Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate limiting limits controller #527

Closed
wants to merge 22 commits into from
Closed

Rate limiting limits controller #527

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
90471ed
rate limiting limits controller
eguzki Apr 9, 2024
42f0962
rate limiting limits controller: tests
eguzki Apr 9, 2024
a34a1f0
fix lint issues
eguzki Apr 9, 2024
791d9a8
limitador cluster envoy filter leverages DAG
eguzki Apr 9, 2024
bd772e1
lint issues
eguzki Apr 10, 2024
c771d1e
rate_limiting_limits_controller_test: fix rebase issues
eguzki Apr 11, 2024
6c1071f
wip
eguzki Jun 6, 2024
77e1247
wip
eguzki Jun 17, 2024
58ebfb1
fixup! wip
eguzki Jun 17, 2024
8f24fbb
wip
eguzki Jun 18, 2024
20ca93c
wip
eguzki Jun 18, 2024
300c803
wip
eguzki Jun 19, 2024
2d3ac42
wip
eguzki Jun 20, 2024
8e433e2
wip
eguzki Jun 21, 2024
cede245
wip
eguzki Jun 22, 2024
c572ea6
wip
eguzki Jun 25, 2024
2bd4ffa
wip
eguzki Jun 26, 2024
1583e1b
wip
eguzki Jun 27, 2024
c226ee8
wip
eguzki Jun 28, 2024
e88183b
wip
eguzki Jul 8, 2024
0471e7c
wip
eguzki Jul 9, 2024
9a25d89
wip
eguzki Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -302,9 +302,12 @@ clean-cov: ## Remove coverage reports
ifdef TEST_NAME
test-unit: TEST_PATTERN := --run $(TEST_NAME)
endif
ifdef VERBOSE
test-unit: VERBOSE_FLAG = -v
endif
test-unit: clean-cov generate fmt vet ## Run Unit tests.
mkdir -p $(PROJECT_PATH)/coverage/unit
go test $(UNIT_DIRS) -coverprofile $(PROJECT_PATH)/coverage/unit/cover.out -tags unit -v -timeout 0 $(TEST_PATTERN)
go test $(UNIT_DIRS) -coverprofile $(PROJECT_PATH)/coverage/unit/cover.out -tags unit $(VERBOSE_FLAG) -timeout 0 $(TEST_PATTERN)

##@ Build

Expand Down
46 changes: 42 additions & 4 deletions api/v1alpha1/dnspolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,12 @@ limitations under the License.
package v1alpha1

import (
"context"
"fmt"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

Expand All @@ -28,6 +31,14 @@ import (
"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
)

var (
DNSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
Group: GroupVersion.Group,
Version: GroupVersion.Version,
Kind: "DNSPolicy",
}
)

type RoutingStrategy string

const (
Expand Down Expand Up @@ -247,10 +258,6 @@ type HealthCheckStatus struct {
Conditions []metav1.Condition `json:"conditions,omitempty"`
}

func init() {
SchemeBuilder.Register(&DNSPolicy{}, &DNSPolicyList{})
}

//API Helpers

func NewDNSPolicy(name, ns string) *DNSPolicy {
Expand Down Expand Up @@ -323,3 +330,34 @@ func (p *DNSPolicy) WithLoadBalancingFor(defaultWeight Weight, custom []*CustomW
},
})
}

type dnsPolicyType struct{}

func NewDNSPolicyType() kuadrantgatewayapi.PolicyType {
return &dnsPolicyType{}
}

func (r dnsPolicyType) GetGVK() schema.GroupVersionKind {
return DNSPolicyGVK
}
func (r dnsPolicyType) GetInstance() client.Object {
return &DNSPolicy{
TypeMeta: metav1.TypeMeta{
Kind: DNSPolicyGVK.Kind,
APIVersion: GroupVersion.String(),
},
}
}

func (r dnsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
list := &DNSPolicyList{}
err := cl.List(ctx, list, listOpts...)
if err != nil {
return nil, err
}
return utils.Map(list.Items, func(p DNSPolicy) kuadrantgatewayapi.Policy { return &p }), nil
}

func init() {
SchemeBuilder.Register(&DNSPolicy{}, &DNSPolicyList{})
}
38 changes: 38 additions & 0 deletions api/v1alpha1/tlspolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,14 @@ limitations under the License.
package v1alpha1

import (
"context"
"fmt"

certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

Expand All @@ -35,6 +38,14 @@ const (
TLSPolicyDirectReferenceAnnotationName = "kuadrant.io/tlspolicy"
)

var (
TLSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
Group: GroupVersion.Group,
Version: GroupVersion.Version,
Kind: "TLSPolicy",
}
)

// TLSPolicySpec defines the desired state of TLSPolicy
type TLSPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
Expand Down Expand Up @@ -240,3 +251,30 @@ func (p *TLSPolicy) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSP
p.Spec.IssuerRef = issuerRef
return p
}

type tlsPolicyType struct{}

func NewTLSPolicyType() kuadrantgatewayapi.PolicyType {
return &tlsPolicyType{}
}

func (r tlsPolicyType) GetGVK() schema.GroupVersionKind {
return TLSPolicyGVK
}
func (r tlsPolicyType) GetInstance() client.Object {
return &TLSPolicy{
TypeMeta: metav1.TypeMeta{
Kind: TLSPolicyGVK.Kind,
APIVersion: GroupVersion.String(),
},
}
}

func (r tlsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
list := &TLSPolicyList{}
err := cl.List(ctx, list, listOpts...)
if err != nil {
return nil, err
}
return utils.Map(list.Items, func(p TLSPolicy) kuadrantgatewayapi.Policy { return &p }), nil
}
38 changes: 38 additions & 0 deletions api/v1beta2/authpolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
package v1beta2

import (
"context"
"fmt"

"github.com/go-logr/logr"
"github.com/google/go-cmp/cmp"
authorinoapi "github.com/kuadrant/authorino/api/v1beta2"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

Expand All @@ -20,6 +23,14 @@ const (
AuthPolicyDirectReferenceAnnotationName = "kuadrant.io/authpolicy"
)

var (
AuthPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
Group: GroupVersion.Group,
Version: GroupVersion.Version,
Kind: "AuthPolicy",
}
)

type AuthSchemeSpec struct {
// Authentication configs.
// At least one config MUST evaluate to a valid identity object for the auth request to be successful.
Expand Down Expand Up @@ -377,6 +388,33 @@ func (l *AuthPolicyList) GetItems() []kuadrant.Policy {
})
}

type authPolicyType struct{}

func NewAuthPolicyType() kuadrantgatewayapi.PolicyType {
return &authPolicyType{}
}

func (r authPolicyType) GetGVK() schema.GroupVersionKind {
return AuthPolicyGVK
}
func (r authPolicyType) GetInstance() client.Object {
return &AuthPolicy{
TypeMeta: metav1.TypeMeta{
Kind: AuthPolicyGVK.Kind,
APIVersion: GroupVersion.String(),
},
}
}

func (r authPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
list := &AuthPolicyList{}
err := cl.List(ctx, list, listOpts...)
if err != nil {
return nil, err
}
return utils.Map(list.Items, func(p AuthPolicy) kuadrantgatewayapi.Policy { return &p }), nil
}

func init() {
SchemeBuilder.Register(&AuthPolicy{}, &AuthPolicyList{})
}
82 changes: 68 additions & 14 deletions api/v1beta2/ratelimitpolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,34 @@ limitations under the License.
package v1beta2

import (
"context"
"fmt"

"github.com/go-logr/logr"
"github.com/google/go-cmp/cmp"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi"
"github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant"
"github.com/kuadrant/kuadrant-operator/pkg/library/reconcilers"
"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
)

// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.

var (
RateLimitPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
Group: GroupVersion.Group,
Version: GroupVersion.Version,
Kind: "RateLimitPolicy",
}
)

// ContextSelector defines one item from the well known attributes
// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes
// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors
Expand All @@ -53,9 +65,6 @@ const (
IncludeOperator WhenConditionOperator = "incl"
ExcludeOperator WhenConditionOperator = "excl"
MatchesOperator WhenConditionOperator = "matches"

RateLimitPolicyBackReferenceAnnotationName = "kuadrant.io/ratelimitpolicies"
RateLimitPolicyDirectReferenceAnnotationName = "kuadrant.io/ratelimitpolicy"
)

// +kubebuilder:validation:Enum:=second;minute;hour;day
Expand Down Expand Up @@ -168,7 +177,15 @@ type RateLimitPolicyStatus struct {
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}

func (s *RateLimitPolicyStatus) Equals(other *RateLimitPolicyStatus, logger logr.Logger) bool {
var _ reconcilers.StatusObject = &RateLimitPolicyStatus{}

func (s *RateLimitPolicyStatus) Equals(otherStatus reconcilers.StatusObject, logger logr.Logger) bool {
other, ok := otherStatus.(*RateLimitPolicyStatus)
if !ok {
logger.Info("ERROR in RateLimitPolicyStatus Equals: type does not match")
return false
}

if s.ObservedGeneration != other.ObservedGeneration {
diff := cmp.Diff(s.ObservedGeneration, other.ObservedGeneration)
logger.V(1).Info("ObservedGeneration not equal", "difference", diff)
Expand All @@ -193,8 +210,13 @@ func (s *RateLimitPolicyStatus) GetConditions() []metav1.Condition {
return s.Conditions
}

var _ kuadrant.Policy = &RateLimitPolicy{}
var _ kuadrant.Referrer = &RateLimitPolicy{}
func (s *RateLimitPolicyStatus) GetObservedGeneration() int64 {
return s.ObservedGeneration
}

func (s *RateLimitPolicyStatus) SetObservedGeneration(o int64) {
s.ObservedGeneration = o
}

// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
Expand All @@ -215,6 +237,8 @@ type RateLimitPolicy struct {
}

var _ kuadrantgatewayapi.Policy = &RateLimitPolicy{}
var _ kuadrant.Policy = &RateLimitPolicy{}
var _ reconcilers.ObjectWithStatus = &RateLimitPolicy{}

func (r *RateLimitPolicy) Validate() error {
if r.Spec.TargetRef.Namespace != nil && string(*r.Spec.TargetRef.Namespace) != r.Namespace {
Expand All @@ -224,6 +248,17 @@ func (r *RateLimitPolicy) Validate() error {
return nil
}

func (r *RateLimitPolicy) GetStatusObject() reconcilers.StatusObject {
return &r.Status
}

func (r *RateLimitPolicy) SetStatusObject(statusObject reconcilers.StatusObject) {
switch status := statusObject.(type) {
case *RateLimitPolicyStatus:
r.Status = *status
}
}

//+kubebuilder:object:root=true

// RateLimitPolicyList contains a list of RateLimitPolicy
Expand Down Expand Up @@ -276,14 +311,6 @@ func (r *RateLimitPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
return kuadrantgatewayapi.InheritedPolicy
}

func (r *RateLimitPolicy) BackReferenceAnnotationName() string {
return RateLimitPolicyBackReferenceAnnotationName
}

func (r *RateLimitPolicy) DirectReferenceAnnotationName() string {
return RateLimitPolicyDirectReferenceAnnotationName
}

// CommonSpec returns the Default RateLimitPolicyCommonSpec if it is defined.
// Otherwise, it returns the RateLimitPolicyCommonSpec from the spec.
// This function should be used instead of accessing the fields directly, so that either the explicit or implicit default
Expand All @@ -300,6 +327,33 @@ func (r *RateLimitPolicySpec) CommonSpec() *RateLimitPolicyCommonSpec {
return &r.RateLimitPolicyCommonSpec
}

type rateLimitPolicyType struct{}

func NewRateLimitPolicyType() kuadrantgatewayapi.PolicyType {
return &rateLimitPolicyType{}
}

func (r rateLimitPolicyType) GetGVK() schema.GroupVersionKind {
return RateLimitPolicyGVK
}
func (r rateLimitPolicyType) GetInstance() client.Object {
return &RateLimitPolicy{
TypeMeta: metav1.TypeMeta{
Kind: RateLimitPolicyGVK.Kind,
APIVersion: GroupVersion.String(),
},
}
}

func (r rateLimitPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
rlpList := &RateLimitPolicyList{}
err := cl.List(ctx, rlpList, listOpts...)
if err != nil {
return nil, err
}
return utils.Map(rlpList.Items, func(p RateLimitPolicy) kuadrantgatewayapi.Policy { return &p }), nil
}

func init() {
SchemeBuilder.Register(&RateLimitPolicy{}, &RateLimitPolicyList{})
}
Loading
Loading