thisisaveryvery-long3b4b1fae8e,example-service--route-thisisaveryvery-long59030a424c,example-service--route-thisisaveryvery-longb44edd01cf,example-service--route-thisisaveryvery-longef35b834c6,example-service--route-thisisaveryvery-longb2c08ebc54,example-service--route-thisisaveryvery-longc400f1ab11,example-service--route-thisisaveryvery-long47f9f5054d,example-service--route-thisisaveryvery-long26f9714514,example-service--route-thisisaveryvery-long0239c8f63e,example-service--route-thisisaveryvery-long5494737f3e,example-service--route-thisisaveryvery-long89ae2d2b5d,example-service--route-thisisaveryvery-longb2440ac898 + konghq.com/preserve-host: "true" + konghq.com/protocols: http,https + konghq.com/regex-priority: "1" + konghq.com/snis: example.com + konghq.com/strip-path: "false" + name: example-service--route-thisisaveryvery-long2093a020ca +spec: + ingressClassName: kong + rules: + - host: example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific + - host: another-example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific + - host: yet-another-example.com + http: + paths: + - backend: + service: + name: example-service + port: + number: 80 + path: /~/v1/example/?$ + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/another-example + pathType: ImplementationSpecific + - backend: + service: + name: example-service + port: + number: 80 + path: /v1/yet-another-example + pathType: ImplementationSpecific +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongUpstreamPolicy +metadata: + name: example-service-upstream +spec: + algorithm: round-robin + healthchecks: + active: + concurrency: 10 + headers: + x-another-header: + - bla + x-my-header: + - foo + - bar + healthy: + httpStatuses: + - 200 + - 302 + interval: 0 + successes: 0 + httpPath: / + httpsSni: example.com + httpsVerifyCertificate: true + timeout: 1 + type: http + unhealthy: + httpFailures: 0 + httpStatuses: + - 429 + - 404 + - 500 + - 501 + - 502 + - 503 + - 504 + - 505 + interval: 0 + tcpFailures: 0 + timeouts: 0 + passive: + healthy: + httpStatuses: + - 200 + - 201 + - 202 + - 203 + - 204 + - 205 + - 206 + - 207 + - 208 + - 226 + - 300 + - 301 + - 302 + - 303 + - 304 + - 305 + - 306 + - 307 + - 308 + successes: 0 + type: http + unhealthy: + httpFailures: 0 + httpStatuses: + - 429 + - 500 + - 503 + tcpFailures: 0 + timeouts: 0 + threshold: 0 + slots: 10000 +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + konghq.com/connect-timeout: "5000" + konghq.com/path: /v1 + konghq.com/plugins: example-service-rate-limiting-advanced + konghq.com/protocol: http + konghq.com/read-timeout: "60000" + konghq.com/retries: "5" + konghq.com/upstream-policy: example-service-upstream + konghq.com/write-timeout: "60000" + name: example-service +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + app: example-service +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: key-auth + name: key-auth-example-user +stringData: + key: my_api_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: jwt + name: jwt-auth-example-user +stringData: + algorithm: HS256 + key: my_jwt_secret + rsa_public_key: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXzYS5yESbekTF3xLiQX + ZZZfXt0S/nzFp3f2Oux3W7/ydvZ8XSd8+s+wm5oqEcSV9n+5n3ENZbt1A/wgnGI3 + oWrv0yRB9HugzTIGPpI1AQv9Z4p8E44RrB74/uTxYwb9+4yvpuz/fzTt3Gz+Kzc4 + 4fGGq8VpGMFj6AE65ZcOAHHUJe4VuoreBXLYDJcHl2WPIdNKDGscFjElDneLRhWQ + DfxekDJIQMWCjyBEXacfP6cc9U8Qld6TuVcwi1P2xb8tBDD4MIFL/psfzUhfv1Lw + O/XZEffJxCqkQn7dsCYy3wpaTjb6XmJ5j0Dbml4f0Bv40Y1mjlAf7C662Mbuguf6 + ewIDAQAB + -----END PUBLIC KEY----- + secret: my_secret_key +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: basic-auth + name: basic-auth-example-user +stringData: + password: my_basic_password + username: my_basic_user +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: acl + name: acl-group-example-user +stringData: + group: acl_group +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + labels: + konghq.com/credential: mtls-auth + name: mtls-auth-example-user +stringData: + id: cce8c384-721f-4f58-85dd-50834e3e733a + subject_name: example-user@example.com +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a672ab52d2341203bd70116b456413d7ac3ffc162abbf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa + MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw + NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG + SM49AgEGCCqGSM49AwEHA0IABOGR89IyhreSHRAi6wp9a5DBIDp4YYSdWzuEdlNx + 7pX1G4T7x68xUXJZXRUPFyT8Xzn5KwCJm8RVT+nAhrsUx6SjRTBDMA4GA1UdDwEB + /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQ9CUiOPhjp7KD2 + ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR + PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ + -----END CERTIFICATE----- + ca.digest: f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-a4f087c2ee00e6d43cfb4f6884fc1e79f7e6e08e84471 +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBqTCCAVCgAwIBAgIQb5LqGa9gS3+Mc2ntWfSoJjAKBggqhkjOPQQDAjAcMRow + GAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTAeFw0yMjA2MTMxMzM5MTVaFw0yMzA2 + MTMxOTM5MTVaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBSb290IEludGVybWVkaWF0 + ZTEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQImvnSuvXkGy88lvx8a7of + e0MEMRI2siVvybvWXNpeXXlixgaq7weJ7pewf3HywfO68Va6kn8ehWh7s0D7SLHM + o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E + FgQUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwHwYDVR0jBBgwFoAUPQlIjj4Y6eyg9knE + Q8V+CMwzqzcwCgYIKoZIzj0EAwIDRwAwRAIgNZ+JPA1OqF5DsPapAZ2YsUOgIpn3 + ZbQuYKCAV0SD4EcCIFnfA5rWrc1AgtUw5inJQqJQRNgoPuC14vACqI48BiRl + -----END CERTIFICATE----- + ca.digest: dbef7ed285fb292e24f84ffba93c48d92fa322387d85469c460c655abedd5308 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: ca-cert-6b095c7ff377b01252a4dfec59c582fe32934fa7ed0cf +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIBujCCAV+gAwIBAgIRAMkGpj7WZf+2RFE/q7ZhejEwCgYIKoZIzj0EAwIwKjEo + MCYGA1UEAxMfRGVtbyBLb25nIFJvb3QgSW50ZXJtZWRpYXRlMSBDQTAeFw0yMjA2 + MTMxMzQwNTFaFw0yMjEyMTMwNDQwNTFaMCoxKDAmBgNVBAMTH0RlbW8gS29uZyBS + b290IEludGVybWVkaWF0ZTIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQB + my/zhZ3F2HvHFqtQzuD3lXX8SeYakxiBQvaGkGSLKD67N3vh7iC2rTSdj/vAs8ws + Y9X+mXzS6GDKC8PbSX6xo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw + BgEB/wIBADAdBgNVHQ4EFgQURwCm53YPStZoAMfnVyknH4IgZa4wHwYDVR0jBBgw + FoAUhuxCKmCSvZWf95+iZ+Wsz9DJJVMwCgYIKoZIzj0EAwIDSQAwRgIhAN1pkUKc + azM4PiXOnkILB2KBDIF4XpHf+4ThDMODzXP8AiEA45KXA3qMrRPQV1oBfWZ3hLgX + gxUhveuHBXMWnzUbn6U= + -----END CERTIFICATE----- + ca.digest: 45b2b6dd9d4102955b1b1e4b540e677f140521462ed4f22fa5a713863ca84600 +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-0ee0e1584c8637facac95bd5fce315367dee124c0086d41e +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMTUxMTE5NDNaFw0yMjA1MzAxMTE5NDNaMIGRMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFzAVBgNVBAMMDnBy + b3h5LmtvbmcubGFuMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29uZ2hxLmNvbTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUbKiqoCK1BTNk/7l42n6ukyTEu + eLyB23e/90PzT/oz8wZzgwTodzbFAS2VtFr1EKqFzor0DrXp9CLnebOdiAR3I6LD + /WY/x0KW3lx3F35fGiUOSLPTH8zeiDTMx11CcKDxesA+M2/s5q0igkOQ4z4w3voz + m5a52IcQTSA8K5knNU1qUZBLpc+khxFcaheEK1jsISJJhcdizZBfGdk8S1vpyj5F + uCZ7oaRvNA6imHjSJwpgo36zd84TgrIgVj9R4QtJysWy/X+bbaKUiKBWwAtd4+DT + EP90l/ny9szu2fijk4/6k1ntXufGTyvM+J0/qJ13e99TVYOVanITnpTO+6cCAwEA + AaNWMFQwHwYDVR0jBBgwFoAUdskpf0wJRQxjtzQFZciWmUfl2bcwCQYDVR0TBAIw + ADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOcHJveHkua29uZy5sYW4wDQYJKoZI + hvcNAQELBQADggEBAJVrTWQRQzNtypa9OXFYADm8Fay1VMop3BY2kh0tfYgQEJ/4 + pJUj6CaszQZ/Aix6LaPnXFcoPCDqqv00mgju86PMamr/zA9USXk8eTmzJkp5RklS + GdqiXboqESiQVvaNz3kdW7wgNz4FwaGCzkEi/dcc2LdtzLpWizx+TlxMMqjonUUM + ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9 + Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj + Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ= + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ + P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi + 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat + IoJDkOM+MN76M5uWudiHEE0gPCuZJzVNalGQS6XPpIcRXGoXhCtY7CEiSYXHYs2Q + XxnZPEtb6co+Rbgme6GkbzQOoph40icKYKN+s3fOE4KyIFY/UeELScrFsv1/m22i + lIigVsALXePg0xD/dJf58vbM7tn4o5OP+pNZ7V7nxk8rzPidP6idd3vfU1WDlWpy + E56UzvunAgMBAAECggEAcq7lHNAHdHLgT8yrY41x/AwPryNGO/9JNW7SGVKAdjoU + tyaLZHAEmXynLk+R28/YFMA8H4Yd9m9OlrYhVjRZFM4p+5vxP/7YHPB7cPUsfcda + DZxR8PX25JVYf/vtb16V0ERLnKd62qCEwC/lr2A2WHQwXJLrHeAtmZzBJYUCJ5Xj + Dv1ZhyFjknswaV0vGXe6njTI6CzMQDTGysoagpCCo7RWgzjLREg2BGWd2UQpY4AW + nYAP4QNt82UMQbgIqsEMj64mzS9Q+o1P84J1naSP5sCI22LeFRp6iezZc+D8EH/5 + RNONGSNWl3g6bsvN1VywYwjWn+waD3XAjXUu+peUgQKBgQDDu1QP28oSMKivHdfo + kQ1HrTNBRc9eWeAMZFuIbbPLN8rdEibpOm3DwTqithnahqS0NLOsBnXNtuLw1Qr/ + zmOzn0yDO5XG8dlKr9vqWeBLdcRydLJBZwqEzWf4JwwwgfK3rItRaIbnAxnGUTS5 + SrrhNfBAIGS9jx5X2kvLC7hFQQKBgQDDBIrpLTIjRDloWZcu03z9Bhb8jQCyGb5C + 4MYs+duCnQIdNq/+maPspJzbVmF4b6S1zIPweI3fMvMeqRTbuf+drpElst1buFTO + P0UMMn4V+4qGIOOkIy5JIKwR8sJD9tNDUPtxuDEotTB9IyWx6pdmCFz5v/bggDCu + reoqflL+5wKBgQCDvb+L2QS+j4/KJk0flRoaJ2K7SVCVEesyjA3r2uLMImZhvAkC + rDgbLSDZSbZHFp8fR+WzILoD11gSf2Ki4PjMeqkWH3HlcP0vPwTHTO0h/UdXPmKI + kOFMl7CmHyoeMCj9JZ60EaXTMYwUpq3VFY6JbTOjBeqoh/8FZMHlDaNewQKBgCHg + ECEg8KyflTlDFrfTlMp+3E9STuShBCOp18LIRBEUJOHeNgQLvCXHElgnURcSjZHm + zKRgzIQQ3Zpd1Hm2fWhuglgCEeF0y4ZoBx5vRueaoh1aaTCBy/B39GvJt2UG4vu2 + fXbrf96KWrnh+RJGpbXbjgr0BXZJzisJmrt25gPRAoGBAI3c+INpQXwrE+LBzCPu + LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY + iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3 + NNSvLxPAempmiFPSk9AtobYV + -----END PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: cert-b12464ec431576239dd9cc2545d528f6cbdbd988cf076323 +stringData: + tls.crt: |- + -----BEGIN CERTIFICATE----- + MIIFeDCCBGCgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyQwDQYJKoZIhvcNAQEL + BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM + CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY + MBYGA1UEAwwPU3VwcG9ydCBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5zdHVAa29u + Z2hxLmNvbTAeFw0yMTAxMjAxNTA0NDVaFw0yMjAxMjAxNTA0NDVaMIGQMQswCQYD + VQQGEwJVSzESMBAGA1UECAwJSGFtcHNoaXJlMRIwEAYDVQQHDAlBbGRlcnNob3Qx + EDAOBgNVBAoMB0tvbmcgVUsxEDAOBgNVBAsMB1N1cHBvcnQxFjAUBgNVBAMMDW10 + bHMtY29uc3VtZXIxHTAbBgkqhkiG9w0BCQEWDnN0dUBrb25naHEuY29tMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1 + BYCn1+E9Uwgh0uwAenT/DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTo + byOUV6tIJAjvzyEOpC458hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu + 3D6r8/zbhhWAqe4EIt+NVYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z + 0xDqCSMmPebzjns03ttB29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO + 1mmABAQTQWMR/00+QI0xtvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa + 71zNzARUVaZ2vy1pRVr0DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn + 3M/roNLAU+3nz4itpt/zf+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2 + OsqQuICaajnW7t1oDd7z1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywD + PgnhSz9AaoVWhR+GHIPrjRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAj + vdLuNhx4bJbwLBgNGsJMkupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD + 55NecBPNw5C9BR0CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE + AwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENl + cnRpZmljYXRlMB0GA1UdDgQWBBSV3F+eicU8SVT4LcDJ6eMzP0todzAfBgNVHSME + GDAWgBR2ySl/TAlFDGO3NAVlyJaZR+XZtzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0l + BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQB5L0OZ + WELG9Pw6Ol1BsZYgpLR4PGNBB9dKm/9dd+q+ohZVFCfXcjZ3YOU1vh/HHQrALRNY + I58JxcVCOx/qIW2uA0iSCqIT0sNb9cJLxfZf7X+BzPPPnu0ugUJp7GzLNnHitrLC + Xb1nmmefwgraNzp+a5IrR8RcQG1mYDuS+2HK/rybo22XcCxhob8OiDEn8+ytkKyQ + Ipmrf9D+/68/ih6az0w1aakASMmFe8z/p6VgVQkCySCWWFG525BRdGmSImqVZ4xa + aQFN3L+oN+JJcCFTthLOAYo32JH+xLMz7PokzSL84g3b68h59hXDoMSwB10GthL5 + T8tqV6i5miKWwvfZ + -----END CERTIFICATE----- + tls.key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEA1/+83/YNiEVKYvcuVwYGve6afsg1BYCn1+E9Uwgh0uwAenT/ + DKB8NhqoVxc7cZ2HaTI146IGmFICmctlTWvLPLglHmTobyOUV6tIJAjvzyEOpC45 + 8hLGgbv8mhGXJWPxBVu7Wy6Hapz2bk0cEscfL7PHKaRu3D6r8/zbhhWAqe4EIt+N + VYT6baaYBs7bPZQXs/sluKI+DNYuDeaAmoSuCc4ein6z0xDqCSMmPebzjns03ttB + 29vWL3eYY9dvgoCd+CPhXT/C4CHtvKbH+hOQYDtVF6MO1mmABAQTQWMR/00+QI0x + tvuXtEPurla5dA0TN6ddCTOOcILKx62z5oc3Kqr+nHHa71zNzARUVaZ2vy1pRVr0 + DZgB7KqcFXhy/oy8IpmxUR1ASBDZl6B6RKrdQwvgLgmn3M/roNLAU+3nz4itpt/z + f+X0suwdthrflic1R68z1SlYbyoGARWkZ/pOl6kLNVK2OsqQuICaajnW7t1oDd7z + 1+3hm+uoryDwvG6f3T9ZvWjKXYcKg7b+BjbFdahbDywDPgnhSz9AaoVWhR+GHIPr + jRClMpEkra/yGJFvH3UpXhgg9d0DrLZE51Z75a9SvnAjvdLuNhx4bJbwLBgNGsJM + kupzBrw4iCfbKFcBbP8o0Xjtarj7T/mkWuQ1GjWqfyrD55NecBPNw5C9BR0CAwEA + AQKCAgEAymuOrG/hJKiS2oX8tm8eWFZIELI9BigYozYhCzQexpSGqjwEXOf1H5sB + 0YQjIAlZwhrc57OK7KpGZ6x2BgUT1JZZqs80CBtWxIXuuF5rpje7id8MTLCNuTzb + r+L2O4Mad0QNI5lKLH5mbt3yhiJ3NnQLHBpODjbpXGDFtTVne1hkJe5MfC1/psyt + wguO6HllcTTWl93ruonpZPtz39qhYuz4MCAnE5DRUrjO+Mn7y7XoyUS+xnSRl7BD + bqWRicJQyB+P7px3WyZQri+6TsCQ164iw2D64bLC1oCfLvLSBeh0g3gOdAX5mGTl + RBpf98LdFJXSmXHodcYMlO5THqHu7mOE8zvPDbOzpwKftE11PS+lhuq/fREJnrAx + pbvTkv2c1nu90gkracv6PhRC8YhBIa2gqhoxY7rH7UpYa1c5QaJzg5ibiteTLRKC + e9ZmfoPWaY2ksY4gBWZ/p2wokJ8U6ZHEsEfQS9WibMpqRsdINWQ9JnIBLKnTuqB0 + B29E9jHAl8rwMT2/DiIiVjHcdwpP37MxotKvYDFw+yDcZDeKTIh133XZNWyO/TcH + aDrNB0dymqunuNmfPts566AYErym0ndcmmLuGIKKE+l1h1+5CWjdsTdrkkXZK/w1 + i/krfLruQqQcW3Bpng8JAKirvGfYJxIEaCLqtepb7YaHhaI3gz0CggEBAPO0UQ6e + oPzMYmEegp2LjAfHZhwGV0fpiC6nxEWKoEE7Tb5zyB8rlkFIpQlXmljQvf3xDmq/ + Ta3JlkaY290oFc0ypp9zUY/sUGyc3pvltxl0gLKOPnIkoP3ma2HzBxQRrGRdcFhH + AHom80Bm9APm29L0MFuOuhGGxkGvQCxH+KmmohvZMUEqNIuWi8XB7maDXcAmSJ7x + YdQAgLspRJ+kkZM+59XijyvYvg04xCu1FSop+Lol+xBwWAR5OaKnbZ9L+jKtzbxC + IS7ERTlhsham2dYIm7SFcD/OcLV6luqreR0svS6HQis1kGxnNxkBAbrB1QZ+wLKp + QztnOk70H/eWP5sCggEBAOLllCHuRloqEyzDT5sVbflCMTVsXmHGJ4/qI4An+etI + 3DComNLPAIBKYAiNgqWAm/wfLy5rHu2ZGzcPn7cQF/xKp00uDGKncQz3Z9JDofI1 + rpLH+t3LJ9l/EzQv1tpzwOU5rhFNmqrJnwy17BtOmlCKAQnVmyDkLyR9AhWkCTi8 + BLDq6mx1X61K6P11GAxAd70NFNzD8868Ddq2XInwEwXzf/FHQW/JVYZEAa7dn4KF + wQ/tPSspP0vGzDfgNI64PtNePnZ/e00XXqA7la2OScro+SDSyXGlDKX4XhwwTDD1 + +u3VbUmjInpEJL3bU8c/qe36UhoseF1G0cm22sHqhacCggEAY3A+5r05KQ1oUwJ0 + /z2ybHYjJuo7cN9MLuVLg6iVzSgah8yMapOJYqf2l0JEe1rpOxXB8TKPyoqHo9S5 + WZsCklDJhiQysowVIMw9VNU9ichsvu6lckOZ4R/Ezxmv2LOBaQ5rScnm2vDLroqT + pIftSD1VAfbR21bnzGNqxuazAt44JS7RFyrWd+J8s7t2wCN3/HBij2Akr7Fo1XV4 + R7+JmtA/HpmsG5L7sT9pZAAmW6b2k1XuBH4im+iu6LxyUV5Z/5XFbbx597AkIs7H + MNDx75BhoB4WeCKPAK29qJFBAPOBWdvc1u6rOGBBLhWoFAEFH/pWPFAuW626L/8S + kB6hYwKCAQB3/JIec2Pu0Gs9c7eIOofilXdyWfF7YQ+Q0m+dmQZXvzr53F6ctGz+ + atZoD3V0UhOq+063DFzZpuq2bmO2qiMU/uGENgLEtOlawwa7MZrVfD/qTSjD22gi + Y0njghzrfuUWEy+S5OgSwvaCAT5vnlyKlMBB1BzqAuFPOXA9w3ZA82TDribz3goP + mRqm1iI2cG0ho2ZR7KnkvJvS+jbrlvJoZkFVdaoMFHtOum3tbDOrEVJsOrfrOC/J + wcJDFiSVCKfonOEJRxcMSHx43amkkydAz3zXN8DhgTe0GSijXYMdLSdaWFAn7cYQ + xDJt2CtwpaEWQRbj0nqAUTAlrLX4cC3nAoIBAQCl1cV86bYw8CKrCuf9TF0Kk5pd + REdilDpks4Z1RH4MpBDWLtvMeQqlNsN+/RugKQExO0HTdZIyn7cBRRloD2xcNcJA + G/rUMel/x4fhaEOE7Uw9rmTefvpcgWmtXw64sMA8KFA4oCXIcgbwL5Q+szqNNWAN + abpgl0DnU06YyBDoK/7D0B8Kt3qS1N6XX+Z5wtPvglbD2HCYy6rdkqi8IbQ/6OeS + wG7p/7g3JlOEyotMq9Cl2T0wTNDSLlma+mwc9mILITDXznWiLQSznE69mebWBUr3 + Sbt91efH30inRx85H0pNJrpZsH0A6ayL0gTJSuUc0eJXYR5Po1gRQMOSIEWh + -----END RSA PRIVATE KEY----- +type: kubernetes.io/tls +--- +apiVersion: configuration.konghq.com/v1 +consumerGroups: +- example-consumer-group +credentials: +- key-auth-example-user +- jwt-auth-example-user +- basic-auth-example-user +- acl-group-example-user +- mtls-auth-example-user +custom_id: "1234567890" +kind: KongConsumer +metadata: + annotations: + konghq.com/plugins: example-user-rate-limiting-advanced + kubernetes.io/ingress.class: kong + name: example-user +username: example-user +--- +apiVersion: configuration.konghq.com/v1beta1 +kind: KongConsumerGroup +metadata: + annotations: + kubernetes.io/ingress.class: kong + name: example-consumer-group +--- diff --git a/kong2kic/types.go b/kong2kic/types.go new file mode 100644 index 000000000..d264662e9 --- /dev/null +++ b/kong2kic/types.go @@ -0,0 +1,177 @@ +package kong2kic + +import ( + "encoding/json" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + kicv1beta1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1beta1" + k8scorev1 "k8s.io/api/core/v1" + k8snetv1 "k8s.io/api/networking/v1" + k8sgwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + "sigs.k8s.io/yaml" +) + +// KICContent represents a serialized Kong state for KIC. +// +k8s:deepcopy-gen=true +type KICContent struct { + KongIngresses []kicv1.KongIngress `json:"kongIngresses,omitempty" yaml:",omitempty"` + KongPlugins []kicv1.KongPlugin `json:"kongPlugins,omitempty" yaml:",omitempty"` + KongClusterPlugins []kicv1.KongClusterPlugin `json:"clusterPlugins,omitempty" yaml:",omitempty"` + Ingresses []k8snetv1.Ingress `json:"ingresses,omitempty" yaml:",omitempty"` + Services []k8scorev1.Service `json:"services,omitempty" yaml:",omitempty"` + Secrets []k8scorev1.Secret `json:"secrets,omitempty" yaml:",omitempty"` + KongConsumers []kicv1.KongConsumer `json:"consumers,omitempty" yaml:",omitempty"` + KongConsumerGroups []kicv1beta1.KongConsumerGroup `json:"consumerGroups,omitempty" yaml:",omitempty"` + HTTPRoutes []k8sgwapiv1.HTTPRoute `json:"httpRoutes,omitempty" yaml:",omitempty"` + KongUpstreamPolicies []kicv1beta1.KongUpstreamPolicy `json:"upstreamPolicies,omitempty" yaml:",omitempty"` +} + +func (k KICContent) marshalKICContentToFormat(format string) ([]byte, error) { + var output []byte + + const ( + yamlSeparator = "---\n" + ) + + for _, kongIngress := range k.KongIngresses { + kongIngresses, err := SerializeObjectDroppingFields(kongIngress, format) + if err != nil { + return nil, err + } + output = append(output, kongIngresses...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, kongPlugin := range k.KongPlugins { + kongPlugins, err := SerializeObjectDroppingFields(kongPlugin, format) + if err != nil { + return nil, err + } + output = append(output, kongPlugins...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, kongClusterPlugin := range k.KongClusterPlugins { + kongClusterPlugins, err := SerializeObjectDroppingFields(kongClusterPlugin, format) + if err != nil { + return nil, err + } + output = append(output, kongClusterPlugins...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, ingress := range k.Ingresses { + ingresses, err := SerializeObjectDroppingFields(ingress, format) + if err != nil { + return nil, err + } + output = append(output, ingresses...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, httpRoute := range k.HTTPRoutes { + httpRoutes, err := SerializeObjectDroppingFields(httpRoute, format) + if err != nil { + return nil, err + } + output = append(output, httpRoutes...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, kongUpstreamPolicy := range k.KongUpstreamPolicies { + kongUpstreamPolicies, err := SerializeObjectDroppingFields(kongUpstreamPolicy, format) + if err != nil { + return nil, err + } + output = append(output, kongUpstreamPolicies...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, service := range k.Services { + services, err := SerializeObjectDroppingFields(service, format) + if err != nil { + return nil, err + } + output = append(output, services...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, secret := range k.Secrets { + secrets, err := SerializeObjectDroppingFields(secret, format) + if err != nil { + return nil, err + } + output = append(output, secrets...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, kongConsumer := range k.KongConsumers { + kongConsumers, err := SerializeObjectDroppingFields(kongConsumer, format) + if err != nil { + return nil, err + } + output = append(output, kongConsumers...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + for _, kongConsumerGroup := range k.KongConsumerGroups { + kongConsumerGroups, err := SerializeObjectDroppingFields(kongConsumerGroup, format) + if err != nil { + return nil, err + } + output = append(output, kongConsumerGroups...) + if format == file.YAML { + output = append(output, []byte(yamlSeparator)...) + } + } + + return output, nil +} + +func SerializeObjectDroppingFields(obj interface{}, format string) ([]byte, error) { + objBytes, err := json.Marshal(obj) + result := []byte{} + if err != nil { + return nil, err + } + genericObj := map[string]interface{}{} + if err := json.Unmarshal(objBytes, &genericObj); err != nil { + return nil, err + } + + // We're deleting fields that are not meant to be supplied by users. + delete(genericObj, "status") + delete(genericObj["metadata"].(map[string]interface{}), "creationTimestamp") + + if format == file.JSON { + result, err = json.MarshalIndent(genericObj, "", " ") + if err != nil { + return nil, err + } + } else if format == file.YAML { + result, err = yaml.Marshal(genericObj) + if err != nil { + return nil, err + } + } + return result, err +} diff --git a/kong2kic/upstream.go b/kong2kic/upstream.go new file mode 100644 index 000000000..76053bb1b --- /dev/null +++ b/kong2kic/upstream.go @@ -0,0 +1,216 @@ +package kong2kic + +import ( + "log" + "strings" + + "github.com/kong/go-database-reconciler/pkg/file" + kicv1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1" + kicv1beta1 "github.com/kong/kubernetes-ingress-controller/v3/pkg/apis/configuration/v1beta1" + k8scorev1 "k8s.io/api/core/v1" +) + +// UpstreamPolicy for KIC v3 +func populateKICUpstreamPolicy( + content *file.Content, + service *file.FService, + k8sservice *k8scorev1.Service, + kicContent *KICContent, +) { + if content.Upstreams != nil { + var kongUpstreamPolicy kicv1beta1.KongUpstreamPolicy + kongUpstreamPolicy.APIVersion = KICAPIVersionV1Beta1 + kongUpstreamPolicy.Kind = UpstreamPolicyKind + if service.Name != nil { + kongUpstreamPolicy.ObjectMeta.Name = calculateSlug(*service.Name + "-upstream") + } else { + log.Println("Service name is empty. This is not recommended." + + "Please, provide a name for the service before generating Kong Ingress Controller manifests.") + return + } + + k8sservice.ObjectMeta.Annotations["konghq.com/upstream-policy"] = kongUpstreamPolicy.ObjectMeta.Name + + // Find the upstream (if any) whose name matches the service host and copy the upstream + // into kongUpstreamPolicy. Append the kongUpstreamPolicy to kicContent.KongUpstreamPolicies. + found := false + for _, upstream := range content.Upstreams { + if upstream.Name != nil && strings.EqualFold(*upstream.Name, *service.Host) { + found = true + var threshold int + if upstream.Healthchecks != nil && upstream.Healthchecks.Threshold != nil { + threshold = int(*upstream.Healthchecks.Threshold) + } + var activeHealthyHTTPStatuses []kicv1beta1.HTTPStatus + var activeUnhealthyHTTPStatuses []kicv1beta1.HTTPStatus + var passiveHealthyHTTPStatuses []kicv1beta1.HTTPStatus + var passiveUnhealthyHTTPStatuses []kicv1beta1.HTTPStatus + + if upstream.Healthchecks != nil && + upstream.Healthchecks.Active != nil && + upstream.Healthchecks.Active.Healthy != nil { + activeHealthyHTTPStatuses = make([]kicv1beta1.HTTPStatus, len(upstream.Healthchecks.Active.Healthy.HTTPStatuses)) + for i, status := range upstream.Healthchecks.Active.Healthy.HTTPStatuses { + activeHealthyHTTPStatuses[i] = kicv1beta1.HTTPStatus(status) + } + } + + if upstream.Healthchecks != nil && + upstream.Healthchecks.Active != nil && + upstream.Healthchecks.Active.Unhealthy != nil { + activeUnhealthyHTTPStatuses = make([]kicv1beta1.HTTPStatus, + len(upstream.Healthchecks.Active.Unhealthy.HTTPStatuses)) + for i, status := range upstream.Healthchecks.Active.Unhealthy.HTTPStatuses { + activeUnhealthyHTTPStatuses[i] = kicv1beta1.HTTPStatus(status) + } + } + + if upstream.Healthchecks != nil && + upstream.Healthchecks.Passive != nil && + upstream.Healthchecks.Passive.Healthy != nil { + passiveHealthyHTTPStatuses = make([]kicv1beta1.HTTPStatus, len(upstream.Healthchecks.Passive.Healthy.HTTPStatuses)) + for