### Complete Example: API Gateway Setup Source: https://context7.com/apoxy-dev/apoxy/llms.txt Demonstrates setting up a complete API gateway with backend routing, edge function processing, and rate limiting. ```APIDOC ## Complete Example: API Gateway Setup ### Description This example demonstrates setting up a complete API gateway with backend routing, edge function processing, and rate limiting. ### Configuration Example ```yaml # complete-setup.yaml # 1. Proxy infrastructure apiVersion: core.apoxy.dev/v1alpha2 kind: Proxy metadata: name: production-proxy spec: provider: cloud telemetry: tracing: enabled: true accessLogs: json: request_id: "%REQ(X-Request-ID)%" --- # 2. Gateway class and gateway apiVersion: gateway.apoxy.dev/v1 kind: GatewayClass metadata: name: apoxy spec: controllerName: gateway.apoxy.dev/gatewayclass-controller --- apiVersion: gateway.apoxy.dev/v1 kind: Gateway metadata: name: main-gateway spec: gatewayClassName: apoxy infrastructure: parametersRef: kind: Proxy name: production-proxy listeners: - name: http protocol: HTTP port: 80 --- ``` ``` -------------------------------- ### Complete API Gateway Setup - Apoxy YAML Source: https://context7.com/apoxy-dev/apoxy/llms.txt Demonstrates a comprehensive API gateway setup, including proxy infrastructure with telemetry, a GatewayClass, and a Gateway resource with HTTP listeners. This configuration enables routing, edge function processing, and rate limiting. ```yaml # complete-setup.yaml # 1. Proxy infrastructure apiVersion: core.apoxy.dev/v1alpha2 kind: Proxy metadata: name: production-proxy spec: provider: cloud telemetry: tracing: enabled: true accessLogs: json: request_id: "%REQ(X-Request-ID)%" --- # 2. Gateway class and gateway apiVersion: gateway.apoxy.dev/v1 kind: GatewayClass metadata: name: apoxy spec: controllerName: gateway.apoxy.dev/gatewayclass-controller --- apiVersion: gateway.apoxy.dev/v1 kind: Gateway metadata: name: main-gateway spec: gatewayClassName: apoxy infrastructure: parametersRef: kind: Proxy name: production-proxy listeners: - name: http protocol: HTTP port: 80 --- ``` -------------------------------- ### Start Local Development Environment - Apoxy CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Starts a complete local development environment for Apoxy, including the API server, backplane, and tunnel proxy. It watches configuration files for automatic reloads. ```bash # Start local development environment with config file apoxy dev ./config/proxy.yaml # Starting Apoxy server with Proxy name: my-laptop # Starting apiserver using driver mode: docker # Starting clickhouse using driver mode: docker # Starting backplane using driver mode: docker # Starting tunnelproxy using driver mode: docker # Watching ./config/proxy.yaml for changes... ``` -------------------------------- ### Run Local Development Environment Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Starts the local development environment for the Apoxy project. This command is typically used to set up a local testing or development instance. ```bash # Start local dev environment apoxy dev ``` -------------------------------- ### Deploy Apoxy Configuration using CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Applies a complete Apoxy setup defined in 'complete-setup.yaml' using the Apoxy CLI. This command deploys various resources including proxy, gateway, backend, edge function, and HTTP route. ```bash # Deploy complete setup apoxy apply -f complete-setup.yaml # proxy "production-proxy" applied # gatewayclass "apoxy" applied # gateway "main-gateway" applied # backend "users-api" applied # edgefunction "auth-filter" applied # httproute "users-route" applied # # Applied 6 resources ``` -------------------------------- ### Test API Endpoint with Authentication Source: https://context7.com/apoxy-dev/apoxy/llms.txt Tests the configured API endpoint 'https://api.example.com/users' by sending a GET request with a valid 'X-API-Key' header. This verifies that the route and authentication filter are functioning correctly. ```bash # Test the endpoint curl -H "X-API-Key: my-key" https://api.example.com/users ``` -------------------------------- ### Run Go Tests Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Executes Go tests for the Apoxy project. Supports running all tests, specific packages, verbose output, filtering by test name, and cross-platform testing. ```bash # Run all tests go test ./... # Run specific package tests go test ./pkg/tunnel/... go test ./pkg/cmd/... # Verbose output go test -v ./... # Run specific test go test -run TestName ./... # Linux-only tests (tunnel, netlink) GOOS=linux go test ./pkg/net/lwtunnel/... GOOS=linux go test ./pkg/tunnel/... ``` -------------------------------- ### Build Apoxy Docker Images with Dagger Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Builds Docker images for Apoxy components using Dagger. Allows building all images or specific ones like apiserver, backplane, or tunnelproxy. ```bash # Build all images dagger call build-all # Build specific image dagger call build-apiserver dagger call build-backplane dagger call build-tunnelproxy ``` -------------------------------- ### Cross-Compile for Linux Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Builds Go packages for the Linux operating system, specifically for packages that have Linux-only dependencies like netlink/syscall. This is necessary when building on non-Linux systems like macOS. ```bash Build with GOOS=linux for these packages on macOS. ``` -------------------------------- ### Configure Local Development with External ClickHouse - Apoxy CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Starts the local Apoxy development environment, connecting to an external ClickHouse instance instead of running one in Docker. This allows using a pre-existing or separately managed ClickHouse database. ```bash # Use external ClickHouse instance apoxy dev ./config/proxy.yaml --clickhouse-addr 192.168.1.100 ``` -------------------------------- ### Build Apoxy CLI Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Builds the Apoxy CLI executable. Supports both release and debug builds, extracting version from git tags and injecting build metadata using Go ldflags. ```bash # Release build (installs to $GOPATH/bin/apoxy) ./build.sh # Debug build ./build.sh -t debug ``` -------------------------------- ### Configure Local Development with Subprocess Mode - Apoxy CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Starts the local Apoxy development environment using subprocesses instead of Docker containers for core components. This can be useful for environments where Docker is not available or preferred. ```bash # Use subprocess mode instead of Docker apoxy dev ./config/proxy.yaml --use-subprocess ``` -------------------------------- ### Define and Manage Apoxy Proxy Resources Source: https://context7.com/apoxy-dev/apoxy/llms.txt The Proxy resource defines deployment configurations for API proxies across different infrastructure providers (cloud, Kubernetes, unmanaged). It supports telemetry options like access logs, content logging, and distributed tracing. The CLI commands allow for creating, listing, getting, applying, and deleting proxy resources. ```yaml # proxy.yaml - Create a cloud-deployed proxy with tracing enabled apiv1alpha2 kind: Proxy metadata: name: my-api-proxy spec: provider: cloud # Options: cloud, kubernetes, unmanaged telemetry: tracing: enabled: true tags: environment: value: "production" accessLogs: json: custom_field: "%REQ(X-Request-ID)%" contentLogs: requestBodyEnabled: true responseBodyEnabled: false shutdown: drainTimeout: 30s minimumDrainTime: 30s ``` ```bash # Create a proxy from file apoxy proxy create -f proxy.yaml # List all proxies apoxy proxy list # NAME PROVIDER STATUS TELEMETRY AGE # my-api-proxy cloud Ready (1) [Tracing] 5m # Get a specific proxy apoxy proxy get my-api-proxy # Apply proxy configuration (server-side apply) apoxy proxy apply -f proxy.yaml --field-manager apoxy-cli # Delete a proxy apoxy proxy delete my-api-proxy ``` -------------------------------- ### Generate Go Code Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Executes Go's built-in code generation tools for all packages within the project. This command should be run after making changes to code that relies on code generation. ```bash # Other code generation go generate ./... ``` -------------------------------- ### Regenerate API Helpers Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Regenerates API helper clients and types after modifying API definitions. This is crucial for maintaining consistency between API definitions and their usage in the codebase. ```bash # Regenerate API helpers after modifying types in api/ ./codegen/update.sh ``` -------------------------------- ### Regenerate Apoxy API Code Source: https://github.com/apoxy-dev/apoxy/blob/main/CLAUDE.md Regenerates helper code for API types, including DeepCopy methods, type registration, client code, listers, informers, and OpenAPI schemas. Requires matching k8s.io/code-generator and k8s.io/apimachinery versions. ```bash ./codegen/update.sh ``` -------------------------------- ### Multi-Resource Apply CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Applies multiple API resources from files, directories, or stdin using server-side apply semantics for conflict-free updates. ```APIDOC ## Multi-Resource Apply CLI ### Description The global apply command supports applying multiple resources from files, directories, or stdin with server-side apply semantics for conflict-free updates. ### Usage Examples ```bash # Apply a single file with multiple resources apoxy apply -f gateway-setup.yaml # gatewayclass "apoxy" applied # gateway "api-gateway" applied # httproute "api-route" applied # Apply all manifests in a directory apoxy apply -f ./manifests/ # Apply recursively through subdirectories apoxy apply -f ./config/ -R # Apply from stdin cat < { const url = new URL(req.url); if (req.method === "POST") { const { name }: RequestPayload = await req.json(); return new Response( JSON.stringify({ message: `Hello ${name}!` }), { headers: { "Content-Type": "application/json", "X-Powered-By": "Apoxy EdgeFunction" } } ); } return new Response( JSON.stringify({ status: "ok", path: url.pathname }), { headers: { "Content-Type": "application/json" } } ); }); ``` ### WebAssembly Edge Function Example ```yaml # edgefunction-wasm.yaml - WebAssembly edge function apiVersion: extensions.apoxy.dev/v1alpha2 kind: EdgeFunction metadata: name: wasm-filter spec: template: mode: filter code: wasmSource: url: "https://example.com/filter.wasm" ``` ### Go Plugin Edge Function Example (unmanaged/kubernetes only) ```yaml # edgefunction-go.yaml - Go plugin edge function (unmanaged/kubernetes only) apiVersion: extensions.apoxy.dev/v1alpha2 kind: EdgeFunction metadata: name: go-filter spec: template: mode: filter code: goPluginSource: oci: repo: registry.example.com/myorg/my-filter tag: "v1.0.0" credentials: username: "user" password: "pass" pluginConfig: '{"setting": "value"}' ``` ### EdgeFunction Management Commands #### Create Edge Function ```bash apoxy edgefunction create -f edgefunction.yaml ``` #### List Edge Functions ```bash apoxy edgefunction list ``` #### Get Edge Function Details ```bash apoxy edgefunction get hello-api ``` #### Apply Edge Function (server-side apply) ```bash apoxy edgefunction apply -f edgefunction.yaml ``` #### Delete Edge Function ```bash apoxy edgefunction delete hello-api ``` ``` -------------------------------- ### Configure Go Plugin EdgeFunction as a Filter Source: https://context7.com/apoxy-dev/apoxy/llms.txt Defines a Go plugin EdgeFunction for use in filter mode, specifically for unmanaged or Kubernetes environments. It specifies the Go plugin source via an OCI registry and includes optional credentials and plugin configuration. ```yaml # edgefunction-go.yaml - Go plugin edge function (unmanaged/kubernetes only) apiVersion: extensions.apoxy.dev/v1alpha2 kind: EdgeFunction metadata: name: go-filter spec: template: mode: filter code: goPluginSource: oci: repo: registry.example.com/myorg/my-filter tag: "v1.0.0" credentials: username: "user" password: "pass" pluginConfig: '{"setting": "value"}' ``` -------------------------------- ### Develop JavaScript EdgeFunction as a Backend Source: https://context7.com/apoxy-dev/apoxy/llms.txt Defines a JavaScript EdgeFunction that operates in backend mode. It includes environment variables, specifies runtime capabilities like fetchAPI and kv, and provides the JavaScript source code for handling requests. ```yaml # edgefunction.yaml - JavaScript edge function as backend apiVersion: extensions.apoxy.dev/v1alpha2 kind: EdgeFunction metadata: name: hello-api spec: revisionHistoryLimit: 10 template: mode: backend # Options: backend, filter runtime: port: 8080 timeout: 30s capabilities: fetchAPI: true kv: true env: - name: API_KEY value: "secret-key" code: jsSource: entrypoint: "main.ts" assets: files: - path: "main.ts" content: | interface RequestPayload { name: string; } Deno.serve(async (req: Request) => { const url = new URL(req.url); if (req.method === "POST") { const { name }: RequestPayload = await req.json(); return new Response( JSON.stringify({ message: `Hello ${name}!` }), { headers: { "Content-Type": "application/json", "X-Powered-By": "Apoxy EdgeFunction" } } ); } return new Response( JSON.stringify({ status: "ok", path: url.pathname }), { headers: { "Content-Type": "application/json" } } ); }); ``` -------------------------------- ### HTTPRoute with EdgeFunction Integration Source: https://context7.com/apoxy-dev/apoxy/llms.txt Integrates EdgeFunctions into HTTPRoutes, either as direct backends or as filters for request processing. ```APIDOC ## HTTPRoute with EdgeFunction Integration ### Description EdgeFunctions can be used as route backends or as filters that process requests before forwarding to other backends. Filter mode is more performant for transformations as it reduces network hops. ### Resource Type `gateway.apoxy.dev/v1/HTTPRoute` ### Example Configuration ```yaml # route-with-edgefunction.yaml apiVersion: gateway.apoxy.dev/v1 kind: HTTPRoute metadata: name: filtered-route spec: parentRefs: - name: api-gateway port: 80 kind: Gateway hostnames: - "*" rules: # Route to EdgeFunction as backend - matches: - path: type: PathPrefix value: /api backendRefs: - kind: EdgeFunction group: extensions.apoxy.dev name: hello-api # Route through EdgeFunction filter to backend - matches: - path: type: PathPrefix value: /proxy filters: - type: ExtensionRef extensionRef: kind: EdgeFunction group: extensions.apoxy.dev name: wasm-filter backendRefs: - kind: Backend name: dynamic-proxy-backend port: 80 ``` ``` -------------------------------- ### Configure Tunnel with Egress Gateway - Apoxy YAML Source: https://context7.com/apoxy-dev/apoxy/llms.txt Sets up a tunnel for secure connectivity to private networks, with an option to enable egress gateway mode. Egress gateway allows tunnel agents to route outbound traffic through Apoxy, enabling SNAT for outbound connections. ```yaml # tunnel.yaml - Tunnel with egress gateway apiVersion: core.apoxy.dev/v1alpha2 kind: Tunnel metadata: name: private-network spec: egressGateway: enabled: true # Enable SNAT for outbound traffic from agents ``` -------------------------------- ### Force Apply with Conflict Resolution - Apoxy CLI Source: https://context7.com/apoxy-dev/apoxy/llms.txt Forces the application of resources, resolving conflicts by overwriting changes. This is useful when a controller needs to take precedence during updates. ```bash # Force apply with conflict resolution apoxy apply -f proxy.yaml --force-conflicts --field-manager my-controller ``` -------------------------------- ### Tunnel Configuration API Source: https://context7.com/apoxy-dev/apoxy/llms.txt Provides VPN-like connectivity between Apoxy's edge and private networks. Supports egress gateway mode for outbound traffic routing. ```APIDOC ## Tunnel Configuration API ### Description Provides VPN-like connectivity between Apoxy's edge and private networks. Enables secure access to internal services without exposing them to the public internet. Egress gateway mode allows tunnel agents to route outbound traffic through