File tree 12 files changed +322
-0
lines changed
test/fuzz/testdata/FuzzGatewayAPIToXDS
12 files changed +322
-0
lines changed Original file line number Diff line number Diff line change 1+ apiVersion: v1
2+ kind: Secret
3+ type: Opaque
4+ metadata:
5+ name: apikey-secret
6+ stringData:
7+ client1: supersecret
8+ ---
9+ apiVersion: gateway.envoyproxy.io/v1alpha1
10+ kind: SecurityPolicy
11+ metadata:
12+ name: apikey-auth-example
13+ spec:
14+ targetRefs:
15+ - group: gateway.networking.k8s.io
16+ kind: HTTPRoute
17+ name: backend
18+ apiKeyAuth:
19+ credentialRefs:
20+ - group: ""
21+ kind: Secret
22+ name: apikey-secret
23+ extractFrom:
24+ - headers:
25+ - x-api-key
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: SecurityPolicy
4+ metadata:
5+ name: basic-auth-example
6+ spec:
7+ targetRefs:
8+ - group: gateway.networking.k8s.io
9+ kind: HTTPRoute
10+ name: backend
11+ basicAuth:
12+ users:
13+ name: "basic-auth"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: SecurityPolicy
4+ metadata:
5+ name: cors-example
6+ spec:
7+ targetRefs:
8+ - group: gateway.networking.k8s.io
9+ kind: HTTPRoute
10+ name: backend
11+ cors:
12+ allowOrigins:
13+ - "http://*.foo.com"
14+ - "http://*.foo.com:80"
15+ allowMethods:
16+ - GET
17+ - POST
18+ allowHeaders:
19+ - "x-header-1"
20+ - "x-header-2"
21+ exposeHeaders:
22+ - "x-header-3"
23+ - "x-header-4"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.networking.k8s.io/v1
3+ kind: HTTPRoute
4+ metadata:
5+ name: myapp
6+ spec:
7+ parentRefs:
8+ - name: eg
9+ hostnames:
10+ - "www.example.com"
11+ rules:
12+ - matches:
13+ - path:
14+ type: PathPrefix
15+ value: /myapp
16+ backendRefs:
17+ - name: backend
18+ port: 3000
19+ ---
20+ apiVersion: gateway.envoyproxy.io/v1alpha1
21+ kind: SecurityPolicy
22+ metadata:
23+ name: ext-auth-example
24+ spec:
25+ targetRefs:
26+ - group: gateway.networking.k8s.io
27+ kind: HTTPRoute
28+ name: myapp
29+ extAuth:
30+ http:
31+ backendRefs:
32+ - name: http-ext-auth
33+ port: 9002
34+ headersToBackend: ["x-current-user"]
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: SecurityPolicy
4+ metadata:
5+ name: authorization-client-ip
6+ spec:
7+ targetRefs:
8+ - group: gateway.networking.k8s.io
9+ kind: HTTPRoute
10+ name: backend
11+ authorization:
12+ defaultAction: Deny
13+ rules:
14+ - action: Allow
15+ principal:
16+ clientCIDRs:
17+ - 10.0.1.0/24
18+ ---
19+ apiVersion: gateway.envoyproxy.io/v1alpha1
20+ kind: ClientTrafficPolicy
21+ metadata:
22+ name: enable-client-ip-detection
23+ spec:
24+ clientIPDetection:
25+ xForwardedFor:
26+ numTrustedHops: 1
27+ targetRefs:
28+ - group: gateway.networking.k8s.io
29+ kind: Gateway
30+ name: eg
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: SecurityPolicy
4+ metadata:
5+ name: jwt-example
6+ spec:
7+ targetRef:
8+ group: gateway.networking.k8s.io
9+ kind: HTTPRoute
10+ name: foo
11+ jwt:
12+ providers:
13+ - name: example
14+ remoteJWKS:
15+ backendRefs:
16+ - group: gateway.envoyproxy.io
17+ kind: Backend
18+ name: remote-jwks
19+ port: 443
20+ backendSettings:
21+ retry:
22+ numRetries: 3
23+ perRetry:
24+ backOff:
25+ baseInterval: 1s
26+ maxInterval: 5s
27+ retryOn:
28+ triggers: ["5xx", "gateway-error", "reset"]
29+ uri: https://foo.bar.com/jwks.json
30+ ---
31+ apiVersion: gateway.envoyproxy.io/v1alpha1
32+ kind: Backend
33+ metadata:
34+ name: remote-jwks
35+ spec:
36+ endpoints:
37+ - fqdn:
38+ hostname: foo.bar.com
39+ port: 443
