feat: Add several demos (#10)

Author: fabriziofiorucci

NGINX-API-Steering/README.md

@@ -0,0 +1,9 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY apiserver.py .
+
+EXPOSE 5000
+CMD ["python", "apiserver.py"]

NGINX-API-Steering/apiserver/Dockerfile

@@ -0,0 +1,32 @@
+#!/usr/bin/python3
+
+from flask import Flask, request, jsonify
+from datetime import datetime
+import socket
+
+app = Flask(__name__)
+
+# curl -ks -X GET https://127.0.0.1:5000/echo_data | jq
+@app.route("/get_data", methods=["GET"])
+def get_data():
+    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+    hostname = socket.gethostname()
+
+    data = {
+        "timestamp": timestamp,
+        "hostname": hostname
+    }
+
+    return jsonify(data)
+
+# curl -ks -X POST https://127.0.0.1:5000/echo_data -d '{"var":123}' -H "Content-Type: application/json"
+@app.route("/echo_data", methods=["POST"])
+def echo_data():
+    payload = request.get_json() if request.get_json() != None else ''
+    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+    hostname = socket.gethostname()
+
+    return jsonify({"payload": payload, "hostname": hostname, "timestamp": timestamp})
+
+if __name__ == "__main__":
+    app.run(ssl_context="adhoc",host="0.0.0.0", port=5000)

NGINX-API-Steering/apiserver/apiserver.py

@@ -0,0 +1,2 @@
+Flask
+cryptography

NGINX-API-Steering/apiserver/requirements.txt

@@ -0,0 +1,9 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY backend.py .
+
+EXPOSE 5000
+CMD ["python", "backend.py"]

NGINX-API-Steering/backend/Dockerfile

@@ -0,0 +1,31 @@
+#!/usr/bin/python3
+
+import json
+from flask import Flask, jsonify, abort, make_response, request
+
+app = Flask(__name__)
+
+with open('db.json') as db:
+  rules = json.load(db)
+
+@app.route('/backend/fetchkey/<path:uri>', methods=['GET'])
+def get_key(uri):
+    rule = [rule for rule in rules if rule['uri'] == uri]
+    if len(rule) == 0:
+        abort(404)
+    return jsonify({'rule': rule[0]})
+
+@app.route('/backend/fetchallkeys', methods=['GET'])
+def get_all_keys():
+    return jsonify({'rules': rules})
+
+@app.route('/jwks.json', methods=['GET'])
+def get_jwks():
+    return jsonify({"keys": [{ "k":"ZmFudGFzdGljand0", "kty":"oct", "kid":"0001" }]})
+
+@app.errorhandler(404)
+def not_found(error):
+    return make_response(jsonify({'error': 'Not found'}), 404)
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0')

NGINX-API-Steering/backend/backend.py

@@ -0,0 +1,83 @@
+[
+  {
+    "id": 1,
+    "enabled": true,
+    "uri": "v1.0/api_get",
+    "matchRules": {
+      "method": "GET",
+      "roles": "guest"
+    },
+    "operation": {
+      "url": "https://api-server-1:5000/get_data"
+    }
+  },
+  {
+    "id": 2,
+    "enabled": true,
+    "uri": "v1.0/api_post",
+    "matchRules": {
+      "method": "POST",
+      "roles": "devops"
+    },
+    "operation": {
+      "url": "https://api-server-2:5000/echo_data"
+    },
+    "json": {
+      "to_server": {
+        "set": [
+          {
+            "field1": "value1"
+          },
+          {
+            "field2": "value2"
+          }
+        ],
+        "del": [
+          "group"
+        ]
+      },
+      "to_client": {
+        "set": [
+          {
+            "new_response_field": "ADDED"
+          }
+        ],
+        "del": [
+          "hostname"
+        ]
+      }
+    }
+  },
+  {
+    "id": 3,
+    "enabled": true,
+    "uri": "v1.0/api_post_no_change",
+    "matchRules": {
+      "method": "POST",
+      "roles": "devops"
+    },
+    "operation": {
+      "url": "https://api-server-2:5000/echo_data"
+    }
+  },
+  {
+    "id": 4,
+    "enabled": true,
+    "uri": "v1.0/template_test",
+    "matchRules": {
+      "method": "POST",
+      "roles": "guest"
+    },
+    "operation": {
+      "url": "https://api-server-2:5000/echo_data"
+    },
+    "template": {
+      "name": "",
+      "age": 0,
+      "address": {
+        "street": "",
+        "city": ""
+      }
+    }
+  }
+]

