The Lightrun Router supports multiple deployment options across different cloud providers and ingress controllers. Choose the relevant setup based on your environment:
- AWS Load Balancer Controller
- Azure Application Gateway
- Azure Service Controller
- GCP GKE Ingress Controller
- GCP GKE Service Controller
- Nginx Ingress Controller
- Istio Gateway
- Contour Ingress Controller
- OpenShift HAProxy Router
The router allows defining IP-based access control for different endpoints. By default:
- All IPs are allowed unless explicitly denied.
- The Keycloak admin endpoint (
auth_admin) and metrics (metrics) are denied by default.
general:
router:
acl:
# IP access list configuration
# Expect list of CIDRs. For single ip, use /32
# If `deny_ips` empty, all IPs are allowed
global: # will affect all endpoints
allow_ips: []
deny_ips: []
agents:
allow_ips: []
deny_ips: []
auth_admin: #keycloak admin
allow_ips: []
deny_ips: ["all"]
metrics:
allow_ips: []
deny_ips: ["all"]Rate limiting helps prevent excessive API requests. By default, it is disabled. The rate limit applies to all the requests to the router.
general:
router:
rate_limit:
global:
enabled: false
rps_per_ip: 50
zone_size: 10m # size of the shared memory zone for rate limitingThe router supports injecting custom Nginx configuration snippets for advanced tuning. By default, no additional configuration is applied.
general:
router:
server_snippets: ""
http_snippets: ""To extend timeout settings, update server_snippets:
server_snippets: |
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;