console/deployment/services/proxy.ts

import * as pulumi from '@pulumi/pulumi';
import { CertManager } from '../utils/cert-manager';
import { Proxy } from '../utils/reverse-proxy';
import { App } from './app';
import { Environment } from './environment';
import { GraphQL } from './graphql';
import { Observability } from './observability';
import { OTELCollector } from './otel-collector';
import { type PublicGraphQLAPIGateway } from './public-graphql-api-gateway';
import { Usage } from './usage';

export function deployProxy({
  graphql,
  app,
  usage,
  environment,
  observability,
  publicGraphQLAPIGateway,
  otelCollector,
}: {
  observability: Observability;
  environment: Environment;
  graphql: GraphQL;
  app: App;
  usage: Usage;
  publicGraphQLAPIGateway: PublicGraphQLAPIGateway;
  otelCollector: OTELCollector;
}) {
  const { tlsIssueName } = new CertManager().deployCertManagerAndIssuer();
  const commonConfig = new pulumi.Config('common');

  return new Proxy(tlsIssueName, {
    address: commonConfig.get('staticIp'),
    aksReservedIpResourceGroup: commonConfig.get('aksReservedIpResourceGroup'),
  })
    .deployProxy({
      envoy: {
        replicas: environment.podsConfig.envoy.replicas,
        cpu: environment.podsConfig.envoy.cpuLimit,
        memory: environment.podsConfig.envoy.memoryLimit,
      },
      tracing: observability.enabled
        ? { collectorService: observability.observability!.otlpCollectorService }
        : undefined,
    })
    .registerService({ record: environment.appDns }, [
      {
        name: 'app',
        path: '/',
        service: app.service,
        requestTimeout: '60s',
      },
      {
        name: 'server',
        path: '/server',
        service: graphql.service,
        requestTimeout: '60s',
      },
      {
        name: 'registry-api-health',
        path: '/registry/_health',
        customRewrite: '/_health',
        service: graphql.service,
      },
      {
        name: 'registry-api',
        path: '/registry',
        customRewrite: '/graphql',
        service: graphql.service,
        requestTimeout: '60s',
        retriable: true,
      },
      {
        name: 'graphql-api',
        path: '/graphql',
        customRewrite: '/graphql',
        service: graphql.service,
        requestTimeout: '60s',
        retriable: true,
      },
      {
        name: 'graphql-api-subscriptions',
        path: '/graphql/stream',
        customRewrite: '/graphql',
        service: graphql.service,
        requestTimeout: 'infinity',
        // we send a ping every 12 seconds
        idleTimeout: '30s',
        retriable: true,
      },
      {
        name: 'auth',
        path: '/auth-api',
        customRewrite: '/auth-api',
        service: graphql.service,
        requestTimeout: '60s',
        retriable: true,
        rateLimit: {
          maxRequests: 10,
          unit: 'minute',
        },
      },
      {
        name: 'usage',
        path: '/usage',
        service: usage.service,
        retriable: true,
      },
    ])
    .registerService({ record: environment.apiDns }, [
      {
        name: 'public-graphql-api',
        path: '/graphql',
        customRewrite: '/graphql',
        service: publicGraphQLAPIGateway.service,
        requestTimeout: '60s',
        retriable: true,
      },
      {
        name: 'otel-traces',
        path: '/otel/v1/traces',
        customRewrite: '/v1/traces',
        service: otelCollector.service,
        requestTimeout: '60s',
        retriable: true,
      },
    ]);
}
Hello 2022-05-18 07:26:57 +00:00			`import * as pulumi from '@pulumi/pulumi';`
			`import { CertManager } from '../utils/cert-manager';`
[🔧 ESLint] import sort (#736) 2022-12-28 19:22:54 +00:00			`import { Proxy } from '../utils/reverse-proxy';`
