Global RateLimit Xds translation

* Enhance `XdsIR` with `RateLimit` to hold rate limiting config.

* Translate IR field into route level rate limit actions

* Add `BuildRateLimitServiceConfig` which translates the XdsIR
into configuration for the envoy rate limit service.

Relates to envoyproxy#670

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

internal/ir/xds.go

@@ -205,6 +205,9 @@ type HTTPRoute struct {
 	Redirect *Redirect
 	// Destinations associated with this matched route.
 	Destinations []*RouteDestination
+	// RateLimit defines the more specific match conditions as well as limits for ratelimiting
+	// the requests on this route.
+	RateLimit *RateLimit
 }
 
 // Validate the fields within the HTTPRoute structure
@@ -527,3 +530,46 @@ func (h UDPListener) Validate() error {
 	}
 	return errs
 }
+
+// RateLimit holds the rate limiting configuration.
+// +k8s:deepcopy-gen=true
+type RateLimit struct {
+	// Global rate limit settings.
+	Global *GlobalRateLimit
+}
+
+// GlobalRateLimit holds the global rate limiting configuration.
+// +k8s:deepcopy-gen=true
+type GlobalRateLimit struct {
+	// Rules for rate limiting.
+	Rules []*RateLimitRule
+}
+
+// RateLimitRule holds the match and limit configuration for ratelimiting.
+// +k8s:deepcopy-gen=true
+type RateLimitRule struct {
+	// HeaderMatches define the match conditions on the request headers for this route.
+	HeaderMatches []*StringMatch
+	// ClientAddressCIDRMatches define the match conditions on the client IP address.
+	ClientAddressCIDRMatches []*StringMatch
+	// Limit holds the rate limit values.
+	Limit *RateLimitValue
+}
+
+type RateLimitUnit string
+
+const (
+	Second RateLimitUnit = "second"
+	Minute               = "minute"
+	Hour                 = "hour"
+	Day                  = "day"
+)
+
+// RateLimitValue holds the
+// +k8s:deepcopy-gen=true
+type RateLimitValue struct {
+	// Requests are the number of requests that need to be rate limited.
+	Requests uint32
+	// Unit of rate limiting.
+	Unit RateLimitUnit
+}