github twitter linkedin 500px
Enable global policies on Apicast 3.6
Sep 10, 2019
2 minutes read

Recent versions of Apicast have a pluggable policy mechanism to apply different treatments to each exposed API. This is very powerful since each service receives its specific configuration. However, if the same treatment has to be applied to every service exposed, it becomes an administration overhead.

Hopefully, Apicast has the concept of Global Policies that applies to every service exposed by itself. An example of a widespread policy, especially during demos, is the CORS policy to allow the API Developer Portal to query the API Gateway directly.

To configure the Global Policy Chain, you will have to provide a custom Environment file. By default, there is one for the Staging Environment and one for the Production Environment.

Start from those default Environment Files and add a policy_chain field with your Policy inserted wherever you want in the default Global Policy Chain. The default Global Policy Chain can be found in the gateway/src/apicast/policy_chain.lua file.

production.lua:

return {
    master_process = 'on',
    lua_code_cache = 'on',
    configuration_loader = 'boot',
    configuration_cache = os.getenv('APICAST_CONFIGURATION_CACHE') or 5*60,
    timer_resolution = '100ms',
    port = { metrics = 9421 },
    policy_chain = require('apicast.policy_chain').build({
        'apicast.policy.load_configuration',
        'apicast.policy.find_service',
        'apicast.policy.cors',
        'apicast.policy.local_chain',
        'apicast.policy.nginx_metrics'
    }),
}

staging.lua:

return {
    master_process = 'on',
    lua_code_cache = 'on',
    configuration_loader = 'lazy',
    configuration_cache = os.getenv('APICAST_CONFIGURATION_CACHE'),
    port = { metrics = 9421 }, -- see https://github.com/prometheus/prometheus/wiki/Default-port-allocations,
    policy_chain = require('apicast.policy_chain').build({
        'apicast.policy.load_configuration',
        'apicast.policy.find_service',
        'apicast.policy.cors',
        'apicast.policy.local_chain',
        'apicast.policy.nginx_metrics'
    }),
}

Then, create a ConfigMap from those two files and mount it in /opt/app-root/src/config:

oc create configmap apicast-cors --from-file=production.lua --from-file=staging.lua
oc set volume dc/apicast-production --add --name=apicast-cors -t configmap --configmap-name=apicast-cors -m /opt/app-root/src/config
oc set volume dc/apicast-staging --add --name=apicast-cors -t configmap --configmap-name=apicast-cors -m /opt/app-root/src/config


Back to posts