i, status := range upstream.Healthchecks.Passive.Healthy.HTTPStatuses { + passiveHealthyHTTPStatuses[i] = kicv1beta1.HTTPStatus(status) + } + } + + if upstream.Healthchecks != nil && + upstream.Healthchecks.Passive != nil && + upstream.Healthchecks.Passive.Unhealthy != nil { + passiveUnhealthyHTTPStatuses = make([]kicv1beta1.HTTPStatus, + len(upstream.Healthchecks.Passive.Unhealthy.HTTPStatuses)) + for i, status := range upstream.Healthchecks.Passive.Unhealthy.HTTPStatuses { + passiveUnhealthyHTTPStatuses[i] = kicv1beta1.HTTPStatus(status) + } + } + + // populeate kongUpstreamPolicy.Spec with the + // non-nil attributes in upstream. + if upstream.Algorithm != nil { + kongUpstreamPolicy.Spec.Algorithm = upstream.Algorithm + } + if upstream.Slots != nil { + kongUpstreamPolicy.Spec.Slots = upstream.Slots + } + + if upstream.HashOn != nil && upstream.Algorithm != nil && *upstream.Algorithm == "consistent-hashing" { + kongUpstreamPolicy.Spec.HashOn = &kicv1beta1.KongUpstreamHash{ + Input: (*kicv1beta1.HashInput)(upstream.HashOn), + Header: upstream.HashOnHeader, + Cookie: upstream.HashOnCookie, + CookiePath: upstream.HashOnCookiePath, + QueryArg: upstream.HashOnQueryArg, + URICapture: upstream.HashOnURICapture, + } + } + if upstream.HashFallback != nil && upstream.Algorithm != nil && *upstream.Algorithm == "consistent-hashing" { + kongUpstreamPolicy.Spec.HashOnFallback = &kicv1beta1.KongUpstreamHash{ + Input: (*kicv1beta1.HashInput)(upstream.HashFallback), + Header: upstream.HashFallbackHeader, + QueryArg: upstream.HashFallbackQueryArg, + URICapture: upstream.HashFallbackURICapture, + } + } + if upstream.Healthchecks != nil { + kongUpstreamPolicy.Spec.Healthchecks = &kicv1beta1.KongUpstreamHealthcheck{ + Threshold: &threshold, + Active: &kicv1beta1.KongUpstreamActiveHealthcheck{ + Type: upstream.Healthchecks.Active.Type, + Concurrency: upstream.Healthchecks.Active.Concurrency, + HTTPPath: upstream.Healthchecks.Active.HTTPPath, + HTTPSSNI: upstream.Healthchecks.Active.HTTPSSni, + HTTPSVerifyCertificate: upstream.Healthchecks.Active.HTTPSVerifyCertificate, + Timeout: upstream.Healthchecks.Active.Timeout, + Headers: upstream.Healthchecks.Active.Headers, + Healthy: &kicv1beta1.KongUpstreamHealthcheckHealthy{ + Interval: upstream.Healthchecks.Active.Healthy.Interval, + Successes: upstream.Healthchecks.Active.Healthy.Successes, + HTTPStatuses: activeHealthyHTTPStatuses, + }, + Unhealthy: &kicv1beta1.KongUpstreamHealthcheckUnhealthy{ + HTTPFailures: upstream.Healthchecks.Active.Unhealthy.HTTPFailures, + TCPFailures: upstream.Healthchecks.Active.Unhealthy.TCPFailures, + Timeouts: upstream.Healthchecks.Active.Unhealthy.Timeouts, + Interval: upstream.Healthchecks.Active.Unhealthy.Interval, + HTTPStatuses: activeUnhealthyHTTPStatuses, + }, + }, + Passive: &kicv1beta1.KongUpstreamPassiveHealthcheck{ + Type: upstream.Healthchecks.Passive.Type, + Healthy: &kicv1beta1.KongUpstreamHealthcheckHealthy{ + HTTPStatuses: passiveHealthyHTTPStatuses, + Interval: upstream.Healthchecks.Passive.Healthy.Interval, + Successes: upstream.Healthchecks.Passive.Healthy.Successes, + }, + Unhealthy: &kicv1beta1.KongUpstreamHealthcheckUnhealthy{ + HTTPFailures: upstream.Healthchecks.Passive.Unhealthy.HTTPFailures, + HTTPStatuses: passiveUnhealthyHTTPStatuses, + TCPFailures: upstream.Healthchecks.Passive.Unhealthy.TCPFailures, + Timeouts: upstream.Healthchecks.Passive.Unhealthy.Timeouts, + Interval: upstream.Healthchecks.Passive.Unhealthy.Interval, + }, + }, + } + } + } + if found { + kicContent.KongUpstreamPolicies = append(kicContent.KongUpstreamPolicies, kongUpstreamPolicy) + } + } + } +} + +// KongIngress with upstream section for KIC v2 +func populateKICUpstream( + content *file.Content, + service *file.FService, + k8sservice *k8scorev1.Service, + kicContent *KICContent, +) { + // add Kong specific configuration to the k8s service via a KongIngress resource + + if content.Upstreams != nil { + var kongIngress