{"id":19736427,"url":"https://github.com/erda-project/hepa-operator","last_synced_at":"2025-02-27T21:44:42.935Z","repository":{"id":102993418,"uuid":"547716759","full_name":"erda-project/hepa-operator","owner":"erda-project","description":null,"archived":false,"fork":false,"pushed_at":"2023-02-25T01:33:24.000Z","size":240,"stargazers_count":1,"open_issues_count":3,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-01-10T19:02:21.951Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/erda-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-08T06:38:41.000Z","updated_at":"2022-10-11T06:54:08.000Z","dependencies_parsed_at":"2023-03-09T17:01:08.909Z","dependency_job_id":null,"html_url":"https://github.com/erda-project/hepa-operator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erda-project%2Fhepa-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erda-project%2Fhepa-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erda-project%2Fhepa-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erda-project%2Fhepa-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/erda-project","download_url":"https://codeload.github.com/erda-project/hepa-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241062575,"owners_count":19902914,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T01:07:08.210Z","updated_at":"2025-02-27T21:44:42.912Z","avatar_url":"https://github.com/erda-project.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hepa-operator\n\nThe Hepa Operator is a Kubernetes Operator, implemented using the kubebuilder scaffolding tool.\n\nHepa Operator is designed to abstract the reverse proxy of a cluster API gateway and the policies attached to the HTTP interface. Currently supported and intended gateway products are:\n\n- Aliyun MSE\n- Kong\n\n## Usage\n\nPrerequisite: K8s must be installed first. You can install K8s using tools such as [KIND](https://sigs.k8s.io/kind) or Docker Desktop.\n\n### Build and Deploy\n\n```sh\nmake release-completelty\n```\n\nA `release.yml` file is generated in the project root, which contains all the K8s resources needed to install Hepa Operator (including CRDs, Namespace, Deployment, Role, etc.).\n\n```sh\nmake apply\n```\n\nAll K8s resources of Hepa Operator will be created or updated.\n\n### Local Operation\n\n```sh\nmake manifest; make install; make run\n```\n\nto run locally.\n\n### Apply Samples\n\n```sh\nmake apply-samples\n```\n\nor \n\n```sh\nmake get-samples\n```\n\noutput:\n\n```shell\n[root@node-172016174045 hepa-operator]% make get-samples\nkubectl apply -f config/samples/_v1_hapi.yaml\nnamespace/hapi-operator-sample unchanged\ndeployment.apps/go-httpbin unchanged\nservice/go-httpbin unchanged\nconfigzone.hepa.erda.cloud/hapi-operator-sample unchanged\nhapi.hepa.erda.cloud/hapi-sample unchanged\n\nkubectl -n hapi-operator-sample get czr,hapi,ing,svc,deploy,pod\nNAME SCENE HOSTS HAPI_COUNT POLICIES PHASE\nconfigzone.hepa.erda.cloud/hapi-operator-sample 1 [\"AUTH\",\"SAFETYIP\"] OK\n\nNAME ENDPOINT REDIRECTTO POLICIES PHASE\nhapi.hepa.erda.cloud/hapi-sample hapi-sample.mse-daily.terminus.io/s baidu.com/s [\"SAFETYIP\",\"auth\"] OK\n\nNAME CLASS HOSTS ADDRESS PORTS AGE\ningress.networking.k8s.io/hapi-sample mse hapi-sample.mse-daily.terminus.io **.**.**.**,**.**.**.** 80, 443 9d\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/external-hapi-sample ExternalName \u003cnone\u003e baidu.com 80/TCP,443/TCP 10d\nservice/go-httpbin ClusterIP **.**.**.** \u003cnone\u003e 80/TCP 37d\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/go-httpbin 1/1 1 1 37d\n\nNAME READY STATUS RESTARTS AGE\npod/go-httpbin-68fdb87875-g7b8f 1/1 Running 0 11d\n```\n\n\n### Uninstallation\n\n```sh\nkubectl delete --ignore-not-found -f release.yml\n```\n\n### How it works ?