From 4fdf7d7de3d07f42bc53bc5548f8235968ca4046 Mon Sep 17 00:00:00 2001 From: Michael Jerger Date: Thu, 29 Feb 2024 09:24:59 +0100 Subject: [PATCH] fix ratelimit wiring --- project.clj | 8 ++------ src/main/cljc/dda/c4k_common/ingress.cljc | 1 + .../cljc/dda/c4k_common/ingress/ingress_internal.cljc | 11 ++++++++--- src/main/resources/ingress/middleware-ratelimit.yaml | 1 + .../dda/c4k_common/ingress/ingress_internal_test.cljc | 6 ++++-- src/test/cljc/dda/c4k_common/ingress_test.cljc | 5 +++-- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/project.clj b/project.clj index c1213a1..e3da002 100644 --- a/project.clj +++ b/project.clj @@ -26,7 +26,7 @@ :main dda.c4k-common.uberjar :uberjar-name "c4k-common-standalone.jar" :dependencies [[org.clojure/tools.cli "1.1.230"] - [ch.qos.logback/logback-classic "1.5.0" + [ch.qos.logback/logback-classic "1.5.1" :exclusions [com.sun.mail/javax.mail]] [org.slf4j/jcl-over-slf4j "2.0.12"]]}} :release-tasks [["test"] @@ -34,8 +34,4 @@ ["change" "version" "leiningen.release/bump-version" "release"] ["vcs" "commit"] ["vcs" "tag" "v" "--no-sign"] - ["change" "version" "leiningen.release/bump-version"]] - :aliases {"inst" ["shell" - "sh" - "-c" - "lein uberjar && sudo install -m=755 target/uberjar/c4k-common-standalone.jar /usr/local/bin/c4k-common-standalone.jar"]}) + ["change" "version" "leiningen.release/bump-version"]]) diff --git a/src/main/cljc/dda/c4k_common/ingress.cljc b/src/main/cljc/dda/c4k_common/ingress.cljc index b963038..c84816a 100644 --- a/src/main/cljc/dda/c4k_common/ingress.cljc +++ b/src/main/cljc/dda/c4k_common/ingress.cljc @@ -73,6 +73,7 @@ {:keys [average-rate]} final-config] [(int/generate-certificate final-config) (int/generate-rate-limit-middleware {:rate-limit-name service-name + :namespace (:namespace final-config) :average-rate average-rate :burst-rate average-rate}) (int/generate-ingress final-config)])) \ No newline at end of file diff --git a/src/main/cljc/dda/c4k_common/ingress/ingress_internal.cljc b/src/main/cljc/dda/c4k_common/ingress/ingress_internal.cljc index 606cfb6..3e10ad3 100644 --- a/src/main/cljc/dda/c4k_common/ingress/ingress_internal.cljc +++ b/src/main/cljc/dda/c4k_common/ingress/ingress_internal.cljc @@ -41,7 +41,10 @@ (def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name ::issuer ::ns/namespace])) -(def rate-limit-config? (s/keys :req-un [::rate-limit-name ::average-rate ::burst-rate])) +(def rate-limit-config? (s/keys :req-un [::rate-limit-name + ::ns/namespace + ::average-rate + ::burst-rate])) (defn-spec generate-host-rule map? @@ -72,10 +75,11 @@ (defn-spec generate-rate-limit-middleware map? [config rate-limit-config?] - (let [{:keys [rate-limit-name average-rate burst-rate]} config] + (let [{:keys [rate-limit-name average-rate burst-rate namespace]} config] (-> (yaml/load-as-edn "ingress/middleware-ratelimit.yaml") (assoc-in [:metadata :name] (str rate-limit-name "-ratelimit")) + (assoc-in [:metadata :namespace] namespace) (assoc-in [:spec :rateLimit :average] average-rate) (assoc-in [:spec :rateLimit :burst] burst-rate)))) @@ -94,7 +98,8 @@ "web, websecure" :traefik.ingress.kubernetes.io/router.middlewares (if rate-limit-name - (str "default-redirect-https@kubernetescrd, " rate-limit-name "-ratelimit@kubernetescrd") + (str "default-redirect-https@kubernetescrd, " + namespace "-" rate-limit-name "-ratelimit@kubernetescrd") "default-redirect-https@kubernetescrd") :metallb.universe.tf/address-pool "public"}) (assoc-in [:spec :tls 0 :secretName] cert-name) diff --git a/src/main/resources/ingress/middleware-ratelimit.yaml b/src/main/resources/ingress/middleware-ratelimit.yaml index 57bdbfd..3207c0b 100644 --- a/src/main/resources/ingress/middleware-ratelimit.yaml +++ b/src/main/resources/ingress/middleware-ratelimit.yaml @@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: ratelimit + namespace: default spec: rateLimit: average: AVG diff --git a/src/test/cljc/dda/c4k_common/ingress/ingress_internal_test.cljc b/src/test/cljc/dda/c4k_common/ingress/ingress_internal_test.cljc index d7615ff..25722b2 100644 --- a/src/test/cljc/dda/c4k_common/ingress/ingress_internal_test.cljc +++ b/src/test/cljc/dda/c4k_common/ingress/ingress_internal_test.cljc @@ -62,9 +62,11 @@ (deftest should-generate-middleware-ratelimit (is (= {:apiVersion "traefik.containo.us/v1alpha1", :kind "Middleware", - :metadata {:name "normal-ratelimit"}, + :metadata {:name "normal-ratelimit" + :namespace "myapp",}, :spec {:rateLimit {:average 10, :burst 5}}} (cut/generate-rate-limit-middleware {:rate-limit-name "normal" + :namespace "myapp" :average-rate 10, :burst-rate 5})))) @@ -94,7 +96,7 @@ :annotations {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure" :traefik.ingress.kubernetes.io/router.middlewares - "default-redirect-https@kubernetescrd, normal-ratelimit@kubernetescrd", + "default-redirect-https@kubernetescrd, default-normal-ratelimit@kubernetescrd", :metallb.universe.tf/address-pool "public"}} (:metadata (cut/generate-ingress { diff --git a/src/test/cljc/dda/c4k_common/ingress_test.cljc b/src/test/cljc/dda/c4k_common/ingress_test.cljc index fcc106a..25df6c3 100644 --- a/src/test/cljc/dda/c4k_common/ingress_test.cljc +++ b/src/test/cljc/dda/c4k_common/ingress_test.cljc @@ -99,7 +99,8 @@ :issuerRef {:name "staging", :kind "ClusterIssuer"}}} {:apiVersion "traefik.containo.us/v1alpha1", :kind "Middleware", - :metadata {:name "web-ratelimit"}, + :metadata {:name "web-ratelimit" + :namespace "default"}, :spec {:rateLimit {:average 10, :burst 10}}} {:apiVersion "networking.k8s.io/v1", :kind "Ingress", @@ -110,7 +111,7 @@ :annotations {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure", :traefik.ingress.kubernetes.io/router.middlewares - "default-redirect-https@kubernetescrd, web-ratelimit@kubernetescrd", + "default-redirect-https@kubernetescrd, default-web-ratelimit@kubernetescrd", :metallb.universe.tf/address-pool "public"}}, :spec {:tls [{:hosts ["test.jit.si"], :secretName "web"}],