fix ratelimit wiring
This commit is contained in:
parent
468c76e902
commit
4fdf7d7de3
6 changed files with 19 additions and 13 deletions
|
|
@ -26,7 +26,7 @@
|
||||||
:main dda.c4k-common.uberjar
|
:main dda.c4k-common.uberjar
|
||||||
:uberjar-name "c4k-common-standalone.jar"
|
:uberjar-name "c4k-common-standalone.jar"
|
||||||
:dependencies [[org.clojure/tools.cli "1.1.230"]
|
:dependencies [[org.clojure/tools.cli "1.1.230"]
|
||||||
[ch.qos.logback/logback-classic "1.5.0"
|
[ch.qos.logback/logback-classic "1.5.1"
|
||||||
:exclusions [com.sun.mail/javax.mail]]
|
:exclusions [com.sun.mail/javax.mail]]
|
||||||
[org.slf4j/jcl-over-slf4j "2.0.12"]]}}
|
[org.slf4j/jcl-over-slf4j "2.0.12"]]}}
|
||||||
:release-tasks [["test"]
|
:release-tasks [["test"]
|
||||||
|
|
@ -34,8 +34,4 @@
|
||||||
["change" "version" "leiningen.release/bump-version" "release"]
|
["change" "version" "leiningen.release/bump-version" "release"]
|
||||||
["vcs" "commit"]
|
["vcs" "commit"]
|
||||||
["vcs" "tag" "v" "--no-sign"]
|
["vcs" "tag" "v" "--no-sign"]
|
||||||
["change" "version" "leiningen.release/bump-version"]]
|
["change" "version" "leiningen.release/bump-version"]])
|
||||||
:aliases {"inst" ["shell"
|
|
||||||
"sh"
|
|
||||||
"-c"
|
|
||||||
"lein uberjar && sudo install -m=755 target/uberjar/c4k-common-standalone.jar /usr/local/bin/c4k-common-standalone.jar"]})
|
|
||||||
|
|
|
||||||
|
|
@ -73,6 +73,7 @@
|
||||||
{:keys [average-rate]} final-config]
|
{:keys [average-rate]} final-config]
|
||||||
[(int/generate-certificate final-config)
|
[(int/generate-certificate final-config)
|
||||||
(int/generate-rate-limit-middleware {:rate-limit-name service-name
|
(int/generate-rate-limit-middleware {:rate-limit-name service-name
|
||||||
|
:namespace (:namespace final-config)
|
||||||
:average-rate average-rate
|
:average-rate average-rate
|
||||||
:burst-rate average-rate})
|
:burst-rate average-rate})
|
||||||
(int/generate-ingress final-config)]))
|
(int/generate-ingress final-config)]))
|
||||||
|
|
@ -41,7 +41,10 @@
|
||||||
(def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name ::issuer ::ns/namespace]))
|
(def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name ::issuer ::ns/namespace]))
|
||||||
|
|
||||||
|
|
||||||
(def rate-limit-config? (s/keys :req-un [::rate-limit-name ::average-rate ::burst-rate]))
|
(def rate-limit-config? (s/keys :req-un [::rate-limit-name
|
||||||
|
::ns/namespace
|
||||||
|
::average-rate
|
||||||
|
::burst-rate]))
|
||||||
|
|
||||||
|
|
||||||
(defn-spec generate-host-rule map?
|
(defn-spec generate-host-rule map?
|
||||||
|
|
@ -72,10 +75,11 @@
|
||||||
|
|
||||||
(defn-spec generate-rate-limit-middleware map?
|
(defn-spec generate-rate-limit-middleware map?
|
||||||
[config rate-limit-config?]
|
[config rate-limit-config?]
