Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RLP v1beta2 #230

Merged
merged 19 commits into from
Aug 21, 2023
Merged

RLP v1beta2 #230

merged 19 commits into from
Aug 21, 2023

Conversation

alexsnaps
Copy link
Member

@alexsnaps alexsnaps commented Aug 11, 2023

I did a merge myself, and came up with some differences, will leave comments inline


Closes #156

@alexsnaps alexsnaps requested a review from a team as a code owner August 11, 2023 19:13
"github.com/kuadrant/kuadrant-operator/pkg/common"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need that gatewayapiv1alpha2 do we?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we do for TargetRef gatewayapiv1alpha2.PolicyTargetReference:

I dont believe this is available in v1beta1 unless I'm missing something 🤔

@codecov
Copy link

codecov bot commented Aug 11, 2023

Codecov Report

Merging #230 (936504a) into main (1e12d4c) will decrease coverage by 0.16%.
The diff coverage is 63.26%.

@@            Coverage Diff             @@
##             main     #230      +/-   ##
==========================================
- Coverage   63.39%   63.24%   -0.16%     
==========================================
  Files          33       33              
  Lines        3112     3224     +112     
==========================================
+ Hits         1973     2039      +66     
- Misses        962     1007      +45     
- Partials      177      178       +1     
Flag Coverage Δ
integration 68.55% <82.97%> (-1.34%) ⬇️
unit 58.41% <58.16%> (+1.91%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
api/v1beta1 (u) ∅ <ø> (∅)
pkg/common (u) 76.99% <76.29%> (-0.29%) ⬇️
pkg/istio (u) 29.69% <ø> (ø)
pkg/log (u) 31.81% <ø> (ø)
pkg/reconcilers (u) 33.68% <0.00%> (-6.49%) ⬇️
pkg/rlptools (u) 57.63% <64.18%> (+3.15%) ⬆️
controllers (i) 68.55% <82.97%> (-1.34%) ⬇️
Files Changed Coverage Δ
pkg/reconcilers/targetref_reconciler.go 31.18% <0.00%> (-10.25%) ⬇️
pkg/rlptools/rate_limit_index.go 17.33% <17.33%> (ø)
api/v1beta2/ratelimitpolicy_types.go 22.22% <22.22%> (ø)
controllers/ratelimitpolicy_limits.go 68.49% <74.46%> (-2.61%) ⬇️
pkg/rlptools/wasm_utils.go 62.81% <75.62%> (+12.81%) ⬆️
pkg/common/common.go 89.65% <76.00%> (-7.44%) ⬇️
pkg/common/gatewayapi_utils.go 65.92% <76.47%> (+2.84%) ⬆️
controllers/ratelimitpolicy_wasm_plugins.go 77.77% <85.71%> (+3.43%) ⬆️
controllers/ratelimitpolicy_controller.go 69.79% <90.00%> (-6.72%) ⬇️
api/v1beta2/route_selectors.go 100.00% <100.00%> (ø)
... and 4 more

... and 6 files with indirect coverage changes

@KevFan KevFan force-pushed the rlp-v2-rebase branch 3 times, most recently from ce34ba9 to 654344c Compare August 14, 2023 12:13
@KevFan KevFan mentioned this pull request Aug 15, 2023
eguzki and others added 18 commits August 16, 2023 15:01
---------

Co-authored-by: Eguzki Astiz Lezaun <eastizle@redhat.com>
* reconciliation of route selectors for RLPs targeting HTTPRoutes

* Change `common.Contains(slice []string, target string)` to any comparable type (using generics)
* Define a `common.HTTPRouteRuleSelector` type that checks whether a `HTTPRouteMatch` selects a `HTTPRouteRule` or not
* Define a `rlptools.HTTPRouteRulesFromRouteSelector` function that returns all rules from a HTTPRoute that a route selector selects (using `common.HTTPRouteRuleSelector`)
* Modify `rlptools.conditionsFromLimit` to use `rlptools.HTTPRouteRulesFromRouteSelector` and generate wasm conditions for each combination of selected route rule match and hostname
* Ensure all generated route conditions include a pattern for the hostnames (route selectors’, HTTPRoute’s or Gateway’s)
* Ensure all generated route conditions include the user-defined `when` conditions

* add tests for generating a wasmplugin config out of a complex httproute and complex ratelimitpolicy

The httproute declares 2 rules and 2 hostnames.

The RLP declares 2 limits:
- one limit declares one counter, targets one of the httprouterules, for one hostname only, with an additional 'when' condition and counter qualifier;
- the other limit declares 2 counters, targets the other httprouterule, for all hostnames, and states no additional 'when' condition nor counter qualifier.

* generate wasm rules only for routeSelector-filtered hostnames that belong to the targeted route

* fix: pattern expression for hostnames with the right operator - introduces 'endswith' pattern operator

* fix: compute wasm rules only for the applicable hostnames

Passes a list of hostnames into the call to the function that generates the wasm rules for a given RLP, notoriously to compute the conditions when to apply each limit. The list of hostnames is the domain intersection between the hostnames specified in the HTTPRoute and its parent gateway for which the wasm config is being built. The route selection considers this as a boundary, so it doesn’t generate rules for the wrong gateway/hostname.

Fixes the computation of conditions when no HTTPRouteRule matches the route selectors.

* do not generate wasm condition patterns for the hostname when all apply

* do not repeat RLPs for each hostname within the wasm config

* `rlptools.HTTPRouteRulesFromRouteSelector` moved to `api/v1beta2/route_selectors.go` along with the `RouteSelector` type itself

+ no longer injecting a separate list of hostnames for avoiding building wasm rules for hostnames that do not apply, as this did not seem to belong to the route selector logic anyway.

* reconciliation of route selectors for RLPs targeting Gateways

Get all HTTPRoutes that are children of the Gateway and call the generation of the set of wasm rules (conditions and data for each limit) for each HTTPRoute

* match the gateway hostnames instead of the httproute ones when building the wasm rules for rlps that target a gateway

* refactor: make HTTPRouteRuleSelector.Selects return sooner if the HTTP method does not match

* refactor: ensure wasm rule conditions are generated out of selected HTTPRouteRules in the same order as the selectors select the rules

* Prevent the usage of routeSelectors in RLPs that target a Gateway

* do not generate conditions for gateway policy wasm rules from httproutes that have a rlp of its own and avoid building wasmplugins when there are no rules to apply

* avoid adding rlps without any rules to the wasm config
Fixes the reconciliation of the Limitador CR, pairing it with the reconciled wasm config (WasmPlugin CR), so
- rate limit definitions won't be duplicated in the Limitador CR;
- limits can be defined crossing gateways and hostnames and yet be treated as the same limit in Limitador (case of simple RLPs that target HTTPRoutes with multiple Gateway parent refs)
… in the format: limit.<limit-name>__<hash>, where <limit-name> is sanitised to include only characters allowed by Limitador for the identifiers and <hash> is generated out of the original limit name to avoid breaking uniqueness of the name after sanitisation.
For some reason after rebase, there is some dependency issue. This was fixed by updating the istio dep to https://github.com/istio/istio/releases/tag/1.17.5
Copy link
Contributor

@guicassolato guicassolato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've left a minor comment although I don't think it's critical.
In general, LGTM. Verification steps also working fine.
Thanks for putting this together!

api/v1beta2/ratelimitpolicy_types.go Outdated Show resolved Hide resolved
@guicassolato
Copy link
Contributor

To others interested in revieweing this PR:

git diff remotes/origin/rlp-v2-update-main..remotes/KevFan/rlp-v2-rebase

Co-authored-by: Guilherme Cassolato <guicassolato@gmail.com>
Copy link
Contributor

@guicassolato guicassolato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏆

@guicassolato guicassolato changed the title Rlp v2 rebase RLP v1beta2 Aug 21, 2023
@guicassolato guicassolato merged commit 0adfe0c into Kuadrant:main Aug 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement RLPv2 Direct Policy Attachment
4 participants