fix ratelimit wiring

This commit is contained in:
Michael Jerger 2024-02-29 09:24:59 +01:00
parent 468c76e902
commit 4fdf7d7de3
6 changed files with 19 additions and 13 deletions

View file

@ -26,7 +26,7 @@
:main dda.c4k-common.uberjar :main dda.c4k-common.uberjar
:uberjar-name "c4k-common-standalone.jar" :uberjar-name "c4k-common-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"] :dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.0" [ch.qos.logback/logback-classic "1.5.1"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.12"]]}} [org.slf4j/jcl-over-slf4j "2.0.12"]]}}
:release-tasks [["test"] :release-tasks [["test"]
@ -34,8 +34,4 @@
["change" "version" "leiningen.release/bump-version" "release"] ["change" "version" "leiningen.release/bump-version" "release"]
["vcs" "commit"] ["vcs" "commit"]
["vcs" "tag" "v" "--no-sign"] ["vcs" "tag" "v" "--no-sign"]
["change" "version" "leiningen.release/bump-version"]] ["change" "version" "leiningen.release/bump-version"]])
:aliases {"inst" ["shell"
"sh"
"-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-common-standalone.jar /usr/local/bin/c4k-common-standalone.jar"]})

View file

@ -73,6 +73,7 @@
{:keys [average-rate]} final-config] {:keys [average-rate]} final-config]
[(int/generate-certificate final-config) [(int/generate-certificate final-config)
(int/generate-rate-limit-middleware {:rate-limit-name service-name (int/generate-rate-limit-middleware {:rate-limit-name service-name
:namespace (:namespace final-config)
:average-rate average-rate :average-rate average-rate
:burst-rate average-rate}) :burst-rate average-rate})
(int/generate-ingress final-config)])) (int/generate-ingress final-config)]))

View file

@ -41,7 +41,10 @@
(def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name ::issuer ::ns/namespace])) (def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name ::issuer ::ns/namespace]))
(def rate-limit-config? (s/keys :req-un [::rate-limit-name ::average-rate ::burst-rate])) (def rate-limit-config? (s/keys :req-un [::rate-limit-name
::ns/namespace
::average-rate
::burst-rate]))
(defn-spec generate-host-rule map? (defn-spec generate-host-rule map?
@ -72,10 +75,11 @@
(defn-spec generate-rate-limit-middleware map? (defn-spec generate-rate-limit-middleware map?
[config rate-limit-config?] [config rate-limit-config?]
(let [{:keys [rate-limit-name average-rate burst-rate]} config] (let [{:keys [rate-limit-name average-rate burst-rate namespace]} config]
(-> (->
(yaml/load-as-edn "ingress/middleware-ratelimit.yaml") (yaml/load-as-edn "ingress/middleware-ratelimit.yaml")
(assoc-in [:metadata :name] (str rate-limit-name "-ratelimit")) (assoc-in [:metadata :name] (str rate-limit-name "-ratelimit"))
(assoc-in [:metadata :namespace] namespace)
(assoc-in [:spec :rateLimit :average] average-rate) (assoc-in [:spec :rateLimit :average] average-rate)
(assoc-in [:spec :rateLimit :burst] burst-rate)))) (assoc-in [:spec :rateLimit :burst] burst-rate))))
@ -94,7 +98,8 @@
"web, websecure" "web, websecure"
:traefik.ingress.kubernetes.io/router.middlewares :traefik.ingress.kubernetes.io/router.middlewares
(if rate-limit-name (if rate-limit-name
(str "default-redirect-https@kubernetescrd, " rate-limit-name "-ratelimit@kubernetescrd") (str "default-redirect-https@kubernetescrd, "
namespace "-" rate-limit-name "-ratelimit@kubernetescrd")
"default-redirect-https@kubernetescrd") "default-redirect-https@kubernetescrd")
:metallb.universe.tf/address-pool "public"}) :metallb.universe.tf/address-pool "public"})
(assoc-in [:spec :tls 0 :secretName] cert-name) (assoc-in [:spec :tls 0 :secretName] cert-name)

View file

@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: ratelimit name: ratelimit
namespace: default
spec: spec:
rateLimit: rateLimit:
average: AVG average: AVG

View file

@ -62,9 +62,11 @@
(deftest should-generate-middleware-ratelimit (deftest should-generate-middleware-ratelimit
(is (= {:apiVersion "traefik.containo.us/v1alpha1", (is (= {:apiVersion "traefik.containo.us/v1alpha1",
:kind "Middleware", :kind "Middleware",
:metadata {:name "normal-ratelimit"}, :metadata {:name "normal-ratelimit"
:namespace "myapp",},
:spec {:rateLimit {:average 10, :burst 5}}} :spec {:rateLimit {:average 10, :burst 5}}}
(cut/generate-rate-limit-middleware {:rate-limit-name "normal" (cut/generate-rate-limit-middleware {:rate-limit-name "normal"
:namespace "myapp"
:average-rate 10, :burst-rate 5})))) :average-rate 10, :burst-rate 5}))))
@ -94,7 +96,7 @@
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints :annotations {:traefik.ingress.kubernetes.io/router.entrypoints
"web, websecure" "web, websecure"
:traefik.ingress.kubernetes.io/router.middlewares :traefik.ingress.kubernetes.io/router.middlewares
"default-redirect-https@kubernetescrd, normal-ratelimit@kubernetescrd", "default-redirect-https@kubernetescrd, default-normal-ratelimit@kubernetescrd",
:metallb.universe.tf/address-pool "public"}} :metallb.universe.tf/address-pool "public"}}
(:metadata (cut/generate-ingress (:metadata (cut/generate-ingress
{ {

View file

@ -99,7 +99,8 @@
:issuerRef {:name "staging", :kind "ClusterIssuer"}}} :issuerRef {:name "staging", :kind "ClusterIssuer"}}}
{:apiVersion "traefik.containo.us/v1alpha1", {:apiVersion "traefik.containo.us/v1alpha1",
:kind "Middleware", :kind "Middleware",
:metadata {:name "web-ratelimit"}, :metadata {:name "web-ratelimit"
:namespace "default"},
:spec {:rateLimit {:average 10, :burst 10}}} :spec {:rateLimit {:average 10, :burst 10}}}
{:apiVersion "networking.k8s.io/v1", {:apiVersion "networking.k8s.io/v1",
:kind "Ingress", :kind "Ingress",
@ -110,7 +111,7 @@
:annotations :annotations
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure", {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:traefik.ingress.kubernetes.io/router.middlewares :traefik.ingress.kubernetes.io/router.middlewares
"default-redirect-https@kubernetescrd, web-ratelimit@kubernetescrd", "default-redirect-https@kubernetescrd, default-web-ratelimit@kubernetescrd",
:metallb.universe.tf/address-pool "public"}}, :metallb.universe.tf/address-pool "public"}},
:spec :spec
{:tls [{:hosts ["test.jit.si"], :secretName "web"}], {:tls [{:hosts ["test.jit.si"], :secretName "web"}],