diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index 71fd47c..0000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,93 +0,0 @@ -name: Integration Tests -on: - workflow_dispatch: - pull_request: - branches: - - main - paths: - - '.github/workflows/test.yaml' - - 'src/manifests/**.yaml' - - 'api-management/**.yaml' - - 'api-gateway/**.yaml' - - 'tests/**.go' - -env: - API_TOKEN: ${{ secrets.API_TOKEN }} - PLATFORM_URL: ${{ secrets.PLATFORM_URL }} - ADMIN_TOKEN: ${{ secrets.ADMIN_TOKEN }} - EXTERNAL_TOKEN: ${{ secrets.EXTERNAL_TOKEN }} - DOCKER_NON_INTERACTIVE: true - LOG_LEVEL: info -jobs: - walkthrough: - runs-on: buildjet-2vcpu-ubuntu-2204 - steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Go - uses: actions/setup-go@v5 - with: - go-version-file: tests/go.mod - cache-dependency-path: tests/go.sum - - name: docker hub login - uses: docker/login-action@v3 - with: - username: traefiker - password: ${{ secrets.TRAEFIKER_DOCKERHUB_TOKEN }} - - name: run tests - working-directory: tests - run: make test-walkthrough - apigateway: - runs-on: buildjet-2vcpu-ubuntu-2204 - steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Go - uses: actions/setup-go@v5 - with: - go-version-file: tests/go.mod - cache-dependency-path: tests/go.sum - - name: docker hub login - uses: docker/login-action@v3 - with: - username: traefiker - password: ${{ secrets.TRAEFIKER_DOCKERHUB_TOKEN }} - - name: run tests - working-directory: tests - run: make test-apigw - apimanagement: - runs-on: buildjet-2vcpu-ubuntu-2204 - steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Go - uses: actions/setup-go@v5 - with: - go-version-file: tests/go.mod - cache-dependency-path: tests/go.sum - - name: docker hub login - uses: docker/login-action@v3 - with: - username: traefiker - password: ${{ secrets.TRAEFIKER_DOCKERHUB_TOKEN }} - - name: run tests - working-directory: tests - run: make test-apim - testhelpers: - runs-on: buildjet-2vcpu-ubuntu-2204 - steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Go - uses: actions/setup-go@v5 - with: - go-version-file: tests/go.mod - cache-dependency-path: tests/go.sum - - name: docker hub login - uses: docker/login-action@v3 - with: - username: traefiker - password: ${{ secrets.TRAEFIKER_DOCKERHUB_TOKEN }} - - name: run tests - working-directory: tests - run: make test-testhelpers diff --git a/api-gateway/1-getting-started/README.md b/api-gateway/1-getting-started/README.md index 95eb12d..281ca00 100644 --- a/api-gateway/1-getting-started/README.md +++ b/api-gateway/1-getting-started/README.md @@ -1,3 +1,14 @@ +--- +description: 'Traefik Hub API Gateway Quick Start - Publish your first APIs using CRDs.' +id: 'getting-started' +sidebar_label: 'Getting Started' +tags: +- API +- Kubernetes +- GitOps +- API Gateway +--- + # Getting Started Traefik Hub API Gateway is cloud-native and multi-platform. @@ -7,9 +18,21 @@ We can start: 1. on [Kubernetes](#on-kubernetes) 2. on [Linux](#on-linux) +## Pre-requisites + +- A Traefik Hub account and [license](https://doc.traefik.io/traefik-hub/legal/licensing). +- [Helm](https://helm.sh/) installed. +- Allow outgoing requests to api.traefik.io on HTTPS ports (TCP/443). + ## On Kubernetes -For this tutorial, we deploy Traefik Hub API Gateway on a [k3d](https://k3d.io/) cluster. It's possible to use alternatives such as [kind](https://kind.sigs.k8s.io), cloud providers, and others. +For this tutorial, we deploy Traefik Hub API Gateway on a Kubernetes cluster using k3s. It's possible to use alternatives such as [kind](https://kind.sigs.k8s.io), [k3d](https://k3d.io/), +[k3s](https://k3s.io/) cloud providers, and others. + +:::warning +It's important to disable the built-in Traefik ingress for [k3d](https://k3d.io/v5.3.0/design/concepts/#example) and [k3s](https://docs.k3s.io/networking/networking-services#traefik-ingress-controller) +clusters to avoid possible conflicts. Refer to their documentation to see how to disable it. +::: First, clone the GitHub repository dedicated to tutorials: @@ -18,13 +41,29 @@ git clone https://github.com/traefik/hub.git cd hub ``` -### Create a Kubernetes cluster using k3d +### Create a Kubernetes Cluster Using k3s + +Before you begin, ensure that any existing Kubernetes cluster is fully uninstalled to prevent potential conflicts during the K3s installation. ```shell -k3d cluster create traefik-hub --port 80:80@loadbalancer --port 443:443@loadbalancer --port 8000:8000@loadbalancer --k3s-arg "--disable=traefik@server:0" +curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable traefik" sh - ``` -### Create a Kubernetes cluster using kind +:::info + +In the command above, we deploy K3s using its official installation [script](https://get.k3s.io/) and pass configuration options through environment variables, which are applied to the +K3s service configuration: + +- Additional utilities will be installed, including `kubectl`, `crictl`, `ctr`, `k3s-killall.sh`, and `k3s-uninstall.sh`. +- K3S_KUBECONFIG_MODE="644" lets non-root users run kubectl. The kubeconfig file will be written in /etc/rancher/k3s/k3s.yaml. The installed kubectl will automatically use it. +- INSTALL_K3S_EXEC="--disable traefik" disables the built-in Traefik to avoid conflicts. + +Note: This configuration is intended for demonstration purposes only. It is not recommended for production environments. +For more advanced configuration options, refer to the official K3s documentation: [K3s Configuration](https://docs.k3s.io/installation/configuration) + +::: + +### Alternative option: Create a Kubernetes Cluster Using kind kind requires some configuration to use an IngressController on localhost. See the following example: @@ -55,89 +94,87 @@ kubectl cluster-info kubectl wait --for=condition=ready nodes traefik-hub-control-plane ``` -And add a load balancer (LB) to it: - -```shell -kubectl apply -f src/kind/metallb-native.yaml -kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s -kubectl apply -f src/kind/metallb-config.yaml -``` - ### Step 1: Install Traefik Hub API Gateway -Log in to the [Traefik Hub Online Dashboard](https://hub.traefik.io), open the page to [generate a new agent](https://hub.traefik.io/agents/new). +Log in to the [Traefik Hub Online Dashboard](https://hub.traefik.io), navigate to the **Gateways** page to [create a new gateway](https://hub.traefik.io/gateways/new). -**:warning: Do not install the agent, but copy the token.** +Click on Quick getting started instruction and select Kubernetes option. -Open a terminal and run the following commands to create the required secret. +Copy the content of 'Configuration' box. -```shell -export TRAEFIK_HUB_TOKEN= -``` +Open a terminal and run the copied commands to install Traefik Hub using Helm. -```shell -kubectl create namespace traefik -kubectl create secret generic traefik-hub-license --namespace traefik --from-literal=token=$TRAEFIK_HUB_TOKEN -``` - -Install Traefik Hub API Gateway using Helm: +For example: ```shell # Add the Helm repository helm repo add --force-update traefik https://traefik.github.io/charts -# Install the Helm chart -helm install traefik -n traefik --wait \ - --version v34.4.1 \ + +# Install the Ingress Controller +kubectl create namespace traefik +kubectl create secret generic traefik-hub-license --namespace traefik --from-literal=token= +helm upgrade --install --namespace traefik traefik traefik/traefik \ --set hub.token=traefik-hub-license \ - --set ingressClass.enabled=false \ - --set ingressRoute.dashboard.enabled=true \ - --set ingressRoute.dashboard.matchRule='Host(`dashboard.docker.localhost`)' \ - --set ingressRoute.dashboard.entryPoints={web} \ --set image.registry=ghcr.io \ --set image.repository=traefik/traefik-hub \ - --set image.tag=v3.14.1 \ - --set ports.web.nodePort=30000 \ - --set ports.websecure.nodePort=30001 \ - traefik/traefik + --set image.tag=latest-v3 ``` -**If** Traefik Hub API Gateway is **already** installed, we can instead upgrade the Traefik Hub API Gateway instance: +The following will be displayed in your terminal after running the commands: + +```shell +"traefik" has been added to your repositories +namespace/traefik created +secret/traefik-hub-license created +Release "traefik" does not exist. Installing it now. +NAME: traefik +LAST DEPLOYED: Mon Aug 12 20:00:00 2024 +NAMESPACE: traefik +STATUS: deployed +REVISION: 1 +TEST SUITE: None +NOTES: +traefik with ghcr.io/traefik/traefik-hub:v3.17.3 has been deployed successfully on traefik namespace ! +``` + +**If** Traefik Hub API Gateway is **already** installed, copy the new token generated from the gateway creation page and use it to generate the `traefik-hub-license` secret : + +```shell +export TRAEFIK_HUB_TOKEN= +``` + +```shell +kubectl create secret generic traefik-hub-license --namespace traefik --from-literal=token=$TRAEFIK_HUB_TOKEN +``` + +Next, upgrade Traefik helm chart: ```shell # Upgrade CRDs kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/ # Update the Helm repository helm repo update +#Create the traefik-hub-license secret +kubectl create secret generic traefik-hub-license --namespace traefik --from-literal=token=$TRAEFIK_HUB_TOKEN # Upgrade the Helm chart -helm upgrade traefik -n traefik --wait \ - --version v34.4.1 \ +helm upgrade traefik -n traefik --wait traefik/traefik \ --set hub.token=traefik-hub-license \ - --set ingressClass.enabled=false \ - --set ingressRoute.dashboard.enabled=true \ - --set ingressRoute.dashboard.matchRule='Host(`dashboard.docker.localhost`)' \ - --set ingressRoute.dashboard.entryPoints={web} \ --set image.registry=ghcr.io \ --set image.repository=traefik/traefik-hub \ - --set image.tag=v3.14.1 \ - --set ports.web.nodePort=30000 \ - --set ports.websecure.nodePort=30001 \ - traefik/traefik + --set image.tag=latest-v3 \ ``` -Now, we can access the local dashboard: http://dashboard.docker.localhost/ - ### Step 2: Deploy an API as an Ingress Without Traefik Hub API Gateway, an API can be deployed as an `Ingress`, an `IngressRoute` or an `HTTPRoute`. -In this tutorial, APIs are implemented using a JSON server in Go; the source code is [here](../../src/api-server/). +In this tutorial, APIs are implemented using a JSON server in Go; the source code is [here](https://github.com/traefik/hub/blob/main/src/api-server/). -Let's deploy a [weather app](../../src/manifests/weather-app.yaml) exposing an API. +Let's deploy a [weather app](https://github.com/traefik/hub/blob/main/src/manifests/weather-app.yaml) exposing an API. ```shell -kubectl apply -f src/manifests/apps-namespace.yaml kubectl apply -f src/manifests/weather-app.yaml ``` @@ -154,7 +191,7 @@ configmap/weather-app-openapispec created It can be exposed with an `IngressRoute`: -```yaml :manifests/weather-app-ingressroute.yaml +```yaml --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute @@ -165,7 +202,7 @@ spec: entryPoints: - web routes: - - match: Host(`getting-started.apigateway.docker.localhost`) && PathPrefix(`/weather`) + - match: Host(`localhost`) && PathPrefix(`/weather`) kind: Rule services: - name: weather-app @@ -178,6 +215,8 @@ spec: kubectl apply -f api-gateway/1-getting-started/manifests/weather-app-ingressroute.yaml ``` +After applying the resources, it creates the `IngressRoute` resource: + ```shell ingressroute.traefik.io/getting-started-apigateway created ``` @@ -185,7 +224,7 @@ ingressroute.traefik.io/getting-started-apigateway created This API can be accessed using curl: ```shell -curl http://getting-started.apigateway.docker.localhost/weather +curl http://localhost/weather | jq ``` ```json @@ -200,76 +239,70 @@ curl http://getting-started.apigateway.docker.localhost/weather Let's secure the weather API with an API Key. -Generate the hash of our password. It can be done with `htpasswd` : +First, we need to generate a password hash before proceeding. This can be done with `htpasswd`. It's usually contained in the `apache2-utils` package on various systems (e.g., Ubuntu, Debian) +if you don't have it already. ```shell htpasswd -nbs "" "Let's use API Key with Traefik Hub" | cut -c 2- -{SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU= ``` +It should output a hash similar to this: + ```shell {SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU= ``` -Put this hash in the API Key `Middleware`: - -```diff :../../hack/diff.sh -r -a "manifests/weather-app-ingressroute.yaml manifests/weather-app-apikey.yaml" ---- manifests/weather-app-ingressroute.yaml -+++ manifests/weather-app-apikey.yaml -@@ -1,17 +1,42 @@ - --- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: getting-started-apigateway-apikey-auth -+ namespace: apps -+stringData: -+ secretKey: "{SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU=" -+ -+--- -+apiVersion: traefik.io/v1alpha1 -+kind: Middleware -+metadata: -+ name: getting-started-apigateway-apikey-auth -+ namespace: apps -+spec: -+ plugin: -+ apiKey: -+ keySource: -+ header: Authorization -+ headerAuthScheme: Bearer -+ secretValues: -+ - urn:k8s:secret:getting-started-apigateway-apikey-auth:secretKey -+ -+--- - apiVersion: traefik.io/v1alpha1 - kind: IngressRoute - metadata: -- name: getting-started-apigateway -+ name: getting-started-apigateway-api-key - namespace: apps - spec: - entryPoints: - - web - routes: -- - match: Host(`getting-started.apigateway.docker.localhost`) && PathPrefix(`/weather`) -+ - match: Host(`getting-started.apigateway.docker.localhost`) && PathPrefix(`/api-key`) - kind: Rule - services: - - name: weather-app - port: 3000 - middlewares: -- - name: stripprefix-weather -+ - name: stripprefix-weather -+ - name: getting-started-apigateway-apikey-auth -``` +Next, store this hash in a `Secret` for the API Key `Middleware` and create a new `IngressRoute`: -Let's apply it: +```yaml +cat <<'EOF' | kubectl apply -f - +--- +apiVersion: v1 +kind: Secret +metadata: + name: getting-started-apigateway-apikey-auth + namespace: apps +stringData: + secretKey: "{SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU=" # Generated API secretKey -```shell -kubectl apply -f api-gateway/1-getting-started/manifests/weather-app-apikey.yaml +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: getting-started-apigateway-apikey-auth + namespace: apps +spec: + plugin: + apiKey: + keySource: + header: Authorization + headerAuthScheme: Bearer + secretValues: + - urn:k8s:secret:getting-started-apigateway-apikey-auth:secretKey + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: getting-started-apigateway-api-key + namespace: apps +spec: + entryPoints: + - web + routes: + - match: Host(`localhost`) && PathPrefix(`/api-key`) + kind: Rule + services: + - name: weather-app + port: 3000 + middlewares: + - name: stripprefix-weather + - name: getting-started-apigateway-apikey-auth +EOF ``` +After applying the resources, it creates the `Secret`, `Middleware`, and `IngressRoute` resources: + ```shell secret/getting-started-apigateway-apikey-auth created middleware.traefik.io/getting-started-apigateway-apikey-auth created @@ -280,11 +313,11 @@ And test it: ```shell # This call is not authorized => 401 -curl -i http://getting-started.apigateway.docker.localhost/api-key/weather +curl -i http://localhost/api-key/weather # Let's set the API key export API_KEY=$(echo -n "Let's use API Key with Traefik Hub" | base64) # This call with the token is allowed => 200 -curl -i -H "Authorization: Bearer $API_KEY" http://getting-started.apigateway.docker.localhost/api-key/weather +curl -i -H "Authorization: Bearer $API_KEY" http://localhost/api-key/weather ``` The API is now secured. @@ -294,9 +327,11 @@ The API is now secured. This tutorial will show how to use Traefik Hub API Gateway on Linux using a shell command (for simplicity). In production, we recommend using Infra-as-Code or even GitOps. -:information_source: We will use a Debian Linux in this tutorial. +:::info +We will use a Debian Linux in this tutorial. +::: -First, clone this GitHub repository: +First, clone the GitHub repository dedicated to tutorials: ```shell git clone https://github.com/traefik/hub.git @@ -309,11 +344,12 @@ Get the Traefik Hub API Gateway binary: ```shell # Download the binary -curl -L https://github.com/traefik/hub/releases/download/v3.0.1/traefik-hub_v3.0.1_linux_amd64.tar.gz -o /tmp/traefik-hub.tar.gz -tar xvzf /tmp/traefik-hub.tar.gz -C /tmp traefik-hub +LATEST_VERSION=$(curl -s https://api.github.com/repos/traefik/hub/releases/latest | grep 'tag_name' | cut -d '"' -f 4) +curl -L "https://github.com/traefik/hub/releases/download/$LATEST_VERSION/traefik-hub_${LATEST_VERSION}_linux_amd64.tar.gz" -o /tmp/traefik-hub.tar.gz +tar xvzf /tmp/traefik-hub.tar.gz -C /tmp traefik-hub-linux-amd64 rm -f /tmp/traefik-hub.tar.gz # Install the binary with the required rights -sudo mv traefik-hub /usr/local/bin/traefik-hub +sudo mv /tmp/traefik-hub-linux-amd64 /usr/local/bin/traefik-hub sudo chown root:root /usr/local/bin/traefik-hub sudo chmod 755 /usr/local/bin/traefik-hub # Give the Traefik Hub binary ability to bind privileged ports like 80 or 443 as non-root @@ -324,7 +360,7 @@ Create the config resources: ```shell # Create a user -sudo groupadd ---system traefik-hub +sudo groupadd --system traefik-hub sudo useradd \ -g traefik-hub --no-user-group \ --home-dir /var/www --no-create-home \ @@ -339,9 +375,11 @@ sudo touch /var/log/traefik-hub.log sudo chown traefik-hub:traefik-hub /var/log/traefik-hub.log ``` -Log in to the [Traefik Hub Online Dashboard](https://hub.traefik.io), open the page to [generate a new gateway](https://hub.traefik.io/agents/new). +Log in to the [Traefik Hub Online Dashboard](https://hub.traefik.io), open the page to [generate a new gateway](https://hub.traefik.io/gateways/new). -**:warning: Do not install the gateway, but copy the token.