NGINX-API-Steering/backend/db-dockercompose.json

@@ -0,0 +1,83 @@
+[
+  {
+    "id": 1,
+    "enabled": true,
+    "uri": "v1.0/api_get",
+    "matchRules": {
+      "method": "GET",
+      "roles": "guest"
+    },
+    "operation": {
+      "url": "https://api-server-1.nginx-api-steering.svc.cluster.local:5000/get_data"
+    }
+  },
+  {
+    "id": 2,
+    "enabled": true,
+    "uri": "v1.0/api_post",
+    "matchRules": {
+      "method": "POST",
+      "roles": "devops"
+    },
+    "operation": {
+      "url": "https://api-server-2.nginx-api-steering.svc.cluster.local:5000/echo_data"
+    },
+    "json": {
+      "to_server": {
+        "set": [
+          {
+            "field1": "value1"
+          },
+          {
+            "field2": "value2"
+          }
+        ],
+        "del": [
+          "group"
+        ]
+      },
+      "to_client": {
+        "set": [
+          {
+            "new_response_field": "ADDED"
+          }
+        ],
+        "del": [
+          "hostname"
+        ]
+      }
+    }
+  },
+  {
+    "id": 3,
+    "enabled": true,
+    "uri": "v1.0/api_post_no_change",
+    "matchRules": {
+      "method": "POST",
+      "roles": "devops"
+    },
+    "operation": {
+      "url": "https://api-server-2.nginx-api-steering.svc.cluster.local:5000/echo_data"
+    }
+  },
+  {
+    "id": 4,
+    "enabled": true,
+    "uri": "v1.0/template_test",
+    "matchRules": {
+      "method": "POST",
+      "roles": "guest"
+    },
+    "operation": {
+      "url": "https://api-server-2.nginx-api-steering.svc.cluster.local:5000/echo_data"
+    },
+    "template": {
+      "name": "",
+      "age": 0,
+      "address": {
+        "street": "",
+        "city": ""
+      }
+    }
+  }
+]

NGINX-API-Steering/backend/db-k8s.json

@@ -0,0 +1 @@
+Flask

NGINX-API-Steering/backend/requirements.txt

@@ -0,0 +1,80 @@
+version: "3.9"
+
+services:
+  backend:
+    container_name: backend
+    image: backend
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    ports:
+      - 10000:5000
+    networks:
+      lab-network:
+        ipv4_address: 10.5.0.10
+    volumes:
+      - ./backend/db-dockercompose.json:/app/db.json:ro
+
+  api-server-1:
+    container_name: api-server-1
+    image: api-server
+    build:
+      context: ./apiserver
+      dockerfile: Dockerfile
+    ports:
+      - 5001:5000
+    networks:
+      lab-network:
+        ipv4_address: 10.5.0.11
+
+  api-server-2:
+    container_name: api-server-2
+    image: api-server
+    build:
+      context: ./apiserver
+      dockerfile: Dockerfile
+    ports:
+      - 5002:5000
+    networks:
+      lab-network:
+        ipv4_address: 10.5.0.12
+
+  nginx:
+    container_name: nginx
+    image: nginx-api-steering
+    build:
+      context: ./nginx
+      dockerfile: Dockerfile
+      secrets:
+        - nginx-crt
+        - nginx-key
+    ports:
+      # Clients access to published REST API
+      - 10080:80
+      # Admin access to NGINX Plus API and Dashboard
+      - 20080:8080
+    networks:
+      lab-network:
+        ipv4_address: 10.5.0.20
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/api.conf:/etc/nginx/conf.d/api.conf:ro
+      - ./nginx/steering.js:/etc/nginx/conf.d/steering.js:ro
+      - ./nginx/steering.conf-dockercompose:/etc/nginx/conf.d/steering.conf:ro
+      - /dev/null:/etc/nginx/conf.d/default.conf:ro
+
+secrets:
+  nginx-crt:
+    name: nginx-crt
+    file: ${NGINX_CERT}
+  nginx-key:
+    name: nginx-key
+    file: ${NGINX_KEY}
+
+networks:
+  lab-network:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 10.5.0.0/24
+          gateway: 10.5.0.1

NGINX-API-Steering/docker-compose.yaml

@@ -0,0 +1,9 @@
+{
+  "keys": [
+    {
+      "k":"ZmFudGFzdGljand0",
+      "kty":"oct",
+      "kid":"0001"
+    }
+  ]
+}