search

Kuadrant / kuadrant-operator

The Operator to install and manage the lifecycle of the Kuadrant components deployments.
Apache License 2.0
37 stars 33 forks source link

Kuadrant is using deprecated syntax for Limitadors conditions #130

Closed pehala closed 1 year ago

pehala commented 1 year ago

[2023-01-09T11:11:14Z ERROR limitador_server] You are using deprecated syntax for your conditions! See the migration guide https://kuadrant.io/docs/limitador/migrations/conditions.html

I have seen this in Limitador logs, not sure if it is bound to a certain configuration, tt works, but it should probably be changed.

Sidenote: the URL doesn't work :D

pehala commented 1 year ago

Current environment, Limitador:

apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
  name: limitador
  namespace: kuadrant
spec:
  limits:
    - conditions: []
      max_value: 2
      namespace: 'istio-system/istio-ingressgateway#*'
      seconds: 10
      variables: []
    - conditions:
        - userID == bob
      max_value: 2
      namespace: >-
        istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
      seconds: 10
      variables: []
    - conditions:
        - userID == alice
      max_value: 5
      namespace: >-
        istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
      seconds: 10
      variables: []
    - conditions: []
      max_value: 2
      namespace: >-
        istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
      seconds: 10
      variables: []

Every RLP on the server:

apiVersion: kuadrant.io/v1beta1
kind: RateLimitPolicy
metadata:
  annotations:
    kuadrant.io/namespace: kuadrant
  resourceVersion: '7121586'
  name: gw-limit
  namespace: istio-system
spec:
  rateLimits:
    - configurations: []
      limits:
        - conditions: []
          maxValue: 2
          seconds: 10
          variables: []
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: istio-ingressgateway
apiVersion: kuadrant.io/v1beta1
kind: RateLimitPolicy
metadata:
  annotations:
    kuadrant.io/namespace: kuadrant
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"kuadrant.io/v1beta1","kind":"RateLimitPolicy","metadata":{"annotations":{},"name":"toystore","namespace":"toystore"},"spec":{"rateLimits":[{"configurations":[{"actions":[{"metadata":{"default_value":"no-user","descriptor_key":"userID","metadata_key":{"key":"envoy.filters.http.ext_authz","path":[{"segment":{"key":"ext_auth_data"}},{"segment":{"key":"userID"}}]}}}]}],"limits":[{"conditions":["userID
      == bob"],"maxValue":2,"seconds":10,"variables":[]},{"conditions":["userID
      ==
      alice"],"maxValue":5,"seconds":10,"variables":[]}]}],"targetRef":{"group":"gateway.networking.k8s.io","kind":"HTTPRoute","name":"toystore"}}}
  name: toystore
  namespace: toystore
spec:
  rateLimits:
    - configurations:
        - actions:
            - metadata:
                default_value: no-user
                descriptor_key: userID
                metadata_key:
                  key: envoy.filters.http.ext_authz
                  path:
                    - segment:
                        key: ext_auth_data
                    - segment:
                        key: userID
                source: DYNAMIC
      limits:
        - conditions:
            - userID == bob
          maxValue: 2
          seconds: 10
          variables: []
        - conditions:
            - userID == alice
          maxValue: 5
          seconds: 10
          variables: []
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
alexsnaps commented 1 year ago

I'll fix the URL, but where are these conditions coming from? Previous test cases? They should indeed read something along the lines of:

    - conditions: []
      max_value: 2
      namespace: 'istio-system/istio-ingressgateway#*'
      seconds: 10
      variables: []
    - conditions:
        - userID == 'bob'

Also know there are no integer literals, so that 1 is a string and should be something == '1' just as well

pehala commented 1 year ago

I am not sure where they came from exactly, I wasn't able to reproduce this exact case ever since, but I think it has something to do with https://github.com/Kuadrant/kuadrant-operator/issues/138 and they are just arbitrary limits we tried and deleted in the wrong order.

alexsnaps commented 1 year ago

URL is fixed: https://kuadrant.io/docs/limitador/migrations/conditions.html