Hello 2022-05-18 07:26:57 +00:00			`import { App } from './app';`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`import { Environment } from './environment';`
[🔧 ESLint] import sort (#736) 2022-12-28 19:22:54 +00:00			`import { GraphQL } from './graphql';`
distributed tracing (#4219) 2024-04-07 08:57:03 +00:00			`import { Observability } from './observability';`
feat: otel telemetry collection and dashboard (#6796) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> Co-authored-by: Denis Badurina <denis@denelop.com> 2025-10-10 12:06:02 +00:00			`import { OTELCollector } from './otel-collector';`
chore: hive gateway as entrypoint for the public api (#6703) Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2025-04-16 08:03:33 +00:00			`import { type PublicGraphQLAPIGateway } from './public-graphql-api-gateway';`
[🔧 ESLint] import sort (#736) 2022-12-28 19:22:54 +00:00			`import { Usage } from './usage';`
Hello 2022-05-18 07:26:57 +00:00
			`export function deployProxy({`
			`graphql,`
			`app,`
			`usage,`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`environment,`
distributed tracing (#4219) 2024-04-07 08:57:03 +00:00			`observability,`
chore: hive gateway as entrypoint for the public api (#6703) Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2025-04-16 08:03:33 +00:00			`publicGraphQLAPIGateway,`
feat: otel telemetry collection and dashboard (#6796) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> Co-authored-by: Denis Badurina <denis@denelop.com> 2025-10-10 12:06:02 +00:00			`otelCollector,`
Hello 2022-05-18 07:26:57 +00:00			`}: {`
distributed tracing (#4219) 2024-04-07 08:57:03 +00:00			`observability: Observability;`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`environment: Environment;`
Hello 2022-05-18 07:26:57 +00:00			`graphql: GraphQL;`
			`app: App;`
			`usage: Usage;`
chore: hive gateway as entrypoint for the public api (#6703) Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2025-04-16 08:03:33 +00:00			`publicGraphQLAPIGateway: PublicGraphQLAPIGateway;`
feat: otel telemetry collection and dashboard (#6796) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> Co-authored-by: Denis Badurina <denis@denelop.com> 2025-10-10 12:06:02 +00:00			`otelCollector: OTELCollector;`
Hello 2022-05-18 07:26:57 +00:00			`}) {`
			`const { tlsIssueName } = new CertManager().deployCertManagerAndIssuer();`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`const commonConfig = new pulumi.Config('common');`

Hello 2022-05-18 07:26:57 +00:00			`return new Proxy(tlsIssueName, {`
			`address: commonConfig.get('staticIp'),`
Adjustments to Pulumi code to support more pre-prod envs (#845) 2022-12-22 12:00:10 +00:00			`aksReservedIpResourceGroup: commonConfig.get('aksReservedIpResourceGroup'),`
Hello 2022-05-18 07:26:57 +00:00			`})`
Fix resource limits for envoy (#4346) 2024-03-26 08:18:00 +00:00			`.deployProxy({`
			`envoy: {`
fix(deployment): use hostname for `topologyKey` instead of region, update resources settings and staging configs (#7005) 2025-09-16 11:06:42 +00:00			`replicas: environment.podsConfig.envoy.replicas,`
			`cpu: environment.podsConfig.envoy.cpuLimit,`
			`memory: environment.podsConfig.envoy.memoryLimit,`
Fix resource limits for envoy (#4346) 2024-03-26 08:18:00 +00:00			`},`
distributed tracing (#4219) 2024-04-07 08:57:03 +00:00			`tracing: observability.enabled`
			`? { collectorService: observability.observability!.otlpCollectorService }`
			`: undefined,`
Fix resource limits for envoy (#4346) 2024-03-26 08:18:00 +00:00			`})`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`.registerService({ record: environment.appDns }, [`
Hello 2022-05-18 07:26:57 +00:00			`{`
			`name: 'app',`
			`path: '/',`
			`service: app.service,`
feat: oidc debugging for subscriptions (#4357) 2024-05-10 09:39:17 +00:00			`requestTimeout: '60s',`
Hello 2022-05-18 07:26:57 +00:00			`},`
			`{`
			`name: 'server',`
