-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix override RLPs on multiple gateway parents (#659)
* Fix override RLPs on multiple gateway parents * fix: all rlps should go to the limits config - maybe there are overridden for one gateway but not for all gateways * rollback simplified wasm config based on fallback to overrides, in favour of duplicate limit definitions for each independent domain/namespace * fix: RLP Enforced condition with multiple gateway parents * go mod tidy
- Loading branch information
1 parent
ec5351d
commit 9ad525d
Showing
19 changed files
with
533 additions
and
321 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,7 @@ import ( | |
"sort" | ||
|
||
"github.com/go-logr/logr" | ||
"github.com/google/uuid" | ||
istioextensionsv1alpha1 "istio.io/api/extensions/v1alpha1" | ||
istioclientgoextensionv1alpha1 "istio.io/client-go/pkg/apis/extensions/v1alpha1" | ||
apierrors "k8s.io/apimachinery/pkg/api/errors" | ||
|
@@ -61,7 +62,7 @@ type RateLimitingWASMPluginReconciler struct { | |
// For more details, check Reconcile and its Result here: | ||
// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile | ||
func (r *RateLimitingWASMPluginReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error) { | ||
logger := r.Logger().WithValues("Gateway", req.NamespacedName) | ||
logger := r.Logger().WithValues("Gateway", req.NamespacedName, "request id", uuid.NewString()) | ||
logger.Info("Reconciling rate limiting WASMPlugin") | ||
ctx := logr.NewContext(eventCtx, logger) | ||
|
||
|
@@ -174,7 +175,7 @@ func (r *RateLimitingWASMPluginReconciler) wasmPluginConfig(ctx context.Context, | |
|
||
for _, policy := range rateLimitPolicies { | ||
rlp := policy.(*kuadrantv1beta2.RateLimitPolicy) | ||
wasmRLP, err := r.wasmRateLimitPolicy(ctx, t, rlp, gw, rateLimitPolicies) | ||
wasmRLP, err := r.wasmRateLimitPolicy(ctx, t, rlp, gw) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
@@ -219,7 +220,7 @@ func (r *RateLimitingWASMPluginReconciler) topologyIndexesFromGateway(ctx contex | |
|
||
policies := utils.Map(rlpList.Items, func(p kuadrantv1beta2.RateLimitPolicy) kuadrantgatewayapi.Policy { return &p }) | ||
|
||
t, err := kuadrantgatewayapi.NewTopology( | ||
topology, err := kuadrantgatewayapi.NewTopology( | ||
kuadrantgatewayapi.WithGateways([]*gatewayapiv1.Gateway{gw}), | ||
kuadrantgatewayapi.WithRoutes(utils.Map(routeList.Items, ptr.To[gatewayapiv1.HTTPRoute])), | ||
kuadrantgatewayapi.WithPolicies(policies), | ||
|
@@ -229,12 +230,15 @@ func (r *RateLimitingWASMPluginReconciler) topologyIndexesFromGateway(ctx contex | |
return nil, err | ||
} | ||
|
||
return kuadrantgatewayapi.NewTopologyIndexes(t), nil | ||
} | ||
overriddenTopology, err := rlptools.ApplyOverrides(topology, gw) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
func (r *RateLimitingWASMPluginReconciler) wasmRateLimitPolicy(ctx context.Context, t *kuadrantgatewayapi.TopologyIndexes, rlp *kuadrantv1beta2.RateLimitPolicy, gw *gatewayapiv1.Gateway, affectedPolices []kuadrantgatewayapi.Policy) (*wasm.RateLimitPolicy, error) { | ||
logger, _ := logr.FromContext(ctx) | ||
return kuadrantgatewayapi.NewTopologyIndexes(overriddenTopology), nil | ||
} | ||
|
||
func (r *RateLimitingWASMPluginReconciler) wasmRateLimitPolicy(ctx context.Context, t *kuadrantgatewayapi.TopologyIndexes, rlp *kuadrantv1beta2.RateLimitPolicy, gw *gatewayapiv1.Gateway) (*wasm.RateLimitPolicy, error) { | ||
route, err := r.routeFromRLP(ctx, t, rlp, gw) | ||
if err != nil { | ||
return nil, err | ||
|
@@ -267,22 +271,6 @@ func (r *RateLimitingWASMPluginReconciler) wasmRateLimitPolicy(ctx context.Conte | |
routeWithEffectiveHostnames := route.DeepCopy() | ||
routeWithEffectiveHostnames.Spec.Hostnames = hostnames | ||
|
||
// Policy limits may be overridden by a gateway policy for route policies | ||
if kuadrantgatewayapi.IsTargetRefHTTPRoute(rlp.GetTargetRef()) { | ||
filteredPolicies := utils.Filter(affectedPolices, func(p kuadrantgatewayapi.Policy) bool { | ||
return kuadrantgatewayapi.IsTargetRefGateway(p.GetTargetRef()) && p.GetUID() != rlp.GetUID() | ||
}) | ||
|
||
for _, policy := range filteredPolicies { | ||
p := policy.(*kuadrantv1beta2.RateLimitPolicy) | ||
if p.Spec.Overrides != nil { | ||
rlp.Spec.CommonSpec().Limits = p.Spec.Overrides.Limits | ||
logger.V(1).Info("applying overrides from parent policy", "parentPolicy", client.ObjectKeyFromObject(p)) | ||
break | ||
} | ||
} | ||
} | ||
|
||
rules := rlptools.WasmRules(rlp, routeWithEffectiveHostnames) | ||
if len(rules) == 0 { | ||
// no need to add the policy if there are no rules; a rlp can return no rules if all its limits fail to match any route rule | ||
|
@@ -324,7 +312,6 @@ func (r *RateLimitingWASMPluginReconciler) routeFromRLP(ctx context.Context, t * | |
for idx := range untargetedRoutes { | ||
untargetedRules = append(untargetedRules, untargetedRoutes[idx].Spec.Rules...) | ||
} | ||
|
||
gwHostnamesTmp := kuadrantgatewayapi.TargetHostnames(gw) | ||
gwHostnames := utils.Map(gwHostnamesTmp, func(str string) gatewayapiv1.Hostname { return gatewayapiv1.Hostname(str) }) | ||
route = &gatewayapiv1.HTTPRoute{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,7 @@ import ( | |
"fmt" | ||
|
||
"github.com/go-logr/logr" | ||
"github.com/google/uuid" | ||
apierrors "k8s.io/apimachinery/pkg/api/errors" | ||
ctrl "sigs.k8s.io/controller-runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
|
@@ -60,7 +61,7 @@ type RateLimitPolicyReconciler struct { | |
// For more details, check Reconcile and its Result here: | ||
// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile | ||
func (r *RateLimitPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error) { | ||
logger := r.Logger().WithValues("RateLimitPolicy", req.NamespacedName) | ||
logger := r.Logger().WithValues("RateLimitPolicy", req.NamespacedName, "request id", uuid.NewString()) | ||
logger.Info("Reconciling RateLimitPolicy") | ||
ctx := logr.NewContext(eventCtx, logger) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.