|
||||||
(let [{:keys [rate-limit-name average-rate burst-rate]} config]
|
(let [{:keys [rate-limit-name average-rate burst-rate namespace]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "ingress/middleware-ratelimit.yaml")
|
(yaml/load-as-edn "ingress/middleware-ratelimit.yaml")
|
||||||
(assoc-in [:metadata :name] (str rate-limit-name "-ratelimit"))
|
(assoc-in [:metadata :name] (str rate-limit-name "-ratelimit"))
|
||||||
|
(assoc-in [:metadata :namespace] namespace)
|
||||||
(assoc-in [:spec :rateLimit :average] average-rate)
|
(assoc-in [:spec :rateLimit :average] average-rate)
|
||||||
(assoc-in [:spec :rateLimit :burst] burst-rate))))
|
(assoc-in [:spec :rateLimit :burst] burst-rate))))
|
||||||
|
|
||||||
|
|
@ -94,7 +98,8 @@
|
||||||
"web, websecure"
|
"web, websecure"
|
||||||
:traefik.ingress.kubernetes.io/router.middlewares
|
:traefik.ingress.kubernetes.io/router.middlewares
|
||||||
(if rate-limit-name
|
(if rate-limit-name
|
||||||
(str "default-redirect-https@kubernetescrd, " rate-limit-name "-ratelimit@kubernetescrd")
|
(str "default-redirect-https@kubernetescrd, "
|
||||||
|
namespace "-" rate-limit-name "-ratelimit@kubernetescrd")
|
||||||
"default-redirect-https@kubernetescrd")
|
"default-redirect-https@kubernetescrd")
|
||||||
:metallb.universe.tf/address-pool "public"})
|
:metallb.universe.tf/address-pool "public"})
|
||||||
(assoc-in [:spec :tls 0 :secretName] cert-name)
|
(assoc-in [:spec :tls 0 :secretName] cert-name)
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: ratelimit
|
name: ratelimit
|
||||||
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
rateLimit:
|
rateLimit:
|
||||||
average: AVG
|
average: AVG
|
||||||
|
|
|
||||||
|
|
@ -62,9 +62,11 @@
|
||||||
(deftest should-generate-middleware-ratelimit
|
(deftest should-generate-middleware-ratelimit
|
||||||
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
||||||
:kind "Middleware",
|
:kind "Middleware",
|
||||||
:metadata {:name "normal-ratelimit"},
|
:metadata {:name "normal-ratelimit"
|
||||||
|
:namespace "myapp",},
|
||||||
:spec {:rateLimit {:average 10, :burst 5}}}
|
:spec {:rateLimit {:average 10, :burst 5}}}
|
||||||
(cut/generate-rate-limit-middleware {:rate-limit-name "normal"
|
(cut/generate-rate-limit-middleware {:rate-limit-name "normal"
|
||||||
|
:namespace "myapp"
|
||||||
:average-rate 10, :burst-rate 5}))))
|
:average-rate 10, :burst-rate 5}))))
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -94,7 +96,7 @@
|
||||||
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints
|
:annotations {:traefik.ingress.kubernetes.io/router.entrypoints
|
||||||
"web, websecure"
|
"web, websecure"
|
||||||
:traefik.ingress.kubernetes.io/router.middlewares
|
:traefik.ingress.kubernetes.io/router.middlewares
|
||||||
"default-redirect-https@kubernetescrd, normal-ratelimit@kubernetescrd",
|
"default-redirect-https@kubernetescrd, default-normal-ratelimit@kubernetescrd",
|
||||||
:metallb.universe.tf/address-pool "public"}}
|
:metallb.universe.tf/address-pool "public"}}
|
||||||
(:metadata (cut/generate-ingress
|
(:metadata (cut/generate-ingress
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -99,7 +99,8 @@
|
||||||
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
||||||
{:apiVersion "traefik.containo.us/v1alpha1",
|
{:apiVersion "traefik.containo.us/v1alpha1",
|
||||||
:kind "Middleware",
|
:kind "Middleware",
|
||||||
:metadata {:name "web-ratelimit"},
|
:metadata {:name "web-ratelimit"
|
||||||
|
:namespace "default"},
|
||||||
:spec {:rateLimit {:average 10, :burst 10}}}
|
:spec {:rateLimit {:average 10, :burst 10}}}
|
||||||
{:apiVersion "networking.k8s.io/v1",
|
{:apiVersion "networking.k8s.io/v1",
|
||||||
:kind "Ingress",
|
:kind "Ingress",
|
||||||
|
|
@ -110,7 +111,7 @@
|
||||||
:annotations
|
:annotations
|
||||||
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
{:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
||||||
:traefik.ingress.kubernetes.io/router.middlewares
|
:traefik.ingress.kubernetes.io/router.middlewares
|
||||||
"default-redirect-https@kubernetescrd, web-ratelimit@kubernetescrd",
|
"default-redirect-https@kubernetescrd, default-web-ratelimit@kubernetescrd",
|
||||||
:metallb.universe.tf/address-pool "public"}},
|
:metallb.universe.tf/address-pool "public"}},
|
||||||
:spec
|
:spec
|
||||||
{:tls [{:hosts ["test.jit.si"], :secretName "web"}],
|
{:tls [{:hosts ["test.jit.si"], :secretName "web"}],
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue
