Get support for sagikazarmark/curiefense-emissary-poc
If you're new to LTH, please see our FAQ for more information on what it is we do.
Support Options
Unfortunately, there are currently no active helpers for this repository on the platform. Until they become available, we reccomend the following actions:
View Open IssuesTake a look to see if anyone else has experienced the same issue as you and if they managed to solve it.
Open an IssueMake sure to read any relevant guidelines for opening issues on this repo before posting a new issue.
Sponsor directlyCheck out the page and see if there are any options to sponsor this project or it's developers directly.
sagikazarmark/curiefense-emissary-poc
Curiefense WAF + Emissary Ingress POC
Clone the repository with the following command:
git clone --recurse-submodules https://github.com/sagikazarmark/curiefense-emissary-poc.git
Preparations
Build container image:
docker build .
If you use Kind (proceed to the instructions below if you are here for the first time), you can build a local image and load into Kind:
docker build -t curiefense-emissary .
kind load docker-image curiefense-emissary:latest
Setup
Gain access to a Kubernetes cluster. Check out the Using Kind section for a local setup.
Using Kind
- Create a new Kind cluster:
kind create cluster --config kind/kind.yaml
- Run the setup script to install required components:
./kind/setup.sh
Deploy Curiefense
Deploy Curiefense:
kubectl create namespace curiefense
kubectl apply -f curiefense/secret.yaml
cd curiefense/curiefense-helm/curiefense-helm
DOCKER_TAG=v1.5.0 ./deploy.sh -f curiefense/use-minio.yaml --set "global.proxy.frontend=envoy" --set "global.settings.curiefense_minio_insecure=true"
cd -
TODO: quality of life improvement: push (prod) chart to a chart repo? Use Kustomize to install components (uiserver, confserver) separately?
Deploy Emissary Ingress
Deploy Emissary:
# If you run into any error, run it again
kustomize build emissary | k apply -f -
kubectl -n emissary wait --for condition=available --timeout=90s deploy emissary-ingress
Deploy the echo app
kubectl apply -f app/app.yaml
Usage
First, you might want to create some configuration that proves the system works.
For example, you could create a Global Filter that matches requests with a specific header (eg. breakme: true
).
Check out the documentation to learn about the vast number of features Curiefense has.
First, port-forward into the Curiefense UI server:
kubectl -n curiefense port-forward deploy/uiserver 8080:80
Then follow these steps to setup a simple deny rule:
- Go to Policies & Rules
- Choose Global Filters
- Click the + (plus) sign in the right upper corner
- Give the new filter a name
- Add a new match for a Header (eg.
breakme: true
) - Choose 503 Service Unavailable as action
- Hit save (floppy icon)
- Go to Publish Changes
- Hit Publish configuration
Next, port-forward into Emissary Ingress:
kubectl -n emissary port-forward deploy/emissary-ingress 8888:8080
Finally, send a request to the ingress:
curl -H "Host: host2.example.com" -H "breakme: true" localhost:8888
You should get an 503 from the server.
Cleanup
Ideally, delete the cluster.
In case of Kind:
kind delete cluster
Best effort attempt to delete resources:
kubectl delete namespace emissary
kubectl delete namespace curiefense
Our Mission
We want to make open source more sustainable. The entire platform was born from this and everything we do is in aid of this.
From the Blog
Interesting Articles
-
Generating income from open source
Jun 23 • 8 min read
-
2023 State of OSS
Apr 23 • 45 min read ★
-
A funding experiment...
Aug 19 • 10 min read
-
But You Said I could
Aug 19 • 2 min read
Thank you for checking out LiveTechHelper |
2025 © lth-dev incorporated
p-e622a1a2