Gateway API: Spike on RateLimitPolicy by sunjayBhatia · Pull Request #4776 · projectcontour/contour

sunjayBhatia · 2022-10-06T19:17:22Z

Shows how a Policy based approach may look for (local) rate limiting

Example usable via manifest:

---
apiVersion: v1
kind: Namespace
metadata:
  name: demo
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: example
spec:
  controllerName: projectcontour.io/projectcontour/contour
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: example
  namespace: demo
spec:
  gatewayClassName: example
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: echo
  name: echo
  namespace: demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - image: gcr.io/k8s-staging-ingressconformance/echoserver:v20210922-cec7cf2
        name: echo
        ports:
        - name: "http"
          containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo
  name: echo
  namespace: demo
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 3000
  selector:
    app: echo
  sessionAffinity: None
  type: ClusterIP
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: echo-other
  namespace: demo
spec:
  parentRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: example
    namespace: demo
  hostnames:
  - "some-other-site.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - kind: Service
      name: echo
      port: 80
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: echo
  namespace: demo
spec:
  parentRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: example
    namespace: demo
  hostnames:
  - "policy-example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - kind: Service
      name: echo
      port: 80
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: echo-2
  namespace: demo
spec:
  parentRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: example
    namespace: demo
  hostnames:
  - "policy-example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /api/needs-ratelimit
    backendRefs:
    - kind: Service
      name: echo
      port: 80
---
kind: RateLimitPolicy
apiVersion: projectcontour.io/v1alpha1
metadata:
  name: local-ratelimit-config-gw
  namespace: demo
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: example
  override:
    local:
      responseStatusCode: 503
  default:
    local:
      requests: 10
      unit: minute
---
kind: RateLimitPolicy
apiVersion: projectcontour.io/v1alpha1
metadata:
  name: local-ratelimit-config-route
  namespace: demo
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: echo-2
  override:
    local:
      requests: 2
      unit: minute
      responseStatusCode: 402

Rate limit for policy-example.com/api/needs-ratelimit is 2/min with 503 returned when rate limited

comes from Policy applied to HTTPRoute

All other paths under policy-example.com are 10/min with 503 returned when rate limited

comes from Policy applied to Gateway

Rate limit for some-other-site.com is 10/min with 503 returned when rate limited

comes from Policy applied to Gateway

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

can target a Gateway or HTTPRoute if multiple policies, they are merged, with defaults and overrides being applied in reverse order according to https://gateway-api.sigs.k8s.io/references/policy-attachment/#hierarchy Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

github-actions · 2022-10-21T00:27:17Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

github-actions · 2022-11-05T00:25:22Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

github-actions · 2022-11-26T00:19:30Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

github-actions · 2022-12-13T00:21:59Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

github-actions · 2022-12-29T00:20:21Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

github-actions · 2023-01-29T00:23:05Z

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 14d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

Mark this PR as fresh by commenting or pushing a commit
Close this PR
Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

sunjayBhatia added 3 commits October 4, 2022 23:47

Add ratelimit filter and policy resources

cb474ab

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

Make ratelimit fields optional for example

f5f0a82

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

sunjayBhatia added do not merge Don't merge this PR until this label is removed. release-note/none-required Marks a PR as not requiring a release note. Should only be used for very small changes. labels Oct 6, 2022

github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 21, 2022

skriss removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 21, 2022

github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 5, 2022

sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 7, 2022

sunjayBhatia added 3 commits November 10, 2022 23:48

Simple Route status implementation

caa275a

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

PolicyType as a scalar

fa7282d

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

Use PolicySettings to express what Policy is in effect

ff49ae7

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 26, 2022

sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 28, 2022

github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 13, 2022

sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 14, 2022

github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 29, 2022

github-actions bot closed this Jan 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gateway API: Spike on RateLimitPolicy#4776

Gateway API: Spike on RateLimitPolicy#4776
sunjayBhatia wants to merge 6 commits intoprojectcontour:mainfrom
sunjayBhatia:policy-spike

sunjayBhatia commented Oct 6, 2022

Uh oh!

github-actions bot commented Oct 21, 2022

Uh oh!

github-actions bot commented Nov 5, 2022

Uh oh!

github-actions bot commented Nov 26, 2022

Uh oh!

github-actions bot commented Dec 13, 2022

Uh oh!

github-actions bot commented Dec 29, 2022

Uh oh!

github-actions bot commented Jan 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

sunjayBhatia commented Oct 6, 2022

Uh oh!

github-actions bot commented Oct 21, 2022

Uh oh!

github-actions bot commented Nov 5, 2022

Uh oh!

github-actions bot commented Nov 26, 2022

Uh oh!

github-actions bot commented Dec 13, 2022

Uh oh!

github-actions bot commented Dec 29, 2022

Uh oh!

github-actions bot commented Jan 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants