Summary

This PR implements the usage of shadow_mode of envoyproxy ratelimit service inside this operator, this is implemented in two ways, the first, enabling the global shadow_mode inside the RateLimitService manifest, so the deployment will include the SHADOW_MODE environment variable for this service as described in the official documentation and the second one enabling the shadow_mode per rule.

Type of Change

This PR fixes/implements the following bugs/features:

• shadow_mode usage inside istio-ratelimit-operator

How has this been tested?

Proof: For the global shadow_mode: RateLimitService manifest

---
apiVersion: ratelimit.zufardhiyaulhaq.com/v1alpha1
kind: RateLimitService
metadata:
  name: istio-test-ratelimit-service
  namespace: istio-system
spec:
  kubernetes:
    shadow_mode: true
    replica_count: 2
    auto_scaling:
      max_replicas: 3
      min_replicas: 2
    resources:
      limits:
        cpu: "256m"
        memory: "256Mi"
      requests:
        cpu: "128m"
        memory: "128Mi"
  backend:
    redis:
      type: "single"
      url: "redis.istio-system.svc.cluster.local:6379"

After the deployment:

Checklist:

• [ ] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.
• [ ] I have written new tests for my changes.
  • [ ] My changes successfully ran and pass tests locally.

Closes #18

Summary

This PR includes two new properties for RateLimitService Spec inside Kubernetes object Image and ImageTag, this is necessary if we need to adjust the image of the RateLimitService that will be deployed by the RateLimitController

Type of Change

This PR fixes/implements the following bugs/features:

• Configurable Image and ImageTag for RateLimitService

Test

ratelimitservice manifest file:

---
apiVersion: ratelimit.zufardhiyaulhaq.com/v1alpha1
kind: RateLimitService
metadata:
  name: istio-test-ratelimit-service
  namespace: istio-system
spec:
  kubernetes:
    image: envoyproxy/ratelimit
    imageTag: 7b60ac79
    replica_count: 2
    auto_scaling:
      max_replicas: 3
      min_replicas: 2
    resources:
      limits:
        cpu: "256m"
        memory: "256Mi"
      requests:
        cpu: "128m"
        memory: "128Mi"
  backend:
    redis:
      type: "single"
      url: "redis.istio-system.svc.cluster.local:6379"

After applying the RatelimitService/GlobalRatelimitConfig/GlobalRatelimit the deployment of the service:

Closes #15

Issue : https://github.com/zufardhiyaulhaq/istio-ratelimit-operator/issues/16

Summary

We need to add suppport for descriptor_value for request_headers method

Type of Change

Adding funcunallity

How has this been tested?

Deployed rate limit to my cluster with the following configuation.

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [x] I have written new tests for my changes.
• [x ] My changes successfully ran and pass tests locally.

I was looking at the RateLimitService CRD and it looks like you've hardcoded the rate limit service image to be pulled from zufardhiyaulhaq/ratelimit:v1.0.0 I did try specifying the container just to test out my theory

     "container" = {
          image             = "${MY_AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/envoyproxy-ratelimit:8d6488ea"
          image_pull_policy = "Always"
          command           = ["/bin/ratelimit"]
        }

Can you verify that my assessment is correct or I've missed something. Thanks

IMPORTANT: Please do not create a Pull Request without creating an issue first!

(Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of the pull request).

Summary

Added support for REDIS_AUTH

Type of Change

• Added support for REDIS_AUTH

How has this been tested?

Proof:

Checklist:

• [x] My code follows the code style of this project.
• [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
• [ ] I have written new tests for my changes.
  • [x] My changes successfully ran and pass tests locally.

Signed-off-by: zufardhiyaulhaq [email protected]

Summary

Ability to add a custom environment variable to the RateLimitService object.

Checklist:

• [x] My code follows the code style of this project.
• [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
• [x] I have written new tests for my changes.
  • [x] My changes successfully ran and pass tests locally.

Any ideas or possibilities in the roadmap to support the latest release of ratelimit by the original repository of envoy proxy? Nowadays the HEAD git repository has the support of shadow_mode, this could be handy to include the ratelimit rules but without enforcing, only checking if the ratelimit will be aggressive, generate some kind of impact in the production environment If there is some kind of possible test that I could do, I would be glad to help

Is your feature request related to a problem? Please describe. We need to provide ratelimit by path or method (put for example) on the application and not for the entire application.

Describe the solution you'd like my config should look like the following example:

config.yaml: |
    domain: http-bin-server-ratelimit-config
    descriptors:
    - key: path
      value: /ip
      rate_limit:
        unit: hour
        requests_per_unit: 1

Thank you

Signed-off-by: zufardhiyaulhaq [email protected]

Summary

Extend global rate limit for sidecar

Type of Change

• fixing a bug on builder & factory
• extend global rate limit for sidecar

How has this been tested?

ratelimit $ k get globalratelimitconfig,globalratelimit,ratelimitservice
NAME                                                             AGE
globalratelimitconfig.ratelimit.zufardhiyaulhaq.com/echo-redis   100m

NAME                                                                 AGE
globalratelimit.ratelimit.zufardhiyaulhaq.com/echo-redis-http-8080   100m
globalratelimit.ratelimit.zufardhiyaulhaq.com/echo-redis-http-8081   100m

NAME                                                                          AGE
ratelimitservice.ratelimit.zufardhiyaulhaq.com/echo-redis-ratelimit-service   100m

root@examples-helloworld-v1-655db4f97b-jhcjv:/opt/microservices# curl echo-redis:8080/redis/hi -v
* Hostname was NOT found in DNS cache
*   Trying 10.32.185.200...
* Connected to echo-redis (10.32.185.200) port 8080 (#0)
> GET /redis/hi HTTP/1.1
> User-Agent: curl/7.38.0
> Host: echo-redis:8080
> Accept: */*
> 
< HTTP/1.1 429 Too Many Requests
< x-envoy-ratelimited: true
< date: Sun, 31 Oct 2021 08:03:15 GMT
* Server envoy is not blacklisted
< server: envoy
< content-length: 0
< x-envoy-upstream-service-time: 4
< 
* Connection #0 to host echo-redis left intact

Checklist:

• [x] My code follows the code style of this project.
• [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
• [x] I have written new tests for my changes.
  • [x] My changes successfully ran and pass tests locally.

Signed-off-by: zufardhiyaulhaq [email protected]

Summary

support Istio 1.16

Checklist:

• [x] My code follows the code style of this project.
• [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
• [ ] I have written new tests for my changes.
  • [ ] My changes successfully ran and pass tests locally.

Signed-off-by: zufardhiyaulhaq [email protected]

Summary

Currently, all metrics from envoy/ratelimit are based on statsd. It's pretty hard to manage. Luckily, the community has written statsd-exporter to change statsd metrics to Prometheus metrics to comply with industry standards. This MR aim to generate statsd-exporter configuration as configmap.

Type of Change

This PR fixes/implements the following bugs/features:

• generate statsd-exporter configmap

https://github.com/zufardhiyaulhaq/istio-ratelimit-operator/issues/26

How has this been tested?

Proof:

Checklist:

• [x] My code follows the code style of this project.
• [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
• [ ] I have written new tests for my changes.
  • [x] My changes successfully ran and pass tests locally.

Describe the bug env not updated automatically

To Reproduce Create RateLimitService with statsd disable, and then update the object to enable the statsd

Expected behavior statsd should enable automatically with updated environment variable