Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HTTPLocalRateLimitPolicy support #13231

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
+1,176 −37
Draft

Add HTTPLocalRateLimitPolicy support #13231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6746dd5
HTTPLocalRateLimitPolicy CRD and related changes
alpeb Oct 25, 2024
39be925
policy controller central changes
alpeb Oct 25, 2024
357ebbb
tests updates and additions
alpeb Oct 25, 2024
9e52abc
temporary dependency override on linkerd2-proxy-api to pick changes f…
alpeb Oct 25, 2024
1d84d49
golden files updates
alpeb Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1325,7 +1325,7 @@ dependencies = [
[[package]]
name = "linkerd2-proxy-api"
version = "0.14.0"
source = "git+https://github.com/linkerd/linkerd2-proxy-api?rev=c5648ae2a1e405cc6b8aca20522356ebdf20f1ea#c5648ae2a1e405cc6b8aca20522356ebdf20f1ea"
source = "git+https://github.com/linkerd/linkerd2-proxy-api.git?branch=alpeb/rate-limiting#1abdd2f69b4eb2c90f8325d6cddb58e77ef9cb05"
dependencies = [
"http",
"ipnet",
Expand Down
3 changes: 1 addition & 2 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,4 @@ members = [
lto = "thin"

[patch.crates-io]
# TODO(Zahari): switch released version once TLS protocol support is out.
linkerd2-proxy-api = { git = 'https://github.com/linkerd/linkerd2-proxy-api', rev = 'c5648ae2a1e405cc6b8aca20522356ebdf20f1ea' }
linkerd2-proxy-api = { git = "https://github.com/linkerd/linkerd2-proxy-api.git", branch = "alpeb/rate-limiting" }
2 changes: 2 additions & 0 deletions charts/linkerd-control-plane/templates/destination-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@ webhooks:
apiVersions: ["*"]
resources:
- authorizationpolicies
- httplocalratelimitpolicies
- httproutes
- networkauthentications
- meshtlsauthentications
Expand Down Expand Up @@ -224,6 +225,7 @@ rules:
- policy.linkerd.io
resources:
- authorizationpolicies
- httplocalratelimitpolicies
- httproutes
- meshtlsauthentications
- networkauthentications
Expand Down
122 changes: 122 additions & 0 deletions charts/linkerd-crds/templates/policy/http-local-ratelimit-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: httplocalratelimitpolicies.policy.linkerd.io
annotations:
{{ include "partials.annotations.created-by" . }}
labels:
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
linkerd.io/control-plane-ns: {{.Release.Namespace}}
spec:
group: policy.linkerd.io
names:
kind: HTTPLocalRateLimitPolicy
plural: httplocalratelimitpolicies
singular: httplocalratelimitpolicy
shortNames: [hlrlpolicy]
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
required: [spec]
properties:
spec:
type: object
required: [targetRef]
properties:
targetRef:
description: >-
TargetRef references a resource to which the rate limit
policy applies.
type: object
required: [kind, name]
properties:
group:
description: >-
Group is the group of the referent. When empty, the
Kubernetes core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is the kind of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
total:
description: >-
Overall rate-limit, which all traffic coming to this
target should abide.
If unset no overall limit is applied.
type: object
required: [requestsPerSecond]
properties:
requestsPerSecond:
format: int64
type: integer
identity:
description: >-
Fairness for individual identities; each separate client,
grouped by identity, will have this rate-limit.
type: object
required: [requestsPerSecond]
properties:
requestsPerSecond:
format: int64
type: integer
overrides:
description: Overrides for traffic from a specific client.
type: array
items:
type: object
required: [requestsPerSecond, clientRefs]
properties:
requestsPerSecond:
format: int64
type: integer
clientRefs:
type: array
items:
type: object
required: [kind, name]
properties:
group:
description: >-
Group is the group of the referent. When empty, the
Kubernetes core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is the kind of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
namespace:
description: >-
Namespace is the namespace of the referent.
When unspecified (or empty string), this refers to the
local namespace of the Policy.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
1 change: 1 addition & 0 deletions cli/cmd/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ var (
TemplatesCrdFiles = []string{
"templates/policy/authorization-policy.yaml",
"templates/policy/egress-network.yaml",
"templates/policy/http-local-ratelimit-policy.yaml",
"templates/policy/httproute.yaml",
"templates/policy/meshtls-authentication.yaml",
"templates/policy/network-authentication.yaml",
Expand Down
4 changes: 3 additions & 1 deletion cli/cmd/testdata/install_controlplane_tracing_output.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

122 changes: 122 additions & 0 deletions cli/cmd/testdata/install_crds.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion cli/cmd/testdata/install_custom_domain.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion cli/cmd/testdata/install_custom_registry.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion cli/cmd/testdata/install_default.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading