Lightrun Router¶

The Lightrun Router supports multiple deployment options across different cloud providers and ingress controllers. Choose the relevant setup based on your environment:

Deployment Options¶

• AWS Load Balancer Controller
• Azure Application Gateway
• Azure Service Controller
• GCP GKE Ingress Controller
• GCP GKE Service Controller
• Nginx Ingress Controller
• Istio Gateway
• Contour Ingress Controller
• OpenShift HAProxy Router

Access Control Lists (ACL)¶

The router allows defining IP-based access control for different endpoints. By default: - All IPs are allowed unless explicitly denied. - The Keycloak admin endpoint (auth_admin) and metrics (metrics) are denied by default.

general:
  router:
    acl:
      # IP access list configuration
      # Expect list of CIDRs. For single ip, use /32
      # If `deny_ips` empty, all IPs are allowed
      global: # will affect all endpoints
        allow_ips: []
        deny_ips: []
      agents:
        allow_ips: []
        deny_ips: []
      auth_admin: #keycloak admin
        allow_ips: []
        deny_ips: ["all"]
      metrics:
        allow_ips: []
        deny_ips: ["all"]

Rate Limiting¶

Rate limiting helps prevent excessive API requests. By default, it is disabled. The rate limit applies to all the requests to the router.

general:
  router:
    rate_limit:
      global:
        enabled: false
        rps_per_ip: 50
        zone_size: 10m # size of the shared memory zone for rate limiting

Custom Router Configuration¶

The router supports injecting custom Nginx configuration snippets for advanced tuning. By default, no additional configuration is applied.

general:
  router:
    server_snippets: ""
    http_snippets: ""

Example: Increasing Proxy Timeout¶

To extend timeout settings, update server_snippets:

server_snippets: |
  proxy_connect_timeout   60s;
  proxy_send_timeout      60s;
  proxy_read_timeout      60s;