Closed OfTheDelmer closed 2 months ago
Switch over to raw json policy in https,tls, and tcp edge kinds
Delete
Replace
RawPolicy
EndpointPolicy
We were able to sync the following to edges and see a policy
--- apiVersion: ingress.k8s.ngrok.com/v1alpha1 kind: Tunnel metadata: name: test-tunnel spec: backend: protocol: HTTPS forwardsTo: kubernetes.default.svc:443 labels: app: httpsedgepolicytest--- kind: NgrokModuleSet apiVersion: ingress.k8s.ngrok.com/v1alpha1 metadata: name: policy-module modules: policy: inbound: - name: FooBarParamNotFound expressions: - "'bar' in getQueryParam('foo')" actions: - type: "custom-response" config: status_code: 404 content: not found headers: content-type: text/plain - name: BazCookieForLargeRequests expressions: - "!hasReqCookie('baz')" - "req.ContentLength > 5000" actions: - type: "deny" outbound: - name: LogUnsuccessfulRequests expressions: - "res.StatusCode != '200' && res.StatusCode != '204'" actions: - type: "log" config: metadata: hostport: modulesetpolicytest.ngrok.dev:443 success: false --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress annotations: k8s.ngrok.com/modules: policy-module spec: ingressClassName: ngrok rules: - host: modulesetpolicytest.ngrok.dev http: paths: - path: / pathType: Prefix backend: service: name: game-2048 port: number: 80
--- apiVersion: ingress.k8s.ngrok.com/v1alpha1 kind: Domain metadata: name: tlsedgetest-ngrok-app spec: domain: tlsedgetest.ngrok.app --- apiVersion: ingress.k8s.ngrok.com/v1alpha1 kind: TLSEdge metadata: name: test-edge spec: hostports: - tlspolicytest.ngrok.dev:443 backend: labels: app: tlsedgetest policy: inbound: - name: "LimitToKnownIPs" expressions: - "conn.ClientIP != '8.8.8.8'" - "conn.ClientIP != '9.9.9.9'" actions: - type: deny --- apiVersion: ingress.k8s.ngrok.com/v1alpha1 kind: Tunnel metadata: name: test-tunnel spec: backend: protocol: TLS forwardsTo: kubernetes.default.svc:443 labels: app: tlsedgetest
What
Switch over to raw json policy in https,tls, and tcp edge kinds
How
Delete
andReplace
forRawPolicy
in client setRawPolicy
escape hatchEndpointPolicy
for moduleset into a byte arrayValidation
We were able to sync the following to edges and see a policy