From d17aeaada58a8e83060bdbcc97defee92c9a3a17 Mon Sep 17 00:00:00 2001 From: Eguzki Astiz Lezaun Date: Thu, 10 Oct 2024 16:33:33 +0200 Subject: [PATCH] update ratelimitpolicy references to v1beta3 (#932) Signed-off-by: Eguzki Astiz Lezaun --- doc/proposals/rlp-target-gateway-resource.md | 51 +++++++++++++------ doc/rate-limiting.md | 6 +-- .../authenticated-rl-for-app-developers.md | 2 +- ...uthenticated-rl-with-jwt-and-k8s-authnz.md | 2 +- .../gateway-rl-for-cluster-operators.md | 2 +- ...re-protect-connect-single-multi-cluster.md | 2 +- doc/user-guides/secure-protect-connect.md | 4 +- .../simple-rl-for-app-developers.md | 2 +- .../toystore/ratelimitpolicy_gateway.yaml | 2 +- .../toystore/ratelimitpolicy_httproute.yaml | 47 +++++++++++------ 10 files changed, 78 insertions(+), 42 deletions(-) diff --git a/doc/proposals/rlp-target-gateway-resource.md b/doc/proposals/rlp-target-gateway-resource.md index 57771dce5..55a16f063 100644 --- a/doc/proposals/rlp-target-gateway-resource.md +++ b/doc/proposals/rlp-target-gateway-resource.md @@ -38,30 +38,49 @@ return an OVER_LIMIT response if any of them are over limit. ```yaml --- -apiVersion: kuadrant.io/v1beta1 +apiVersion: kuadrant.io/v1beta3 kind: RateLimitPolicy metadata: name: my-rate-limit-policy spec: + # Reference to an existing networking resource to attach the policy to. REQUIRED. + # It can be a Gateway API HTTPRoute or Gateway resource. + # It can only refer to objects in the same namespace as the RateLimitPolicy. targetRef: group: gateway.networking.k8s.io kind: HTTPRoute / Gateway name: myroute / mygateway - rateLimits: - - rules: - - paths: ["/admin/*"] - methods: ["GET"] - hosts: ["example.com"] - configurations: - - actions: - - generic_key: - descriptor_key: admin - descriptor_value: "yes" - limits: - - conditions: ["admin == yes"] - max_value: 500 - seconds: 30 - variables: [] + + # The limits definitions to apply to the network traffic routed through the targeted resource. + # Equivalent to if otherwise declared within `defaults`. + limits: + "my_limit": + # The rate limits associated with this limit definition. REQUIRED. + # E.g., to specify a 50rps rate limit, add `{ limit: 50, duration: 1, unit: secod }` + rates: […] + + # Counter qualifiers. + # Each dynamic value in the data plane starts a separate counter, combined with each rate limit. + # E.g., to define a separate rate limit for each user name detected by the auth layer, add `metadata.filter_metadata.envoy\.filters\.http\.ext_authz.username`. + # Check out Kuadrant RFC 0002 (https://github.com/Kuadrant/architecture/blob/main/rfcs/0002-well-known-attributes.md) to learn more about the Well-known Attributes that can be used in this field. + counters: […] + + # Additional dynamic conditions to trigger the limit. + # Use it for filtering attributes not supported by HTTPRouteRule or with RateLimitPolicies that target a Gateway. + # Check out Kuadrant RFC 0002 (https://github.com/Kuadrant/architecture/blob/main/rfcs/0002-well-known-attributes.md) to learn more about the Well-known Attributes that can be used in this field. + when: […] + + # Explicit defaults. Used in policies that target a Gateway object to express default rules to be enforced on + # routes that lack a more specific policy attached to. + # Mutually exclusive with `overrides` and with declaring `limits` at the top-level of the spec. + defaults: + limits: {…} + + # Overrides. Used in policies that target a Gateway object to be enforced on all routes linked to the gateway, + # thus also overriding any more specific policy occasionally attached to any of those routes. + # Mutually exclusive with `defaults` and with declaring `limits` at the top-level of the spec. + overrides: + limits: {…} ``` `.spec.rateLimits` holds a list of rate limit configurations represented by the object `RateLimit`. diff --git a/doc/rate-limiting.md b/doc/rate-limiting.md index 40dc06afc..81f12db23 100644 --- a/doc/rate-limiting.md +++ b/doc/rate-limiting.md @@ -45,7 +45,7 @@ The limit definitions (`limits`) can be declared at the top-level level of the s #### High-level example and field definition ```yaml -apiVersion: kuadrant.io/v1beta2 +apiVersion: kuadrant.io/v1beta3 kind: RateLimitPolicy metadata: name: my-rate-limit-policy @@ -99,7 +99,7 @@ When a RateLimitPolicy targets a HTTPRoute, the policy is enforced to all traffi Target a HTTPRoute by setting the `spec.targetRef` field of the RateLimitPolicy as follows: ```yaml -apiVersion: kuadrant.io/v1beta2 +apiVersion: kuadrant.io/v1beta3 kind: RateLimitPolicy metadata: name: @@ -134,7 +134,7 @@ Inversely, a gateway policy that specify _overrides_ declares a set of rules to Target a Gateway HTTPRoute by setting the `spec.targetRef` field of the RateLimitPolicy as follows: ```yaml -apiVersion: kuadrant.io/v1beta2 +apiVersion: kuadrant.io/v1beta3 kind: RateLimitPolicy metadata: name: diff --git a/doc/user-guides/authenticated-rl-for-app-developers.md b/doc/user-guides/authenticated-rl-for-app-developers.md index 4ef9a9d95..4ac871d99 100644 --- a/doc/user-guides/authenticated-rl-for-app-developers.md +++ b/doc/user-guides/authenticated-rl-for-app-developers.md @@ -200,7 +200,7 @@ Create a Kuadrant `RateLimitPolicy` to configure rate limiting: ```sh kubectl apply -f - <