-
Notifications
You must be signed in to change notification settings - Fork 593
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add hub examples directory with some existing examples * add cognito example * move custom configurable values into a custom_values key * add RLA examplse * add prereqs for examples * remove 'config.' key; use descriptive names for RLA examples * adjust descriptions for sliding windows
- Loading branch information
1 parent
cee445f
commit a9583d1
Showing
19 changed files
with
325 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
description: | | ||
This configuration enables AI Proxy with Anthropic. | ||
prereqs: | ||
- A route with `paths[]=~/anthropic-chat$` configured. Apply the plugin to this route. | ||
|
||
custom_values: | ||
- auth.header_value | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
auth: | ||
header_name: "apikey" | ||
header_value: "<anthropic_key>" # add your own Anthropic API key | ||
model: | ||
provider: "anthropic" | ||
name: "claude-2.1" | ||
options: | ||
max_tokens: 512 | ||
temperature: 1.0 | ||
top_p: 256 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
description: | | ||
This configuration enables AI Proxy with Azure OpenAI Service. | ||
prereqs: | ||
- A route with `paths[]=~/azure-chat$` configured. Apply the plugin to this route. | ||
|
||
custom_values: | ||
- auth.header_value | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
auth: | ||
header_name: "api-key" | ||
header_value: "<azure_ai_access_key>" # add your own Azure OpenAI access key | ||
model: | ||
provider: "azure" | ||
name: "gpt-35-turbo" | ||
options: | ||
azure_instance: "ai-proxy-regression" | ||
azure_deployment_id: "kong-gpt-3-5" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
description: | | ||
This configuration enables AI Proxy with Cohere. | ||
prereqs: | ||
- A route with `paths[]=~/cohere-chat$` configured. Apply the plugin to this route. | ||
|
||
custom_values: | ||
- auth.header_value | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
auth: | ||
header_name: "Authorization" | ||
header_value: "Bearer <cohere_key>" # add your own Cohere API key | ||
model: | ||
provider: "cohere" | ||
name: "command" | ||
options: | ||
max_tokens: 512 | ||
temperature: 1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
description: | | ||
This configuration enables AI Proxy with Llama2. | ||
prereqs: | ||
- A running Llama2 instance. | ||
- A route with `paths[]=~/llama2-chat$` configured. Apply the plugin to this route. | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
model: | ||
provider: "llama2" | ||
name: "llama2" | ||
llama2_format: "ollama" | ||
upstream_url: "http://llama2-server.local:11434/api/chat" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
description: | | ||
This configuration enables AI Proxy with Mistral. | ||
prereqs: | ||
- A running Mistral instance. | ||
- A route with `paths[]=~/mistral-chat$` configured. Apply the plugin to this route. | ||
|
||
custom_values: | ||
- auth.header_value | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
auth: | ||
header_name: "Authorization" | ||
header_value: "Bearer <MISTRAL_AI_KEY>" | ||
model: | ||
provider: "mistral" | ||
name: "mistral-tiny" | ||
mistral_format: "openai" | ||
upstream_url: "https://api.mistral.ai/v1/chat/completions" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
description: | | ||
This configuration enables AI Proxy with OpenAI. | ||
prereqs: | ||
- A route with `paths[]=~/openai-chat$` configured. Apply the plugin to this route. | ||
|
||
custom_values: | ||
- auth.header_value | ||
|
||
config: | ||
route_type: "llm/v1/chat" | ||
auth: | ||
header_name: "Authorization" | ||
header_value: "Bearer <openai_key>" # add your own OpenAI API key | ||
model: | ||
provider: "openai" | ||
name: "gpt-4" | ||
options: | ||
max_tokens: 512 | ||
temperature: 1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
description: | | ||
Send Kong Gateway logs to Splunk in raw text using the `/services/collector/raw` Splunk endpoint. | ||
Adjust the `http_endpoint` and its secure token in `headers.Authorization` to your own values. | ||
custom_values: | ||
- headers.Authorization | ||
- http_endpoint | ||
|
||
config: | ||
headers: | ||
Authorization: "Splunk 123456" | ||
http_endpoint: "https://example.splunkcloud.com:8088/services/collector/raw" | ||
method: POST | ||
timeout: 3000 | ||
retry_count: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
description: | | ||
Authenticate headless service consumers using Auth0's identity provider. | ||
prereqs: | ||
- Auth0 API configured with the `openid` scope. Find your `issuer` URL and `audience` | ||
in your Auth0 API configuration. | ||
- A Kong service with `url` configured to match your Auth0 API Identifier. | ||
|
||
custom_values: | ||
- issuer | ||
- audience | ||
|
||
config: | ||
auth_methods: | ||
- client_credentials | ||
issuer: "https://<auth0 API name>.auth0.com/.well-known/openid-configuration" | ||
audience: "<auth0 API identifier>" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
description: | | ||
Authenticate browser clients using an Azure AD identity provider. | ||
prereqs: | ||
- A Kong route secured with HTTPS. | ||
- In Azure AD, configure a redirect URI that is handled by your route. | ||
- In Azure AD, register an app and add a client secret credential that this plugin will use to access it. | ||
|
||
custom_values: | ||
- issuer | ||
- client_id | ||
- client_secret | ||
- redirect_uri | ||
- scopes | ||
|
||
config: | ||
issuer: "https://login.microsoftonline.com/YOUR_DIRECTORY_ID/v2.0/.well-known/openid-configuration" | ||
client_id: "YOUR_CLIENT_ID" | ||
client_secret: "YOUR_CLIENT_SECRET" | ||
redirect_uri: "https://example.com/api" | ||
scopes: | ||
- openid | ||
- profile | ||
- "YOUR_CLIENT_ID/.default" | ||
verify_parameters: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
description: | | ||
Integrate Kong Gateway with Amazon Cognito. | ||
prereqs: | ||
- Set up an Amazon Cognito User Pool and Application Definition before configuring the plugin. | ||
|
||
custom_values: | ||
- issuer | ||
- client_id | ||
- client_secret | ||
|
||
config: | ||
issuer: "https://cognito-idp.<REGION>.amazonaws.com/<USER-POOL-ID>" | ||
client_id: "YOUR_CLIENT_ID" | ||
client_secret: "YOUR_CLIENT_SECRET" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
description: | | ||
Integrate Kong Gateway and the Curity Identity Server for introspection using the | ||
Phantom Token pattern. | ||
prereqs: | ||
- Curity Identity Server installed. | ||
- An introspection endpoint configured with the Token Procedure Approach. | ||
|
||
custom_values: | ||
- issuer | ||
- client_id | ||
- client_secret | ||
|
||
config: | ||
issuer: "https://idsvr.example.com/oauth/v2/oauth-anonymous" | ||
client_id: "YOUR_CLIENT_ID" | ||
client_secret: "YOUR_CLIENT_SECRET" | ||
scopes_required: | ||
- openid | ||
hide_credentials: true | ||
upstream_access_token_header: nil | ||
upstream_headers_claims: | ||
- phantom_token | ||
upstream_headers_names: | ||
- phantom_token | ||
auth_methods: | ||
- introspection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
description: | | ||
Authenticate browser clients using Google's identity provider. | ||
prereqs: | ||
- A Kong service secured with HTTPS. | ||
- Set up a Google API project and create a set of OAuth client ID credentials with the Web application class. | ||
- An authorized redirect URI for the part of the API you want to protect. | ||
|
||
custom_values: | ||
- issuer | ||
- client_id | ||
- client_secret | ||
- redirect_uri | ||
|
||
config: | ||
issuer: "https://accounts.google.com/.well-known/openid-configuration" | ||
client_id: "YOUR_CLIENT_ID" | ||
client_secret: "YOUR_CLIENT_SECRET" | ||
redirect_uri: "https://example.com/api" | ||
scopes: | ||
- openid | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
description: | | ||
Authenticate browser clients using Okta. | ||
prereqs: | ||
- A Kong route secured with HTTPS. | ||
- A registered application in Okta pointing to the Kong route. | ||
- Any network access control to your Kong node must allow traffic to and from Okta, the upstream service, and the client. | ||
|
||
custom_values: | ||
- issuer | ||
- client_id | ||
- client_secret | ||
- redirect_uri | ||
|
||
config: | ||
issuer: "https://YOUR_OKTA_DOMAIN/oauth2/YOUR_AUTH_SERVER/.well-known/openid-configuration" | ||
client_id: "YOUR_CLIENT_ID" | ||
client_secret: "YOUR_CLIENT_SECRET" | ||
redirect_uri: "https://example.com/api" | ||
scopes_claim: | ||
- scp | ||
scopes: | ||
- openid | ||
- profile | ||
auth_methods: | ||
- authorization_code |
9 changes: 9 additions & 0 deletions
9
app/assets/hub/kong-inc/rate-limiting-advanced/fixed-window-200-requests-per-30-min.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
description: | | ||
Users are allowed 200 requests per 30 minutes, resetting exactly on the 30 minute mark with no carryover of unused limits. | ||
config: | ||
limit: | ||
- 200 | ||
window_size: | ||
- 1800 | ||
window_type: fixed |
9 changes: 9 additions & 0 deletions
9
app/assets/hub/kong-inc/rate-limiting-advanced/fixed-window-500-requests-per-hour.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
description: | | ||
A fixed limit of 500 requests per hour resetting sharply on the hour, ensuring no user can exceed this limit. | ||
config: | ||
limit: | ||
- 500 | ||
window_size: | ||
- 3600 | ||
window_type: fixed |
9 changes: 9 additions & 0 deletions
9
app/assets/hub/kong-inc/rate-limiting-advanced/fixed-window-5000-requests-per-day.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
description: | | ||
A strict limit of 5000 requests per day resetting promptly at midnight, preventing any burst traffic or inconsistent user experiences. | ||
config: | ||
limit: | ||
- 500 | ||
window_size: | ||
- 86400 | ||
window_type: fixed |
10 changes: 10 additions & 0 deletions
10
app/assets/hub/kong-inc/rate-limiting-advanced/sliding-window-100-requests-per-hour.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
description: | | ||
Each user can make up to 100 requests every rolling hour, with the plugin continuously | ||
adjusting the count over the course of the hour. There is no hard limit or known reset. | ||
config: | ||
limit: | ||
- 100 | ||
window_size: | ||
- 3600 | ||
window_type: sliding |
10 changes: 10 additions & 0 deletions
10
app/assets/hub/kong-inc/rate-limiting-advanced/sliding-window-300-requests-per-30-min.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
description: | | ||
Each user can make up to 300 requests in any rolling 30 minute period, | ||
with the plugin continuously adjusting the count as new requests are made. | ||
config: | ||
limit: | ||
- 300 | ||
window_size: | ||
- 1800 | ||
window_type: sliding |
12 changes: 12 additions & 0 deletions
12
app/assets/hub/kong-inc/rate-limiting-advanced/sliding-window-500-requests-per-hour.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
description: | | ||
Each user is allowed 500 requests every rolling hour. | ||
If the limit is exceeded and the user receives a 429 error, each additional request within the sliding window (hour) | ||
will extend the wait time by about 12 minutes, continuously adjusting as new requests are made. | ||
config: | ||
limit: | ||
- 500 | ||
window_size: | ||
- 3600 | ||
window_type: sliding | ||
disable_penalty: false |