			`path: '/server',`
			`service: graphql.service,`
feat: oidc debugging for subscriptions (#4357) 2024-05-10 09:39:17 +00:00			`requestTimeout: '60s',`
Hello 2022-05-18 07:26:57 +00:00			`},`
			`{`
			`name: 'registry-api-health',`
			`path: '/registry/_health',`
			`customRewrite: '/_health',`
			`service: graphql.service,`
			`},`
			`{`
			`name: 'registry-api',`
			`path: '/registry',`
			`customRewrite: '/graphql',`
			`service: graphql.service,`
feat: oidc debugging for subscriptions (#4357) 2024-05-10 09:39:17 +00:00			`requestTimeout: '60s',`
Retry requests to /usage when it is not ready (#2792) 2023-09-04 07:41:06 +00:00			`retriable: true,`
Hello 2022-05-18 07:26:57 +00:00			`},`
Migrate X-API-Token to Authorization header (#122) 2022-07-01 09:43:27 +00:00			`{`
			`name: 'graphql-api',`
			`path: '/graphql',`
			`customRewrite: '/graphql',`
			`service: graphql.service,`
feat: oidc debugging for subscriptions (#4357) 2024-05-10 09:39:17 +00:00			`requestTimeout: '60s',`
			`retriable: true,`
			`},`
			`{`
			`name: 'graphql-api-subscriptions',`
			`path: '/graphql/stream',`
			`customRewrite: '/graphql',`
			`service: graphql.service,`
			`requestTimeout: 'infinity',`
			`// we send a ping every 12 seconds`
			`idleTimeout: '30s',`
Retry requests to /usage when it is not ready (#2792) 2023-09-04 07:41:06 +00:00			`retriable: true,`
Migrate X-API-Token to Authorization header (#122) 2022-07-01 09:43:27 +00:00			`},`
Move SuperTokens-node to GraphQL server (#4288) 2024-03-26 12:42:56 +00:00			`{`
			`name: 'auth',`
			`path: '/auth-api',`
			`customRewrite: '/auth-api',`
			`service: graphql.service,`
feat: oidc debugging for subscriptions (#4357) 2024-05-10 09:39:17 +00:00			`requestTimeout: '60s',`
Move SuperTokens-node to GraphQL server (#4288) 2024-03-26 12:42:56 +00:00			`retriable: true,`
Apply rate-limit config to `auth-api` routes, using Contour (#5167) 2024-07-15 07:55:24 +00:00			`rateLimit: {`
			`maxRequests: 10,`
			`unit: 'minute',`
			`},`
Move SuperTokens-node to GraphQL server (#4288) 2024-03-26 12:42:56 +00:00			`},`
Hello 2022-05-18 07:26:57 +00:00			`{`
			`name: 'usage',`
			`path: '/usage',`
			`service: usage.service,`
Retry requests to /usage when it is not ready (#2792) 2023-09-04 07:41:06 +00:00			`retriable: true,`
Hello 2022-05-18 07:26:57 +00:00			`},`
feat(deployment): add public graphql api route (#6634) 2025-03-28 10:39:21 +00:00			`])`
			`.registerService({ record: environment.apiDns }, [`
			`{`
chore: hive gateway as entrypoint for the public api (#6703) Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2025-04-16 08:03:33 +00:00			`name: 'public-graphql-api',`
feat(deployment): add public graphql api route (#6634) 2025-03-28 10:39:21 +00:00			`path: '/graphql',`
chore: hive gateway as entrypoint for the public api (#6703) Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2025-04-16 08:03:33 +00:00			`customRewrite: '/graphql',`
			`service: publicGraphQLAPIGateway.service,`
feat(deployment): add public graphql api route (#6634) 2025-03-28 10:39:21 +00:00			`requestTimeout: '60s',`
			`retriable: true,`
			`},`
feat: otel telemetry collection and dashboard (#6796) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> Co-authored-by: Denis Badurina <denis@denelop.com> 2025-10-10 12:06:02 +00:00			`{`
			`name: 'otel-traces',`
			`path: '/otel/v1/traces',`
			`customRewrite: '/v1/traces',`
			`service: otelCollector.service,`
			`requestTimeout: '60s',`
			`retriable: true,`
			`},`
feat: preflight scripts for laboratory (#5564) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> Co-authored-by: Saihajpreet Singh <saihajpreet.singh@gmail.com> Co-authored-by: Laurin Quast <laurinquast@googlemail.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2024-12-27 10:06:52 +00:00			`]);`
Hello 2022-05-18 07:26:57 +00:00			`}`