Apoxy. ### Resource Definition ```yaml apiVersion: core.apoxy.dev/v1alpha2 kind: Tunnel metadata: name: private-network spec: egressGateway: enabled: true # Enable SNAT for outbound traffic from agents ``` ### CLI Commands ```bash # Create tunnel apoxy apply -f tunnel.yaml # tunnel "private-network" applied # Run tunnel agent (connects to tunnel relay) apoxy tunnel run --name private-network ``` ``` -------------------------------- ### Configure WebAssembly EdgeFunction as a Filter Source: https://context7.com/apoxy-dev/apoxy/llms.txt Defines a WebAssembly EdgeFunction configured to run in filter mode. It specifies the source of the WebAssembly binary via a URL, allowing it to intercept and process requests before they reach the backend. ```yaml # edgefunction-wasm.yaml - WebAssembly edge function apiVersion: extensions.apoxy.dev/v1alpha2 kind: EdgeFunction metadata: name: wasm-filter spec: template: mode: filter code: wasmSource: url: "https://example.com/filter.wasm" ``` -------------------------------- ### Implement Auth Edge Function in JavaScript Source: https://context7.com/apoxy-dev/apoxy/llms.txt Creates an 'auth-filter' EdgeFunction using JavaScript. This function acts as a filter, validating API keys from incoming requests before allowing them to proceed to the backend. It returns a 401 Unauthorized response if the API key is missing. ```javascript // Auth middleware - validates API keys export default { async fetch(request: Request) { const apiKey = request.headers.get("X-API-Key"); if (!apiKey) { return new Response("Missing API Key", { status: 401 }); } // Continue to backend return fetch(request); } }; ``` -------------------------------- ### Route Traffic Through EdgeFunction Filter to Backend Source: https://context7.com/apoxy-dev/apoxy/llms.txt Configures an HTTPRoute to use an EdgeFunction as a filter before forwarding traffic to a backend. This approach is efficient for request transformations, reducing network hops. ```yaml # route-with-edgefunction.yaml apiVersion: gateway.apoxy.dev/v1 kind: HTTPRoute metadata: name: filtered-route spec: parentRefs: - name: api-gateway port: 80 kind: Gateway hostnames: - "*" rules: # Route to EdgeFunction as backend - matches: - path: type: PathPrefix value: /api backendRefs: - kind: EdgeFunction group: extensions.apoxy.dev name: hello-api # Route through EdgeFunction filter to backend - matches: - path: type: PathPrefix value: /proxy filters: - type: ExtensionRef extensionRef: kind: EdgeFunction group: extensions.apoxy.dev name: wasm-filter backendRefs: - kind: Backend name: dynamic-proxy-backend port: 80 ``` -------------------------------- ### Configure DNS-Only Domain - Apoxy YAML Source: https://context7.com/apoxy-dev/apoxy/llms.txt Configures a domain solely for DNS records without proxy routing. This is useful for services like mail servers where only DNS entries (MX, TXT) are needed. It allows specifying TTL for DNS records. ```yaml # DNS-only domain (no proxy routing) apiVersion: core.apoxy.dev/v1alpha2 kind: Domain metadata: name: dns-records spec: zone: example-zone subdomains: - mail target: dns: dnsOnly: true mx: - "10 mail.example.com" txt: - "v=spf1 include:_spf.example.com ~all" ttl: 300 ``` -------------------------------- ### Configure API Rate Limiting Policy - Apoxy YAML Source: https://context7.com/apoxy-dev/apoxy/llms.txt Defines a rate limiting policy for API requests based on various descriptors like remote address, headers, or specific paths. It supports a shadow mode to test limits without enforcement. ```yaml # ratelimit.yaml - API rate limiting policy apiVersion: policy.apoxy.dev/v1alpha1 kind: RateLimit metadata: name: api-ratelimit spec: descriptors: - key: "remote_address" rateLimit: unit: Minute # Options: Second, Minute, Hour, Day requestsPerUnit: 100 - key: "header_match" value: "api-key-premium" rateLimit: unit: Minute requestsPerUnit: 1000 - key: "path" value: "/api/heavy" rateLimit: unit: Second requestsPerUnit: 10 shadowMode: true # Log but don't enforce ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.