40+ ---
41+ apiVersion: gateway.networking.k8s.io/v1alpha3
42+ kind: BackendTLSPolicy
43+ metadata:
44+ name: remote-jwks-btls
45+ spec:
46+ targetRefs:
47+ - group: gateway.envoyproxy.io
48+ kind: Backend
49+ name: remote-jwks
50+ sectionName: "443"
51+ validation:
52+ caCertificateRefs:
53+ - name: remote-jwks-server-ca
54+ group: ""
55+ kind: ConfigMap
56+ hostname: foo.bar.com
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: SecurityPolicy
4+ metadata:
5+ name: authorization-jwt-claim
6+ spec:
7+ targetRefs:
8+ - group: gateway.networking.k8s.io
9+ kind: HTTPRoute
10+ name: backend
11+ jwt:
12+ providers:
13+ - name: example
14+ issuer: https://foo.bar.com
15+ remoteJWKS:
16+ uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json
17+ authorization:
18+ defaultAction: Deny
19+ rules:
20+ - name: "allow"
21+ action: Allow
22+ principal:
23+ jwt:
24+ provider: example
25+ scopes: ["read", "add", "modify"]
26+ claims:
27+ - name: user.name
28+ values: ["John Doe"]
29+ - name: user.roles
30+ valueType: StringArray
31+ values: ["admin"]
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.envoyproxy.io/v1alpha1
3+ kind: ClientTrafficPolicy
4+ metadata:
5+ name: enable-mtls
6+ namespace: default
7+ spec:
8+ targetRefs:
9+ - group: gateway.networking.k8s.io
10+ kind: Gateway
11+ name: eg
12+ tls:
13+ clientValidation:
14+ caCertificateRefs:
15+ - kind: "Secret"
16+ group: ""
17+ name: "example-ca-cert"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.networking.k8s.io/v1
3+ kind: GatewayClass
4+ metadata:
5+ name: eg
6+ spec:
7+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
8+ parametersRef:
9+ group: gateway.envoyproxy.io
10+ kind: EnvoyProxy
11+ name: custom-proxy-config
12+ namespace: envoy-gateway-system
13+ ---
14+ apiVersion: gateway.envoyproxy.io/v1alpha1
15+ kind: EnvoyProxy
16+ metadata:
17+ name: custom-proxy-config
18+ namespace: envoy-gateway-system
19+ spec:
20+ backendTLS:
21+ clientCertificateRef:
22+ kind: Secret
23+ name: example-client-cert
24+ namespace: envoy-gateway-system
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.networking.k8s.io/v1
3+ kind: HTTPRoute
4+ metadata:
5+ name: myapp
6+ spec:
7+ parentRefs:
8+ - name: eg
9+ hostnames: ["www.example.com"]
10+ rules:
11+ - matches:
12+ - path:
13+ type: PathPrefix
14+ value: /myapp
15+ backendRefs:
16+ - name: backend
17+ port: 3000
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: gateway.networking.k8s.io/v1
3+ kind: HTTPRoute
4+ metadata:
5+ name: myapp
6+ spec:
7+ parentRefs:
8+ - name: eg
9+ hostnames: ["www.example.com"]
10+ rules:
11+ - matches:
12+ - path:
13+ type: PathPrefix
14+ value: /myapp
15+ backendRefs:
16+ - name: backend
17+ port: 3000
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion: v1
3+ kind: Service
4+ metadata:
5+ labels:
6+ app: backend
7+ service: backend
8+ name: tls-backend
9+ namespace: default
10+ spec:
11+ selector:
12+ app: backend
13+ ports:
14+ - name: https
15+ port: 443
16+ protocol: TCP
17+ targetPort: 8443
18+ ---
19+ apiVersion: gateway.networking.k8s.io/v1alpha3
20+ kind: BackendTLSPolicy
21+ metadata:
22+ name: enable-backend-tls
23+ namespace: default
24+ spec:
25+ targetRefs:
26+ - group: ''
27+ kind: Service
28+ name: tls-backend
29+ sectionName: https
30+ validation:
31+ caCertificateRefs:
32+ - name: example-ca
33+ group: ''
34+ kind: ConfigMap
35+ hostname: www.example.com
You can’t perform that action at this time.
0 commit comments