\n\n```yaml\napiVersion: hepa.erda.cloud/v1\nkind: ConfigZone\nmetadata:\n name: hapi-operator-sample\n namespace: hapi-operator-sample\nspec: # spec describes some configuration information, which can be referenced by Hapi\n policy:\n auth:\n authType: hmac-auth\n switch: true\n safetyIP:\n blackListSourceRange: \"\"\n domainBlackListSourceRange: \"\"\n domainWhiteListSourceRange: \"\"\n ipType: x-peer-ip\n keyRateLimitingValue: 10 query_per_second\n switch: true\n whiteListSourceRange: 123.45.67.1/16,10.10.10.10\n```\n```yaml\napiVersion: hepa.erda.cloud/v1\nkind: Hapi\nmetadata:\n name: hapi-sample\n namespace: hapi-operator-sample\n labels:\n \"configZone\": \"hapi-operator-sample\" # ## referenced ConfigZone \n \"packageId\": \"c82396e5fc13ef7bbf6bc078502a21e4\" # ## custom labels\nspec: # spec describes the rules of the reverse proxy\n hosts: # # routed domains\n - hapi-sample.mse-daily.terminus.io\n path: /search # # routed path\n backend: # # backend describes forwarding rules\n redirectBy: url # ## redirectBy \"url\" for an external url or \"service\" for a k8s Service\n serviceName: go-httpbin # ## reverse-proxy to go-httpbin:80 in this namespace if redirectBy \"service\"\n servicePort: 80\n upstreamHost: baidu.com # ## reverse-proxy to baidu.com if redirectBy \"url\"\n rewriteTarget: /s # ## rewrite path from \"/search\" to \"/s\" while doing reverse-proxy\n policy: # # policy describes the route policy\n auth: # ## a policy named \"auth\"\n authType: sign-auth\n global: false # ## use the policy from the referenced ConfigZone if global=true\n switch: true # ## enable the policy if switch=true\n safetyIP:\n blackListSourceRange: \"\"\n domainBlackListSourceRange: \"\"\n domainWhiteListSourceRange: \"\"\n ipType: x-peer-ip\n keyRateLimitingValue: 12 query_per_second\n global: true\n switch: false\n whiteListSourceRange: 123.45.67.1/18\n```\n\nA reverse proxy rule is represented by defining a CRD called `Hapi`, which describes a reverse proxy rule and the policies attached to the rule.\n\nHepa-Operator listens to this CRD and controls some K8s API objects (e.g. Ingress, Service) and some external resources (e.g. Aliyun MSE Gateway Openapi, Kong Admin API) to implement the reverse proxy.\n\n```sh\n% kubectl -n hapi-operator-sample get czr,hapi,ing,svc\nNAME SCENE HOSTS HAPI_COUNT POLICIES PHASE\nconfigzone.hepa.erda.cloud/hapi-operator-sample 1 [\"AUTH\",\"SAFETYIP\"] OK\n\nNAME ENDPOINT REDIRECTTO POLICIES PHASE\nhapi.hepa.erda.cloud/hapi-sample hapi-sample.mse-daily.terminus.io/search baidu.com/s [\"SAFETYIP\",\"auth\"] OK\n\nNAME CLASS HOSTS ADDRESS PORTS AGE\ningress.networking.k8s.io/hapi-sample mse hapi-sample.mse-daily.terminus.io **.**.**.**,**.**.**.** 80, 443 9d\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/external-hapi-sample ExternalName \u003cnone\u003e baidu.com 80/TCP,443/TCP 10d\n```\n\nwhere `czr` is the short name of the ConfigZone (Config Zone Reference).\n\nThe print column of ConfigZone `HAPI_COUNT` indicates the count of HAPIs that reference this configuration;\n`POLICIES` indicates the list of policies enabled on this instance.\n\nThe print columns Hapi `ENDPOINT` and `REDIRECTTO` represent a pair of routing relationships,\nas in the example, that forwards requests for \"hapi-sample.mse-daily.terminus.io/search\" to \"baidu.com/s\";\n`POLICIES` indicates the list of policies enabled on the route, capitalization indicates a reference to the global policy, and lowerCamelCase indicates a local policy.\n\nHow does it implement this forwarding relationship ?\nWhen the gateway is adopted Aliyun MSE, for redirectBy \"service\", Hepa Operator will create an Ingress for reverse proxying to the Service;\nfor forwarding by url (as in this sample), Hepa Operator will first create an additional ExternalName Service, whose ExternalIP is the target domain,\nand then creates an Ingress for reverse proxying to the Service.\nWhen the gateway is adopted Kong, it will create an Ingress for reverse-proxying to Kong, and then creates Kong Service, Route and some other objects for reverse-proxying to the real back-end service.\n\n\u003e **implement by Aliyun MSE**\n![implement by Aliyun MSE](http://terminus-paas.oss-cn-hangzhou.aliyuncs.com/paas-doc/2022/10/10/bc9ef280-e3b1-4921-974a-0bbbcb45e18d.png)\n![legend](http://terminus-paas.oss-cn-hangzhou.aliyuncs.com/paas-doc/2022/10/10/aa1a2a79-2bb3-4887-8557-1ed70b70f604.png)\n\n\u003e **implement by Kong**\n![implement by Kong](http://terminus-paas.oss-cn-hangzhou.aliyuncs.com/paas-doc/2022/10/10/7a48f4f6-479f-4ab1-b56d-7338eb0fb6a4.png)\n![legend](http://terminus-paas.oss-cn-hangzhou.aliyuncs.com/paas-doc/2022/10/10/aa1a2a79-2bb3-4887-8557-1ed70b70f604.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferda-project%2Fhepa-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferda-project%2Fhepa-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferda-project%2Fhepa-operator/lists"}