Closed pehala closed 1 year ago
Current environment, Limitador:
apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
name: limitador
namespace: kuadrant
spec:
limits:
- conditions: []
max_value: 2
namespace: 'istio-system/istio-ingressgateway#*'
seconds: 10
variables: []
- conditions:
- userID == bob
max_value: 2
namespace: >-
istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
seconds: 10
variables: []
- conditions:
- userID == alice
max_value: 5
namespace: >-
istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
seconds: 10
variables: []
- conditions: []
max_value: 2
namespace: >-
istio-system/istio-ingressgateway#*.toystore.apps.ocp-wide.osp.api-qe.eng.rdu2.redhat.com
seconds: 10
variables: []
Every RLP on the server:
apiVersion: kuadrant.io/v1beta1
kind: RateLimitPolicy
metadata:
annotations:
kuadrant.io/namespace: kuadrant
resourceVersion: '7121586'
name: gw-limit
namespace: istio-system
spec:
rateLimits:
- configurations: []
limits:
- conditions: []
maxValue: 2
seconds: 10
variables: []
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: istio-ingressgateway
apiVersion: kuadrant.io/v1beta1
kind: RateLimitPolicy
metadata:
annotations:
kuadrant.io/namespace: kuadrant
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"kuadrant.io/v1beta1","kind":"RateLimitPolicy","metadata":{"annotations":{},"name":"toystore","namespace":"toystore"},"spec":{"rateLimits":[{"configurations":[{"actions":[{"metadata":{"default_value":"no-user","descriptor_key":"userID","metadata_key":{"key":"envoy.filters.http.ext_authz","path":[{"segment":{"key":"ext_auth_data"}},{"segment":{"key":"userID"}}]}}}]}],"limits":[{"conditions":["userID
== bob"],"maxValue":2,"seconds":10,"variables":[]},{"conditions":["userID
==
alice"],"maxValue":5,"seconds":10,"variables":[]}]}],"targetRef":{"group":"gateway.networking.k8s.io","kind":"HTTPRoute","name":"toystore"}}}
name: toystore
namespace: toystore
spec:
rateLimits:
- configurations:
- actions:
- metadata:
default_value: no-user
descriptor_key: userID
metadata_key:
key: envoy.filters.http.ext_authz
path:
- segment:
key: ext_auth_data
- segment:
key: userID
source: DYNAMIC
limits:
- conditions:
- userID == bob
maxValue: 2
seconds: 10
variables: []
- conditions:
- userID == alice
maxValue: 5
seconds: 10
variables: []
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: toystore
I'll fix the URL, but where are these conditions coming from? Previous test cases? They should indeed read something along the lines of:
- conditions: []
max_value: 2
namespace: 'istio-system/istio-ingressgateway#*'
seconds: 10
variables: []
- conditions:
- userID == 'bob'
Also know there are no integer literals, so that 1
is a string and should be something == '1'
just as well
I am not sure where they came from exactly, I wasn't able to reproduce this exact case ever since, but I think it has something to do with https://github.com/Kuadrant/kuadrant-operator/issues/138 and they are just arbitrary limits we tried and deleted in the wrong order.
[2023-01-09T11:11:14Z ERROR limitador_server] You are using deprecated syntax for your conditions! See the migration guide https://kuadrant.io/docs/limitador/migrations/conditions.html
I have seen this in Limitador logs, not sure if it is bound to a certain configuration, tt works, but it should probably be changed.
Sidenote: the URL doesn't work :D