** +:::warning +Do not install the gateway, but copy the token. +::: Export your token: @@ -349,7 +387,7 @@ Export your token: export TRAEFIK_HUB_TOKEN=SET_YOUR_TOKEN_HERE ``` -With this token, we can add a [static configuration file](linux/traefik-hub.toml) for Traefik Hub API Gateway and a [systemd service](linux/traefik-hub.service): +With this token, we can add a [static configuration file](https://github.com/traefik/hub/blob/main/api-gateway/1-getting-started/linux/traefik-hub.toml) for Traefik Hub API Gateway and a [systemd service](https://github.com/traefik/hub/blob/main/api-gateway/1-getting-started/linux/traefik-hub.service): ```shell sudo cp api-gateway/1-getting-started/linux/traefik-hub.toml /etc/traefik-hub/traefik-hub.toml @@ -383,17 +421,19 @@ sudo systemctl status traefik-hub.service ### Step 2: Expose an API -:information_source: On Linux, we can use all the providers supported by Traefik Proxy and Traefik Hub API Gateway. +:::info +On Linux, we can use all the providers supported by Traefik Proxy and Traefik Hub API Gateway. +::: In this example, we'll set a configuration using a YAML file. We will deploy a _whoami_ application on systemd and reach it from Traefik Proxy. ```shell # Install whoami -curl -L https://github.com/traefik/whoami/releases/download/v1.10.2/whoami_v1.10.2_linux_amd64.tar.gz -o /tmp/whoami.tar.gz +curl -L https://github.com/traefik/whoami/releases/download/v1.11.0/whoami_v1.11.0_linux_amd64.tar.gz -o /tmp/whoami.tar.gz tar xvzf /tmp/whoami.tar.gz -C /tmp whoami rm -f /tmp/whoami.tar.gz -sudo mv whoami /usr/local/bin/whoami +sudo mv /tmp/whoami /usr/local/bin/whoami sudo chown root:root /usr/local/bin/whoami sudo chmod 755 /usr/local/bin/whoami # Create a user for whoami @@ -405,7 +445,7 @@ sudo useradd \ --system whoami ``` -Enable this app with a [systemd unit file](linux/whoami.service): +Enable this app with a [systemd unit file](https://github.com/traefik/hub/blob/main/api-gateway/1-getting-started/linux/whoami.service): ```shell sudo cp api-gateway/1-getting-started/linux/whoami.service /etc/systemd/system/whoami.service @@ -439,7 +479,7 @@ User-Agent: curl/7.88.1 Accept: */* ``` -Now, add a [dynamic configuration file](linux/whoami.yaml) to expose it through Traefik Hub API Gateway. +Now, add a [dynamic configuration file](https://github.com/traefik/hub/blob/main/api-gateway/1-getting-started/linux/whoami.yaml) to expose it through Traefik Hub API Gateway. Let's apply this tutorial configuration and test it: @@ -476,11 +516,17 @@ X-Forwarded-Server: ip-172-31-26-184 X-Real-Ip: 127.0.0.1 ``` -### Step 3: Secure the access using an API Key +### Step 3: Secure The Access Using an API Key Let's secure the access with an API Key. -Generate hash of our password. It can be done with `htpasswd` : +Next, we need to generate a password hash before proceeding. This can be done with `htpasswd`. It's usually contained in the `apache2-utils` package on various systems (e.g., Ubuntu, Debian) +if you don't have it already. Example in Debian: + +```shell +sudo apt update +sudo apt install apache2-utils -y +``` ```shell htpasswd -nbs "" "Let's use API Key with Traefik Hub" | cut -c 2- @@ -493,27 +539,29 @@ htpasswd -nbs "" "Let's use API Key with Traefik Hub" | cut -c 2- Put this password in the API Key middleware: -```diff :../../hack/diff.sh -r -a "-Nau ../../api-gateway/1-getting-started/linux/whoami.yaml ../../api-gateway/1-getting-started/linux/whoami-apikey.yaml" ---- ../../api-gateway/1-getting-started/linux/whoami.yaml -+++ ../../api-gateway/1-getting-started/linux/whoami-apikey.yaml -@@ -3,6 +3,17 @@ - whoami: - rule: Host(`whoami.localhost`) - service: local -+ middlewares: -+ - apikey-auth -+ -+ middlewares: -+ apikey-auth: -+ plugin: -+ apikey: -+ keySource: -+ header: Authorization -+ headerAuthScheme: Bearer -+ secretValues: "{SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU=" - - services: - local: +```yaml showLineNumbers {16} +http: + routers: + whoami: + rule: Host(`whoami.localhost`) + service: local + middlewares: + - apikey-auth + + middlewares: + apikey-auth: + plugin: + apiKey: + keySource: + header: Authorization + headerAuthScheme: Bearer + secretValues: "{SHA}dhiZGvSW60OMQ+J6hPEyJ+jfUoU=" + + services: + local: + loadBalancer: + servers: + - url: http://localhost:3000 ``` Let's apply it: @@ -536,7 +584,7 @@ curl -I -H "Authorization: Bearer $API_KEY" http://whoami.localhost The API is now secured. -## Docker providers +## Docker Providers We can also use the docker provider. You may have noticed that we already enabled it in the static configuration. @@ -554,10 +602,10 @@ sudo usermod -aG docker traefik-hub sudo systemctl restart traefik-hub.service ``` -Now we can test the service with a [docker compose](linux/docker-compose.yaml) file: +Now we can test the service with a [docker compose](https://github.com/traefik/hub/blob/main/api-gateway/1-getting-started/linux/docker-compose.yaml) file: ```shell -sudo docker-compose -f $(pwd)/api-gateway/1-getting-started/linux/docker-compose.yaml up -d +sudo docker compose -f $(pwd)/api-gateway/1-getting-started/linux/docker-compose.yaml up -d ``` Since we already enabled the docker provider in Traefik Hub API Gateway configuration, we should now be able to curl it: @@ -583,3 +631,9 @@ X-Forwarded-Proto: http X-Forwarded-Server: ip-172-31-26-184 X-Real-Ip: 127.0.0.1 ``` + +## Related Content + +- See how to secure your API with a [JWT token](./secure/middleware/jwt.md) +- See how to secure the [Traefik Hub API Gateway's dashboard](./secure/middleware/api.md). +- See how to secure your API access using [OIDC](./secure/middleware/oidc.md "Link to documentation about how to enable OIDC in Traefik Hub API Gateway"). diff --git a/api-gateway/1-getting-started/linux/whoami-apikey.yaml b/api-gateway/1-getting-started/linux/whoami-apikey.yaml index 3399b37..e8eaa62 100644 --- a/api-gateway/1-getting-started/linux/whoami-apikey.yaml +++ b/api-gateway/1-getting-started/linux/whoami-apikey.yaml @@ -9,7 +9,7 @@ http: middlewares: apikey-auth: plugin: - apikey: + apiKey: keySource: header: Authorization headerAuthScheme: Bearer diff --git a/api-gateway/1-getting-started/manifests/weather-app-ingressroute.yaml b/api-gateway/1-getting-started/manifests/weather-app-ingressroute.yaml index 149b498..f4a63f4 100644 --- a/api-gateway/1-getting-started/manifests/weather-app-ingressroute.yaml +++ b/api-gateway/1-getting-started/manifests/weather-app-ingressroute.yaml @@ -8,7 +8,7 @@ spec: entryPoints: - web routes: - - match: Host(`getting-started.apigateway.docker.localhost`) && PathPrefix(`/weather`) + - match: Host(`localhost`) && PathPrefix(`/weather`) kind: Rule services: - name: weather-app diff --git a/src/manifests/apps-namespace.yaml b/src/manifests/apps-namespace.yaml deleted file mode 100644 index fd6e0f9..0000000 --- a/src/manifests/apps-namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: apps diff --git a/src/manifests/weather-app.yaml b/src/manifests/weather-app.yaml index c7854ab..5b98c09 100644 --- a/src/manifests/weather-app.yaml +++ b/src/manifests/weather-app.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apps + --- apiVersion: v1 kind: ConfigMap