Пример общей конфигурации для Web-интерфейса Kintsugi: iam-config.yaml#

kintsugi.common.conf: |-
  proxy_pass_request_headers on;
  proxy_set_header Authorization $http_authorization;
  proxy_ssl_verify off;

  proxy_read_timeout 120s;
  proxy_connect_timeout 120s;
kintsugi.server.conf: |-
  location / {
      return 301 /frontend/;
  }
  location /sockets/database/terminal {
    proxy_pass_request_headers off;
    proxy_set_header Authorization $http_authorization;
    proxy_ssl_verify off;
    set $ingress_terminal terminal-kintsugi.example.test;
    proxy_ssl_name $ingress_terminal;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_terminal;

    proxy_http_version 1.1;
    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $ingress_terminal;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header iv-user $http_iv_user;
  }
  location /sockets/database/structure {
    proxy_pass_request_headers off;
    proxy_set_header Authorization $http_authorization;
    proxy_ssl_verify off;
    set $ingress_backend backend-kintsugi.example.test;
    proxy_ssl_name $ingress_backend;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_backend;

    proxy_http_version 1.1;
    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $ingress_backend;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header iv-user $http_iv_user;
  }
  location /websocket {
    proxy_pass_request_headers off;
    proxy_set_header Authorization $http_authorization;
    proxy_ssl_verify off;
    set $ingress_kmetrics kmetrics-kintsugi.example.test;
    proxy_ssl_name $ingress_kmetrics;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_kmetrics;

    proxy_http_version 1.1;
    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $ingress_kmetrics;
  }
  location /sockets/monitoring/metrics {
    proxy_pass_request_headers off;
    proxy_set_header Authorization $http_authorization;
    proxy_ssl_verify off;
    set $ingress_piface piface-kintsugi.example.test;
    proxy_ssl_name $ingress_piface;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_piface;

    proxy_http_version 1.1;
    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $ingress_piface;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header iv-user $http_iv_user;
  }
  location /monitoring/data-collectors/states {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_piface piface-kintsugi.example.test;
    proxy_set_header Host $ingress_piface;
    proxy_ssl_name $ingress_piface;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_piface;
  }
  location = /backend/dblist {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_backend backend-kintsugi.example.test;
    proxy_set_header Host $ingress_backend;
    proxy_ssl_name $ingress_backend;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_backend/dblist;
  }
  location ~ ^/backend/(?<subpath>.*)$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_curator curator-kintsugi.example.test;
    proxy_set_header Host $ingress_curator;
    proxy_ssl_name $ingress_curator;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_curator/$subpath;
  }
  location ~ ^/frontend/(?<subpath>.*)$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_frontend frontend-kintsugi.example.test;
    proxy_set_header Host $ingress_frontend;
    proxy_ssl_name $ingress_frontend;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_frontend/$subpath;
  }
  location /assets/overview {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_inform inform-kintsugi.example.test;
    proxy_set_header Host $ingress_inform;
    proxy_ssl_name $ingress_inform;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_inform/assets/overview;
  }
  location ~ ^/assets/(?<id>.*)/overview$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_inform inform-kintsugi.example.test;
    proxy_set_header Host $ingress_inform;
    proxy_ssl_name $ingress_inform;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_inform/assets/$id/overview;
  }
  location ~ ^/assets/(?<id>.*)/overview/transactions$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_inform inform-kintsugi.example.test;
    proxy_set_header Host $ingress_inform;
    proxy_ssl_name $ingress_inform;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_inform/assets/$id/overview/transactions;
  }
  location ~ ^/assets/(?<id>.*)/events$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_mcwatch mcwatch-kintsugi.example.test;
    proxy_set_header Host $ingress_mcwatch;
    proxy_ssl_name $ingress_mcwatch;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_mcwatch/assets/$id/events;
  }
  location ~ ^/assets/(?<id>.*)/thresholds$ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_mcwatch mcwatch-kintsugi.example.test;
    proxy_set_header Host $ingress_mcwatch;
    proxy_ssl_name $ingress_mcwatch;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_mcwatch/assets/$id/thresholds;
  }
  location /iam-auth {
    if ($http_referer = '') {
      return 301 https://$host/frontend;
    }
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    proxy_ssl_name proxy-kintsugi.example.test;
    proxy_ssl_server_name on;
    proxy_pass https://proxy-proxy-kintsugi.example.test/backend/;
  }
  location /grafana/ {
    include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
    set $ingress_grafana grafana-kintsugi.example.test;
    proxy_set_header Host $ingress_grafana;
    proxy_ssl_name $ingress_grafana;
    proxy_ssl_server_name on;
    proxy_pass https://$ingress_grafana;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
kintsugi.upstream.conf: |-
  upstream ingress_backend {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server backend-kintsugi.example.test:443;
  }
  upstream ingress_terminal {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server terminal-kintsugi.example.test:443;
  }
  upstream ingress_curator {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server curator-kintsugi.example.test:443;
  }
  upstream ingress_kmetrics {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server kmetrics-kintsugi.example.test:443;
  }
  upstream ingress_piface {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server piface-kintsugi.example.test:443;
  }
  upstream ingress_mcwatch {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server mcwatch-kintsugi.example.test:443;
  }
  upstream ingress_inform {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server inform-kintsugi.example.test:443;
  }
  upstream ingress_frontend {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      set $ingress_frontend frontend-kintsugi.example.test:443;
  }
  upstream ingress_grafana {
      include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
      server grafana-kintsugi.example.test:443;
  }