api: sharing global ratelimit buckets #5227
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5227 +/- ##
==========================================
+ Coverage 67.94% 68.00% +0.05%
==========================================
Files 214 214
Lines 33532 33532
==========================================
+ Hits 22782 22802 +20
+ Misses 9360 9345 -15
+ Partials 1390 1385 -5 ☔ View full report in Codecov by Sentry. |
|
added some comments, but overall +1 with the feature the implementation will be tricky, since we cannot rely on per route based keys and descriptors, and find a way to share it, one idea is to create a key prefix in the gateway api layer and use it in the xds layer if its set |
|
/retest |
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
* build(deps): bump github.com/envoyproxy/go-control-plane/contrib Bumps [github.com/envoyproxy/go-control-plane/contrib](https://github.com/envoyproxy/go-control-plane) from 1.32.3 to 1.32.4. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.32.3...envoy/v1.32.4) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/contrib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 Bumps [github.com/spf13/pflag](https://github.com/spf13/pflag) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: zirain <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Hristovski <[email protected]>
Signed-off-by: Ryan Hristovski <[email protected]>
ryanhristovski
force-pushed
the
feat-global-gateway-ratelimitting
branch
from
ba808e1 to
29b72b7
Compare
|
/retest |
|
@arkodg i fixed a test in this PR unrelated to my changes |
| // +optional | ||
| // +notImplementedHide | ||
| // +kubebuilder:default=false | ||
| Shared *bool `json:"shared,omitempty"` |
There was a problem hiding this comment.
Using bool is not recommended generally speaking..
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#primitive-types
Any strong reason for that? Can we consider enum instead?
There was a problem hiding this comment.
thanks for linking that @sanposhiho , it does say to think twice before using bool, mainly because intent/field could be multidimensional in the future (which enums like type really come in handy).
the intent here is to say that this ratelimit bucket is a singleton or is shared across all targets, can recommendations for enums here ?
There was a problem hiding this comment.
You can make a final decision based on other API designs in EG, but, at k/k (around me), we've mostly (or probably always) used enum for new APIs even if we first thought it was a two-value switching and likely won't get changed in the future when we designed them. So, if you ask me, I'd probably change it to enum and change the name from Shared. (some general name, like ApplyPolicy etc)
There was a problem hiding this comment.
I like @rudrakhp's suggestion #5227 (comment)
| // +optional | ||
| // +notImplementedHide | ||
| // +kubebuilder:default=false | ||
| Shared *bool `json:"shared,omitempty"` |
There was a problem hiding this comment.
| Shared *bool `json:"shared,omitempty"` | |
| BucketScope RateLimitBucketScope `json:"bucketScope,omitempty"` |
You can define enums:
type RateLimitBucketScope string
const (
SharedBucketScope RateLimitBucketScope = "shared" // Shared across routes
PerRouteBucketScope RateLimitBucketScope = "perRoute" // Independent for each route, default
)
There was a problem hiding this comment.
+1 to future proof this API for other scopes (e.g. vhost?)
There was a problem hiding this comment.
prefer just scope
and instead of perRoute it may help to define it as perTarget
There was a problem hiding this comment.
Just scope might be confusing with the rate limit scope, i.e, Global/Local. But I guess that could be clarified in the documentation.
There was a problem hiding this comment.
I could see the confusion with scope being confused with type (Global/Local), bucketScope could provide more clarity. Also agree with @arkodg for perTarget rather than perRoute.
I'll push through whichever changes we agree upon here
There was a problem hiding this comment.
i was trying to avoid the bucket prefix, because i was unsure if it should be bucket, rule (which is an existing noun in the API) or somethingElse
we can brainstorm a little more here
There was a problem hiding this comment.
How about "context" (values are shared, target, vHost, etc)? I am ok with "scope" as well since it's explicitly defined under GlobalRateLimit API, just that context feels less confusing.
There was a problem hiding this comment.
though i see the potential confusion, scope: shared/target/vHost does seem most clear
can the vHost option be added in another patch? was hoping to just focus on shared/target
There was a problem hiding this comment.
Yeah we can't add vHost yet, because that noun doesn't exist in any user facing docs
Related to #5194 (comment)
Currently using
shared: boolfor setting a global rate limiting rule, another option discussed wasscope: gateway/httproute.Does anyone have a strong opinion on how rate limit policies should be labeled to have a global scope?