Skip to content

Commit

Permalink
feat(crypto): add rate limite service tls function test
Browse files Browse the repository at this point in the history
  • Loading branch information
@oowl
oowl committed Jun 12, 2023
1 parent 9cfb8aa commit 88d677e
Show file tree
Hide file tree
Showing 11 changed files with 161 additions and 20 deletions.
2 changes: 1 addition & 1 deletion internal/infrastructure/kubernetes/ratelimit/resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ func expectedRateLimitContainerEnv(rateLimit *egcfgv1a1.RateLimit, rateLimitDepl
},
{
Name: GRPCServerTLSKeyEnvVarEnvVar,
Value: GRPCServerTLSKeyEnvVarEnvVar,
Value: GRPCServerTLSKeyFilename,
},
{
Name: GRPCServerTLSCACertEnvVar,
Expand Down
3 changes: 3 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/utils/pointer"

// "k8s.io/apimachinery/pkg/api/resource"
// "k8s.io/utils/pointer"
gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
"sigs.k8s.io/yaml"

Expand Down
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/affinity.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
image: custom-image
imagePullPolicy: IfNotPresent
name: envoy-ratelimit
Expand All @@ -68,6 +76,10 @@ spec:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
Expand All @@ -84,3 +96,7 @@ spec:
values:
- router-node
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
image: custom-image
imagePullPolicy: IfNotPresent
name: envoy-ratelimit
Expand All @@ -68,10 +76,18 @@ spec:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-ratelimit
securityContext:
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default-env.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
image: custom-image
imagePullPolicy: IfNotPresent
name: envoy-ratelimit
Expand All @@ -68,10 +76,18 @@ spec:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-ratelimit
securityContext:
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
image: envoyproxy/ratelimit:master
imagePullPolicy: IfNotPresent
name: envoy-ratelimit
Expand All @@ -61,8 +69,16 @@ spec:
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-ratelimit
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/extension-env.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
- name: env_a
value: env_a_value
- name: env_b
Expand All @@ -72,10 +80,18 @@ spec:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-ratelimit
securityContext:
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
16 changes: 16 additions & 0 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/override-env.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
image: custom-image
imagePullPolicy: IfNotPresent
name: envoy-ratelimit
Expand All @@ -68,10 +76,18 @@ spec:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: envoy-ratelimit
securityContext:
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: envoy-rate-limit
20 changes: 17 additions & 3 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/redis-tls-settings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,20 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
- name: REDIS_TLS
value: "true"
- name: REDIS_TLS_CLIENT_CERT
value: "/certs/tls.crt"
value: "/redis-certs/tls.crt"
- name: REDIS_TLS_CLIENT_KEY
value: "/certs/tls.key"
value: "/redis-certs/tls.key"
- name: REDIS_AUTH
value: "redis_auth_password"
image: custom-image
Expand All @@ -80,6 +88,9 @@ spec:
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /redis-certs
name: redis-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
Expand All @@ -88,6 +99,9 @@ spec:
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: certs
- name: redis-certs
secret:
secretName: ratelimit-cert
- name: certs
secret:
secretName: envoy-rate-limit
30 changes: 22 additions & 8 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/tolerations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,20 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
- name: REDIS_TLS
value: "true"
- name: REDIS_TLS_CLIENT_CERT
value: "/certs/tls.crt"
value: "/redis-certs/tls.crt"
- name: REDIS_TLS_CLIENT_KEY
value: "/certs/tls.key"
value: "/redis-certs/tls.key"
- name: REDIS_AUTH
value: "redis_auth_password"
image: custom-image
Expand All @@ -77,9 +85,12 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /redis-certs
name: redis-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
Expand All @@ -93,6 +104,9 @@ spec:
value: "router"
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: ratelimit-cert
- name: redis-certs
secret:
secretName: ratelimit-cert
- name: certs
secret:
secretName: envoy-rate-limit
30 changes: 22 additions & 8 deletions internal/infrastructure/kubernetes/ratelimit/testdata/deployments/volumes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,20 @@ spec:
value: envoy-gateway:18001
- name: CONFIG_GRPC_XDS_NODE_ID
value: envoy-ratelimit
- name: GRPC_SERVER_USE_TLS
value: "true"
- name: GRPC_SERVER_TLS_CERT
value: "/certs/tls.crt"
- name: GRPC_SERVER_TLS_KEY
value: "/certs/tls.key"
- name: GRPC_SERVER_TLS_CA_CERT
value: "/certs/ca.crt"
- name: REDIS_TLS
value: "true"
- name: REDIS_TLS_CLIENT_CERT
value: "/certs/tls.crt"
value: "/redis-certs/tls.crt"
- name: REDIS_TLS_CLIENT_KEY
value: "/certs/tls.key"
value: "/redis-certs/tls.key"
- name: REDIS_AUTH
value: "redis_auth_password"
image: custom-image
Expand All @@ -77,9 +85,12 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /certs
name: certs
readOnly: true
- mountPath: /redis-certs
name: redis-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
Expand All @@ -93,6 +104,9 @@ spec:
value: "router"
terminationGracePeriodSeconds: 300
volumes:
- name: certs
secret:
secretName: custom-cert
- name: redis-certs
secret:
secretName: ratelimit-cert-origin
- name: certs
secret:
secretName: custom-cert

0 comments on commit 88d677e

Please sign in to comment.