kicv1.KongIngress + kongIngress.APIVersion = KICAPIVersion + kongIngress.Kind = IngressKind + if service.Name != nil { + kongIngress.ObjectMeta.Name = calculateSlug(*service.Name + "-upstream") + } else { + log.Println("Service name is empty. This is not recommended." + + "Please, provide a name for the service before generating Kong Ingress Controller manifests.") + return + } + kongIngress.ObjectMeta.Annotations = map[string]string{IngressClass: ClassName} + + // add an annotation to the k8sservice to link this kongIngress to it + k8sservice.ObjectMeta.Annotations["konghq.com/override"] = kongIngress.ObjectMeta.Name + + // Find the upstream (if any) whose name matches the service host and copy the upstream + // into a kicv1.KongIngress resource. Append the kicv1.KongIngress to kicContent.KongIngresses. + found := false + for _, upstream := range content.Upstreams { + if upstream.Name != nil && strings.EqualFold(*upstream.Name, *service.Host) { + found = true + kongIngress.Upstream = &kicv1.KongIngressUpstream{ + HostHeader: upstream.HostHeader, + Algorithm: upstream.Algorithm, + Slots: upstream.Slots, + Healthchecks: upstream.Healthchecks, + HashOn: upstream.HashOn, + HashFallback: upstream.HashFallback, + HashOnHeader: upstream.HashOnHeader, + HashFallbackHeader: upstream.HashFallbackHeader, + HashOnCookie: upstream.HashOnCookie, + HashOnCookiePath: upstream.HashOnCookiePath, + HashOnQueryArg: upstream.HashOnQueryArg, + HashFallbackQueryArg: upstream.HashFallbackQueryArg, + HashOnURICapture: upstream.HashOnURICapture, + HashFallbackURICapture: upstream.HashFallbackURICapture, + } + } + } + if found { + kicContent.KongIngresses = append(kicContent.KongIngresses, kongIngress) + } + } +} diff --git a/kong2kic/writer.go b/kong2kic/writer.go new file mode 100644 index 000000000..da74ada68 --- /dev/null +++ b/kong2kic/writer.go @@ -0,0 +1,76 @@ +package kong2kic + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/kong/go-database-reconciler/pkg/file" + "github.com/kong/go-database-reconciler/pkg/utils" +) + +func WriteContentToFile(content *file.Content, filename string, format file.Format, yamlOrJSON string) error { + var c []byte + var err error + + switch format { + case KICV3GATEWAY: + c, err = MarshalKongToKIC(content, KICV3GATEWAY, yamlOrJSON) + if err != nil { + return err + } + case KICV3INGRESS: + c, err = MarshalKongToKIC(content, KICV3INGRESS, yamlOrJSON) + if err != nil { + return err + } + case KICV2GATEWAY: + c, err = MarshalKongToKIC(content, KICV2GATEWAY, yamlOrJSON) + if err != nil { + return err + } + case KICV2INGRESS: + c, err = MarshalKongToKIC(content, KICV2INGRESS, yamlOrJSON) + if err != nil { + return err + } + default: + return fmt.Errorf("unknown file format: " + string(format)) + } + + if filename == "-" { + if _, err := fmt.Print(string(c)); err != nil { + return fmt.Errorf("writing to stdout: %w", err) + } + } else { + filename = utils.AddExtToFilename(filename, strings.ToLower(string(format))) + prefix, _ := filepath.Split(filename) + if err := os.WriteFile(filename, c, 0o600); err != nil { + return fmt.Errorf("writing file: %w", err) + } + for _, sp := range content.ServicePackages { + if sp.Document != nil { + if err := os.MkdirAll(filepath.Join(prefix, filepath.Dir(*sp.Document.Path)), 0o700); err != nil { + return fmt.Errorf("creating document directory: %w", err) + } + if err := os.WriteFile(filepath.Join(prefix, *sp.Document.Path), + []byte(*sp.Document.Content), 0o600); err != nil { + return fmt.Errorf("writing document file: %w", err) + } + } + for _, v := range sp.Versions { + if v.Document != nil { + if err := os.MkdirAll(filepath.Join(prefix, filepath.Dir(*v.Document.Path)), 0o700); err != nil { + return fmt.Errorf("creating document directory: %w", err) + } + if err := os.WriteFile(filepath.Join(prefix, *v.Document.Path), + []byte(*v.Document.Content), 0o600); err != nil { + return fmt.Errorf("writing document file: %w", err) + } + } + } + } + } + return nil +}