chore: adds kong example. #144
Conversation
| @@ -172,6 +172,9 @@ func Build() error { | |||
| if os.Getenv("MEMSTATS") == "true" { | |||
| buildTags = append(buildTags, "memstats") | |||
| } | |||
| if os.Getenv("METRICS") == "false" { | |||
There was a problem hiding this comment.
DefineCountMetric isn't supported by kong yet.
example/kong/Makefile
Outdated
| @@ -0,0 +1,30 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Let's use a docker-compose instead like the other example
|
Yeah my bad. I should have open this PR as a draft. Not sure if this will
ever be in the main project (I truly hope so) unless proxy-wasm get serious support from kong
but I was still curious whether this would work or not. Turning this into
docker-compose was my first approach but I failed and ended up using the
quickstart script.
…On Mon, 6 Feb 2023, 01:16 Anuraag Agrawal, ***@***.***> wrote:
***@***.**** commented on this pull request.
Let's rename the folder to examples and move the current one to an envoy
subfolder
------------------------------
In example/kong/Makefile
<#144 (comment)>
:
> @@ -0,0 +1,30 @@
+#!/bin/bash
Let's use a docker-compose instead like the other example
—
Reply to this email directly, view it on GitHub
<#144 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAVNXFB2FL3XLGD6OYDWWA7EZANCNFSM6AAAAAAURKE6RM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
@jcchavezs Hi! Hisham from Kong's WasmX team here — it's really cool that you're giving this a go! A lot has happened on our end since the tech preview container we released at Kong Summit 2022; we want to make some more updates public in the near future, but AFAIK there's no confirmed ETA yet. I just looked at your PR diff and haven't actually played with it, but it looks like with these changes you succeeded loading your filter into the gateway using the tech preview container, right? Nice!
Very curious about this! I briefly looked at
You can get this box checked :) |
|
Thanks for showing up @hishamhm
Any chance you can run a kong example with the e2e enabled with your internal image?
Yes, I think we can do better at providing examples when the config string is complex (e.g. in our case it is a JSON where strings hold quotes inside).
Yeah I will try that one once I have some time.
Awesome, thanks. Are you in any slack? would be cool to have a few words. |
|
@hishamhm I am having an issue by using kong in docker-compose. Basically kong can contact upstream, see https://github.com/corazawaf/coraza-proxy-wasm/pull/144/files#diff-c237865426ae84633a58c9aad1bd2ccb628bf43cff4ecbb262561aa534d8449dR24. Any clue? |
|
@jcchavezs hi, I was away on vacation, but I'm back now and I'll take a look at this as soon as I can! |
|
Friendly ping @hishamhm |
|
@jcchavezs Hi José — I gave this branch a try. It's been a long time since I last used Docker Compose, and I'm unfamiliar with Mage, so I hacked my way around them until I got something running in the Kong logs. Here's a gist with all of my quick-and-dirty tweaks. At first glance, it seemed to me that the problem with the configuration wasn't actually Kong-specific?... In your kong-kong-1 | 172.18.0.4 - - [14/Mar/2023:21:11:41 +0000] "GET / HTTP/1.1" 200 17781 "-" "HTTPie/0.9.2"
kong-kong-1 | 2023/03/14 21:11:41 [warn] 2162#0: *2370 failed to get source address: error status returned by host: not found, client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", host: "kong:8000"
kong-kong-1 | 2023/03/14 21:11:41 [warn] 2162#0: *2370 failed to get destination address: error status returned by host: not found, client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", host: "kong:8000"
kong-kong-1 | 2023/03/14 21:11:41 [crit] 2162#0: *2370 /%!(EXTRA T=GET, T=HTTP/2.0), client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", host: "kong:8000"
kong-kong-1 | 2023/03/14 21:11:41 [crit] 2162#0: *2370 failed to get request headers: error status returned by host: not found, client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", host: "kong:8000"
kong-httpbin-1 | time="2023-03-14T21:11:41.6085" status=200 method="GET" uri="/" size_bytes=11133 duration_ms=0.30 user_agent="HTTPie/0.9.2" client_ip=172.18.0.4
kong-kong-1 | 2023/03/14 21:11:41 [crit] 2162#0: *2370 [client ""] Coraza: Warning. Inbound Anomaly Score Exceeded (Total Score: 0) [file "@owasp_crs/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "0"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 0)"] [data ""] [severity "emergency"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname ""] [uri "/"] [unique_id "mFPOhCJCcgpsAymuCZd"]
kong-kong-1 | while reading response header from upstream, client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", upstream: "http://172.18.0.2:8080/", host: "kong:8000"
kong-kong-1 | 2023/03/14 21:11:41 [error] 2162#0: *2370 [wasm] trap in proxy_on_response_headers: response already sent <module: "main", vm: "main", runtime: "wasmer"> while reading response header from upstream, client: 172.18.0.4, server: kong, request: "GET / HTTP/1.1", upstream: "http://172.18.0.2:8080/", host: "kong:8000"
kong-kong-1 | 172.18.0.4 - - [14/Mar/2023:21:11:41 +0000] "GET / HTTP/1.1" 500 46 "-" "HTTPie/0.9.2"
kong-service-provisioner-1 | {
kong-service-provisioner-1 | "message":"An unexpected error occurred"
kong-service-provisioner-1 exited with code 0These errors such as I assume you already ran the filter on Kong without the docker-compose environment — did you get it running further than what the logs above show? |
|
Thanks a lot @hishamhm, indeed your changes improved the experience however as you point out, proxy wasm fails to get headers. Is there any chance we can try this with a more recent image? It would be cool to at least try rules in phase 1 (those about URI and request headers). If now, do you have a date when those are available? Wasmio 2023 is next week and it could be really cool to have this at least in a PoC. |
@jcchavezs I don't think we'll have a new public snapshot ready by then, but @casimiro from our team will be at the conference. If you or anyone from your team happen to be there, make sure to get in touch! |
|
@jcchavezs Are go changes planned to be merged into main? (Bare-minimal to make it work with Kong) |
|
I think this PR needs an owner to get to the merge, basically verify the
example works.
…On Mon, Jul 1, 2024 at 7:15 PM s3rj1k ***@***.***> wrote:
@jcchavezs <https://github.com/jcchavezs> Are go changes planned to be
merged into main? (Bare-minimal to make it work with Kong)
—
Reply to this email directly, view it on GitHub
<#144 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAV5XE7MICJZ7K7V6Z3ZKGFCZAVCNFSM6AAAAABKF7FIAKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBQGY2TOOBQGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Btw, we now support metrics in ngx_wasm_module since last week. An upcoming release of Kong Gateway will include the latest ngx_wasm_module (no timeline yet, probably later this month or next). |
|
@thibaultcha Do we have some documentation for quick start with corza-wasm+ngx_wasm_module ? |
|
@s3rj1k Not that I know of. We have lots of documentation for ngx_wasm_module, and I'm sure coraza-wasm has its own documentation which should be more than enough. |
I mean do you test that integration somehow in Kong? Maybe some Dockerfile? Or it just was some manual one-shot test from Kong side? (Not being negative here, just trying to understand maybe we already have some work done) |
|
We do not have a continuous integration suite for each Proxy-Wasm filter, I don't think that would be very sustainable... All of our tests for existing Proxy-Wasm filters (coraza-wasm or others) are one-off. |
I see, thanks, so in case I would want to test this it should work on Kong/ngx_wasm_module HEAD + this PR? |
This PR attempts to run kong with coraza-proxy-wasm enabled, kind of following https://github.com/Kong/proxy-wasm-hello-world
Limitations:
Things to sort out: