Ratelimit validation (#1508)

* Add RateLimit CRD static validation

* wip

* Change group of ratelimit

* draft of rate limit validation

* Make tests pass

* Add requeueAfter with default reconciliation period

* Add RateLimiting Controller to Technical design documentation and assets.

* Add spec and example to Rate Limit CR docs

* Improve validation logic

* Cleanup the code and tests

* Add RateLimit in-code validation to the reconcile loop

* Add godoc comments

* Restructure packages

* Refactor naming

* Apply suggestions from code review

Co-authored-by: Natalia Sitko <[email protected]>

* Update docs/user/custom-resources/ratelimit/04-00-ratelimit.md

Co-authored-by: Natalia Sitko <[email protected]>

---------

Co-authored-by: Tim Riffer <[email protected]>
Co-authored-by: Natalia Sitko <[email protected]>

PROJECT

@@ -34,8 +34,8 @@ resources:
     namespaced: true
   controller: true
   domain: kyma-project.io
-  group: ratelimit
+  group: gateway
   kind: RateLimit
-  path: github.com/kyma-project/api-gateway/apis/ratelimit/v1alpha1
+  path: github.com/kyma-project/api-gateway/apis/gateway/ratelimit/v1alpha1
   version: v1alpha1
 version: "3"

apis/ratelimit/v1alpha1/groupversion_info.go → apis/gateway/ratelimit/v1alpha1/groupversion_info.go

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1alpha1 contains API Schema definitions for the ratelimit v1alpha1 API group
 // +kubebuilder:object:generate=true
-// +groupName=ratelimit.kyma-project.io
+// +groupName=gateway.kyma-project.io
 package v1alpha1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "ratelimit.kyma-project.io", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: "gateway.kyma-project.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

apis/ratelimit/v1alpha1/ratelimit_types.go → apis/gateway/ratelimit/v1alpha1/ratelimit_types.go

@@ -20,16 +20,42 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+// Bucket represents a rate limit bucket configuration.
+// +kubebuilder:validation:XValidation:rule="((has(self.path)?1:0)+(has(self.headers)?1:0))==1",message="path or headers must be set"
+type Bucket struct {
+	Path    string            `json:"path,omitempty"`
+	Headers map[string]string `json:"headers,omitempty"`
+	// +kubebuilder:validation:Required
+	DefaultBucket BucketTokenSpec `json:"bucket"`
+}
+
+// BucketTokenSpec defines the token bucket specification.
+type BucketTokenSpec struct {
+	// +kubebuilder:validation:Required
+	MaxTokens int64 `json:"maxTokens"`
+	// +kubebuilder:validation:Required
+	TokensPerFill int64 `json:"tokensPerFill"`
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Format=duration
+	FillInterval *metav1.Duration `json:"fillInterval"`
+}
+
+// Local represents the local rate limit configuration.
+type Local struct {
+	// +kubebuilder:validation:Required
+	DefaultBucket BucketTokenSpec `json:"defaultBucket"`
+	Buckets       []Bucket        `json:"buckets,omitempty"`
+}
 
 // RateLimitSpec defines the desired state of RateLimit
 type RateLimitSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-
-	// Foo is an example field of RateLimit. Edit ratelimit_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinProperties=1
+	SelectorLabels map[string]string `json:"selectorLabels"`
+	// +kubebuilder:validation:Required
+	Local                 Local `json:"local"`
+	EnableResponseHeaders bool  `json:"enableResponseHeaders,omitempty"`
+	Enforce               bool  `json:"enforce,omitempty"`
 }
 
 // RateLimitStatus defines the observed state of RateLimit

config/crd/bases/gateway.kyma-project.io_ratelimits.yaml

@@ -0,0 +1,119 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: ratelimits.gateway.kyma-project.io
+spec:
+  group: gateway.kyma-project.io
+  names:
+    kind: RateLimit
+    listKind: RateLimitList
+    plural: ratelimits
+    singular: ratelimit
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: RateLimit is the Schema for the ratelimits API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RateLimitSpec defines the desired state of RateLimit
+            properties:
+              enableResponseHeaders:
+                type: boolean
+              enforce:
+                type: boolean
+              local:
+                description: Local represents the local rate limit configuration.
+                properties:
+                  buckets:
+                    items:
+                      description: Bucket represents a rate limit bucket configuration.
+                      properties:
+                        bucket:
+                          description: BucketTokenSpec defines the token bucket specification.
+                          properties:
+                            fillInterval:
+                              format: duration
+                              type: string
+                            maxTokens:
+                              format: int64
+                              type: integer
+                            tokensPerFill:
+                              format: int64
+                              type: integer
+                          required:
+                          - fillInterval
+                          - maxTokens
+                          - tokensPerFill
+                          type: object
+                        headers:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        path:
+                          type: string
+                      required:
+                      - bucket
+                      type: object
+                      x-kubernetes-validations:
+                      - message: path or headers must be set
+                        rule: ((has(self.path)?1:0)+(has(self.headers)?1:0))==1
+                    type: array
+                  defaultBucket:
+                    description: BucketTokenSpec defines the token bucket specification.
+                    properties:
+                      fillInterval:
+                        format: duration
+                        type: string
+                      maxTokens:
+                        format: int64
+                        type: integer
+                      tokensPerFill:
+                        format: int64
+                        type: integer
+                    required:
+                    - fillInterval
+                    - maxTokens
+                    - tokensPerFill
+                    type: object
+                required:
+                - defaultBucket
+                type: object
+              selectorLabels:
+                additionalProperties:
+                  type: string
+                minProperties: 1
+                type: object
+            required:
+            - local
+            - selectorLabels
+            type: object
+          status:
+            description: RateLimitStatus defines the observed state of RateLimit
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -4,7 +4,7 @@
 resources:
 - bases/gateway.kyma-project.io_apirules.yaml
 - bases/operator.kyma-project.io_apigateways.yaml
-- bases/ratelimit.kyma-project.io_ratelimits.yaml
+- bases/gateway.kyma-project.io_ratelimits.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 labels:

config/dev/kustomization.yaml

@@ -10,7 +10,7 @@ patches:
         path: /rules/-
         value:
           apiGroups:
-            - ratelimit.kyma-project.io
+            - gateway.kyma-project.io
           resources:
             - ratelimits
           verbs:
@@ -31,7 +31,7 @@ patches:
         path: /rules/-
         value:
           apiGroups:
-            - ratelimit.kyma-project.io
+            - gateway.kyma-project.io
           resources:
             - ratelimits/finalizers
           verbs:
@@ -46,7 +46,7 @@ patches:
         path: /rules/-
         value:
           apiGroups:
-            - ratelimit.kyma-project.io
+            - gateway.kyma-project.io
           resources:
             - ratelimits/status
           verbs:

config/prod/kustomization.yaml

@@ -10,5 +10,5 @@ patchesStrategicMerge:
     apiVersion: apiextensions.k8s.io/v1
     kind: CustomResourceDefinition
     metadata:
-      name: ratelimits.ratelimit.kyma-project.io
+      name: ratelimits.gateway.kyma-project.io
     $patch: delete