Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into HEAD
Browse files Browse the repository at this point in the history
  • Loading branch information
M4tteoP committed Jan 8, 2024
2 parents 02e3cd3 + 51ef05a commit 7e50cc2
Show file tree
Hide file tree
Showing 15 changed files with 642 additions and 77 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ env:
TINYGO_VERSION: 0.30.0
# Run e2e tests against latest two releases and latest dev
ENVOY_IMAGES: >
envoyproxy/envoy:v1.28-latest
envoyproxy/envoy:v1.27-latest
envoyproxy/envoy:v1.26-latest
envoyproxy/envoy-dev:latest
istio/proxyv2:1.18.2
istio/proxyv2:1.19.0
istio/proxyv2:1.20.1
istio/proxyv2:1.19.5
jobs:
build:
Expand Down
12 changes: 8 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,10 @@ Targets:
```

### Building requirements

Building the filter requires:
- [Go](https://go.dev/doc/install)

- [Go](https://go.dev/doc/install)
- [TinyGo](https://tinygo.org/getting-started/install/)

Up to date required versions can be found looking at [`minGoVersion` and `tinygoMinorVersion` variables](./magefiles/magefile.go).
Expand Down Expand Up @@ -163,10 +165,12 @@ Envoy with the coraza-wasm filter will be reachable at `localhost:8080`.
The filter is configured with the CRS loaded working in Anomaly Scoring mode.
For details and locally tweaking the configuration refer to [@recommended-conf](./wasmplugin/rules/coraza.conf-recommended.conf) and [@crs-setup-conf](./wasmplugin/rules/crs-setup.conf.example).

In order to monitor envoy logs while performing requests you can run:
In order to individually monitor envoy logs while performing requests, in another terminal you can run:

- Envoy logs: `docker-compose -f ./example/envoy/docker-compose.yml logs -f envoy-logs`.
- Critical wasm (audit) logs: `docker-compose -f ./example/envoy/docker-compose.yml logs -f wasm-logs`

- Envoy logs: `docker-compose -f ./example/docker-compose.yml logs -f envoy-logs`.
- Critical wasm (audit) logs: `docker-compose -f ./example/docker-compose.yml logs -f wasm-logs`
The Envoy example comes also with a Grafana dashboard that can be accessed at `localhost:3000` (admin/admin) in order to monitor the memory consumption.

### Manual requests

Expand Down
4 changes: 4 additions & 0 deletions e2e/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ services:
command:
- -c
- /conf/envoy-config.yaml
- --service-cluster # required to export metrics
- envoy
- --service-node # required to export metrics
- envoy
volumes:
- ../build:/build
- .:/conf
Expand Down
24 changes: 23 additions & 1 deletion example/envoy/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,17 @@ services:
- --log-format [%Y-%m-%d %T.%f][%t][%l][%n] [%g:%#] %v
- --log-path
- /home/envoy/logs/envoy.log
- --service-cluster # required to export metrics
- envoy
- --service-node # required to export metrics
- envoy
volumes:
- ../../build:/build
- .:/conf
- logs:/home/envoy/logs:rw
ports:
- 8080:8080
- 8082:8082
- 8082:8082 # admin port (also for metrics)

envoy-logs:
depends_on:
Expand All @@ -61,5 +65,23 @@ services:
volumes:
- logs:/home/envoy/logs:ro

prometheus:
image: prom/prometheus
volumes:
- ./prometheus.yaml:/etc/prometheus.yaml
ports:
- "9090:9090"
command: "--config.file=/etc/prometheus.yaml"

grafana:
image: grafana/grafana
volumes:
- ./grafana/grafana.ini:/etc/grafana/grafana.ini
- ./grafana/datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml
- ./grafana/dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml
- ./grafana/dashboard.json:/etc/grafana/provisioning/dashboards/dashboard.json
ports:
- "3000:3000"

volumes:
logs:
2 changes: 1 addition & 1 deletion example/envoy/envoy-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ static_resources:
# A custom response header is added for e2e testing purposes. A local response, triggered by an interruption,
# has to allow custom added headers like this. See https://github.com/corazawaf/coraza-proxy-wasm/pull/172
response_headers_to_add:
- header:
- header:
key: "custom_header"
value: "custom_value"
virtual_hosts:
Expand Down
Loading

0 comments on commit 7e50cc2

Please sign in to comment.