Skip to content

Gateway API: Spike on RateLimitFilter#4775

Closed
sunjayBhatia wants to merge 2 commits intoprojectcontour:mainfrom
sunjayBhatia:filter-spike
Closed

Gateway API: Spike on RateLimitFilter#4775
sunjayBhatia wants to merge 2 commits intoprojectcontour:mainfrom
sunjayBhatia:filter-spike

Conversation

@sunjayBhatia
Copy link
Copy Markdown
Member

@sunjayBhatia sunjayBhatia commented Oct 5, 2022

Shows how a HTTPRoute Filter based implementation might look for rate limiting

so far just "local" rate limiting implemented

Example usable via manifest:

---
apiVersion: v1
kind: Namespace
metadata:
  name: demo
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: example
spec:
  controllerName: projectcontour.io/projectcontour/contour
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: example
  namespace: demo
spec:
  gatewayClassName: example
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: echo
  name: echo
  namespace: demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - image: gcr.io/k8s-staging-ingressconformance/echoserver:v20210922-cec7cf2
        name: echo
        ports:
        - name: "http"
          containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo
  name: echo
  namespace: demo
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 3000
  selector:
    app: echo
  sessionAffinity: None
  type: ClusterIP
---
kind: RateLimitFilter
apiVersion: projectcontour.io/v1alpha1
metadata:
  name: local-ratelimit-example
  namespace: demo
spec:
  local:
    requests: 10
    unit: minute
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: echo
  namespace: demo
spec:
  parentRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: example
    namespace: demo 
  hostnames:
  - "filter-example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - kind: Service
      name: echo
      port: 80
    filters:
    - type: ExtensionRef
      extensionRef:
        group: projectcontour.io
        kind: RateLimitFilter
        name: local-ratelimit-example

@sunjayBhatia
Add ratelimit filter and policy resources
cb474ab 
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
@sunjayBhatia
Add per-route RateLimitFilter configuration
38c06cc 
Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
@sunjayBhatia sunjayBhatia added do not merge Don't merge this PR until this label is removed. release-note/none-required Marks a PR as not requiring a release note. Should only be used for very small changes. labels Oct 5, 2022
@codecov
Copy link
Copy Markdown

codecov bot commented Oct 5, 2022

Codecov Report

Merging #4775 (38c06cc) into main (e4a0156) will decrease coverage by 0.18%.
The diff coverage is 12.00%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4775      +/-   ##
==========================================
- Coverage   75.98%   75.79%   -0.19%     
==========================================
  Files         140      140              
  Lines       16787    16834      +47     
==========================================
+ Hits        12755    12759       +4     
- Misses       3780     3823      +43     
  Partials      252      252
Impacted Files Coverage Δ
cmd/contour/serve.go 12.70% <0.00%> (-0.11%) ⬇️
internal/dag/gatewayapi_processor.go 91.95% <11.11%> (-2.78%) ⬇️
internal/dag/cache.go 90.25% <25.00%> (-1.24%) ⬇️

@skriss
Copy link
Copy Markdown
Member

skriss commented Oct 5, 2022

This looks great, nice to see it in action. I guess this one is an easy one to do as a per-HTTPRoute filter, because Envoy actually supports per-route config for it. Nice that you could define a single RateLimitFilter resource, and then reference it from a number of different routes, if you wanted the same rate limits to apply across multiple routes. You could even have an admission controller that automatically adds it to routes, though that kind of behavior starts to overlap with the "Policy" side of things.

Would be interesting to look across the various features that HTTPProxy has and see how many of them could be implemented like this.

Thinking through this some more, it also seems far easier to implement a Filter, than to implement a Policy, since you don't have to implement all of the defaults/overrides across various layers of the resource graph.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Oct 20, 2022

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 20, 2022
@skriss skriss removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 21, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Nov 5, 2022

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 5, 2022
@sunjayBhatia sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 7, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Nov 22, 2022

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 22, 2022
@sunjayBhatia sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 22, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Dec 7, 2022

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 7, 2022
@sunjayBhatia sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 7, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Dec 22, 2022

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 22, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 21, 2023

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot closed this Jan 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do not merge Don't merge this PR until this label is removed. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. release-note/none-required Marks a PR as not requiring a release note. Should only be used for very small changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sunjayBhatia @skriss