Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kuadrant reconciling #54

Merged
merged 17 commits into from
Oct 20, 2022
Merged

Kuadrant reconciling #54

merged 17 commits into from
Oct 20, 2022

Conversation

didierofrivia
Copy link
Member

@didierofrivia didierofrivia commented Oct 12, 2022
edited
Loading

This PR is the first one that brings the reconciling process for RateLimitPolicies and AuthPolicies. It also includes the necessary make targets for dev testing and many fixes to it's API and config.

Verification Steps

  1. Setup a local Kuadrant cluster
make local-setup
  1. Apply Kuadrant object in order to deploy required dependencies (this will change in the future most probably)
kubectl -n kuadrant-system apply -f - <<EOF
---
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant-sample
spec: {}
EOF
  1. Forward istio gateway port
kubectl port-forward -n istio-system service/istio-ingressgateway 8080:80 &
  1. Install toystore service:
 kubectl apply -f - <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: toystore
  labels:
    app: toystore
spec:
  selector:
    matchLabels:
      app: toystore
  template:
    metadata:
      labels:
        app: toystore
    spec:
      containers:
        - name: toystore
          image: quay.io/3scale/authorino:echo-api
          env:
            - name: PORT
              value: "3000"
          ports:
            - containerPort: 3000
              name: http
  replicas: 1
---
apiVersion: v1
kind: Service
metadata:
  name: toystore
spec:
  selector:
    app: toystore
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 3000
EOF
  1. Add a HTTPRoute for the toystore service
kubectl apply -f - <<EOF
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
  name: toystore
  labels:
    app: toystore
spec:
  parentRefs:
    - name: istio-ingressgateway
      namespace: istio-system
  hostnames: ["*.toystore.com"]
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: "/toy"
          method: GET
      backendRefs:
        - name: toystore
          port: 80
EOF
  1. Check if the service is running
curl -v -H 'Host: api.toystore.com' http://localhost:8080/toy

It should return a 200

  1. Apply a RateLimit Policy
kubectl apply -f - <<EOF
---
apiVersion: kuadrant.io/v1beta1
kind: RateLimitPolicy
metadata:
  name: toystore
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
  rateLimits:
    - rules:
        - hosts: ["rate-limited.toystore.com"]
      configurations:
        - actions:
            - generic_key:
                descriptor_key: "limited"
                descriptor_value: "1"
      limits:
        - conditions:
            - "limited == 1"
          maxValue: 5
          seconds: 10
          variables: []
EOF
  1. Now hitting the rate limited endpoint of toystore service should allow only 5 every 10 seconds. If you do 6 consecutive curls, the last one should return a 429. It may take a while until the policy is applied.
while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H "Host: rate-limited.toystore.com" -X GET http://localhost:8080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
  1. Profit!

@didierofrivia didierofrivia requested a review from a team October 12, 2022 13:05
@didierofrivia didierofrivia self-assigned this Oct 12, 2022
eguzki
eguzki requested changes Oct 13, 2022
View reviewed changes
Makefile Outdated Show resolved Hide resolved
bundle/manifests/kuadrant.kuadrant.io_authpolicies.yaml Outdated Show resolved Hide resolved
bundle/manifests/kuadrant.kuadrant.io_authpolicies.yaml Outdated Show resolved Hide resolved
main.go Show resolved Hide resolved
Makefile Show resolved Hide resolved
@didierofrivia didierofrivia merged commit 735342e into kuadrant-merge-target Oct 20, 2022
@didierofrivia didierofrivia deleted the kuadrant-reconciling branch October 20, 2022 09:22
didierofrivia pushed a commit that referenced this pull request Nov 8, 2022
@eguzki
apiproduct: spec.routing.hosts -> spec.hosts (#54)
b4c1fcb 
The destination hosts to which traffic is being sent should be first class attr in the spec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eguzki eguzki eguzki approved these changes

Assignees

@didierofrivia didierofrivia

Labels
None yet
Projects
No open projects
Kuadrant Service Protection
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@didierofrivia @eguzki @alexsnaps