Last active
November 29, 2016 08:12
-
-
Save mandarjog/243be9e1887fcb5598f2761edf8b112f to your computer and use it in GitHub Desktop.
ServerConfig WIP1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# vim: ts=2:sw=2 | |
version: "2202" | |
owner: cluster_admin | |
cluster: | |
rules: | |
# selector * can be omitted | |
# for particular selector downstream | |
- selector: "*" | |
aspects: | |
factProviders: | |
# fact Providers extract facts from | |
# request and environment and | |
# make it available to processing downstream | |
- kind: defaultProvider | |
# extracts well known facts from request such as | |
# src.IP, src.NAME etc | |
- kind: k8sProvider | |
# extracts k8s specific info | |
# All downstream providers may add new facts or update | |
# existing facts | |
inputMappers: | |
# input Mappers use facts provided by factProviders | |
# to map into the input space of adapters | |
- kind: defaultMapper | |
id: defaultMapper | |
# defines a mapping syntax | |
# as follows | |
- kind: defaultMapper | |
id: ipMapper-defaultMapper | |
inputs: [ "src.ip", "src.clientID" ] | |
mapping: | |
source: src.ip || src.clientID | |
adapters: | |
# defines the available adapters along with config | |
# defines how adapters are instantiated | |
# Q should they be typed | |
# subtypes? logging, monitorting, stats etc? | |
# multiple implementations of statsd? | |
report: | |
- kind: statsd | |
id: statsd-slow | |
params: | |
addr: "statsd:8125" | |
- kind: statsd | |
id: statsd-fast | |
params: | |
addr: "statsdfast:8125" | |
- kind: prometheus | |
- kind: aws/cloudwatchmetrics | |
- kind: mixologist.io/consumers/logsAdapter | |
params: | |
usedefault: true | |
backends: | |
- mixologist.io/loggers/glog | |
- logging.googleapis.com/v2beta1/ | |
- aws/cloudwatchlogs | |
check: | |
- kind: ipwhitelist | |
id: ipwhitelist | |
params: | |
provider_url: http://mywhitelist | |
- kind: genericwhitelist | |
# checks the source name against | |
# a list of regex expressions | |
id: namewhitelist | |
# defines white list that checks if source | |
# is app1 from ns1 or ns2 namespaces | |
params: | |
whitelist: ["ns1.*.app1", "ns2.*.app1"] | |
server: | |
rules: | |
- selector: target.name == "*" | |
aspects: | |
report: | |
- ref: statsd-slow | |
- ref: prometheus | |
check: | |
- ref: ipwhitelist | |
mapper: ipMapper-defaultMapper | |
- ref: namewhitelist | |
mapper: defaultMapper | |
inputs: [src.serviceid, src.podname] | |
mapping: | |
source: src.serviceid || src.podname | |
- selector: target.name == "Service.Inventory.1" | |
aspects: | |
quota: | |
- ref: ratelimiter | |
id: ratelimiter-region-user | |
mapper: defaultMapper | |
inputs: [target.region, src.user] | |
params: | |
limits: | |
- key: region=${target.region};user=${src.user} | |
rate: 100/s | |
- key: region=${target.region} | |
rate: 1000/s | |
report: | |
# everything same except replace adapter of kind statsd with | |
# statsd-fast | |
- ref: statsd-fast | |
oprn: replace # add(default)| remove | replace | |
oprn-selector: kind==statsd # can be wildcard | |
rules: | |
- selector: src.name == "Service.Shipping.1" | |
aspects: | |
quota: | |
- ref: ratelimiter-region-user | |
params: | |
limits: | |
- key: region=${target.region};user=${src.user} | |
rate: 1000/s | |
- key: region=${target.region} | |
rate: 10000/s | |
- selector: src.name == "purchases.demo" | |
aspects: | |
check: | |
- kind: block | |
params: | |
message: access denied by policy | |
client: | |
rules: | |
- selector: src.name == "Service.Shipping.1" | |
rules: | |
- selector: target.name == "Service.Inventory.1" | |
aspects: | |
quota: | |
- ref: ratelimiter-region-user | |
params: | |
limits: | |
- key: region=${target.region};user=${src.user} | |
rate: 50/s | |
- key: region=${target.region} | |
rate: 500/s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment