search

Kuadrant / kuadrantctl

Kuadrant configuration command line utility
Apache License 2.0
6 stars 13 forks source link

Kuadrant extension enhancements #47

Closed eguzki closed 9 months ago

eguzki commented 9 months ago

What

Kuadrant extensions for the Openapi 3.0.3 to add Gateway API HTTPRoute and Rate Limit Policy

Info level kuadrant extension

Kuadrant extension that can be added at the info level of the OpenAPI spec.

info:
  x-kuadrant:
    route:  ## HTTPRoute metadata
      name: "petstore"
      namespace: "petstore"
      labels:  ## map[string]string
        deployment: petstore
      hostnames:  ## []gateway.networking.k8s.io/v1beta1.Hostname
        - example.com
      parentRefs:  ## []gateway.networking.k8s.io/v1beta1.ParentReference
        - name: apiGateway
          namespace: gateways

Path level kuadrant extension

Kuadrant extension that can be added at the path level of the OpenAPI spec. This configuration at the path level is the default when there is no operation level configuration.

What's new? disable field. Optional and defaults to false. This means, that unless explicitly excluded, all OpenAPI operations will be included in the HTTPRoute

What's new? pathMatchType field. Specifies how to match against the path Value. Valid values: [Exact;PathPrefix]. Optional. Default: Exact

paths:
  /cat:
    x-kuadrant:  ## Path level Kuadrant Extension
      disable: true  ## Remove from the HTTPRoute. Optional. Default: false
      pathMatchType: Exact ## Specifies how to match against the path Value. Valid values: [Exact;PathPrefix]. Optional. Default: Exact
      backendRefs:  ## Backend references to be included in the HTTPRoute. []gateway.networking.k8s.io/v1beta1.HTTPBackendRef. Optional.
        - name: petstore
          port: 80
          namespace: petstore
      rate_limit:  ## Rate limit config. Optional.
        rates:   ## Kuadrant API []github.com/kuadrant/kuadrant-operator/api/v1beta2.Rate
          - limit: 1
            duration: 10
            unit: second
        counters:   ## Kuadrant API []github.com/kuadrant/kuadrant-operator/api/v1beta2.CountextSelector
          - auth.identity.username
        when:   ## Kuadrant API []github.com/kuadrant/kuadrant-operator/api/v1beta2.WhenCondition
          - selector: metadata.filter_metadata.envoy\.filters\.http\.ext_authz.identity.userid
            operator: eq
            value: alice

Operation level kuadrant extension

Kuadrant extension that can be added at the operation level of the OpenAPI spec. Same schema as path level kuadrant extension.

What's new? disable field. Optional and defaults to false. This means, that unless explicitly excluded, all OpenAPI operations will be included in the HTTPRoute

What's new? pathMatchType field. Specifies how to match against the path Value. Valid values: [Exact;PathPrefix]. Optional. Default: Exact

paths:
  /cat:
    get:
      x-kuadrant:  ## Path level Kuadrant Extension
        disable: true  ## Remove from the HTTPRoute. Optional. Default: path level "disable" value
        pathMatchType: Exact ## Specifies how to match against the path Value. Valid values: [Exact;PathPrefix]. Optional. Default: Exact
        backendRefs:  ## Backend references to be included in the HTTPRoute. Optional.
          - name: petstore
            port: 80
            namespace: petstore
        rate_limit:  ## Rate limit config. Optional.
          rates:   ## Kuadrant API github.com/kuadrant/kuadrant-operator/api/v1beta2.Rate
            - limit: 1
              duration: 10
              unit: second
          counters:   ## Kuadrant API github.com/kuadrant/kuadrant-operator/api/v1beta2.CountextSelector
            - auth.identity.username
          when:   ## Kuadrant API github.com/kuadrant/kuadrant-operator/api/v1beta2.WhenCondition
            - selector: metadata.filter_metadata.envoy\.filters\.http\.ext_authz.identity.userid
              operator: eq
              value: alice

OpenAPI doc example with the new extensions

---
openapi: "3.0.3"
info:
  title: "Pet Store API"
  version: "1.0.0"
  x-kuadrant:
    route:
      name: "petstore"
      namespace: "petstore"
      labels:
        label1: "labelvalue1"
        label2: "labelvalue2"
      hostnames:
        - example.com
      parentRefs:
        - name: istio-ingressgateway
          namespace: istio-system
servers:
  - url: https://example.io/api/v1
paths:
  /cat:
    x-kuadrant:  ## Path level Kuadrant Extension
      backendRefs:
        - name: petstore
          port: 80
          namespace: petstore
      rate_limit:
        rates:
          - limit: 1
            duration: 10
            unit: second
        counters:
          - request.headers.x-forwarded-for
    get:  # Added to the route and rate limited
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:  # NOT added to the route
      x-kuadrant:  ## Operation level Kuadrant Extension
        disable: true
        pathMatchType: PathPrefix
        backendRefs:
          - name: petstore
            port: 80
            namespace: petstore
        rate_limit:
          rates:
            - limit: 2
              duration: 10
              unit: second
          counters:
            - request.headers.x-forwarded-for
      operationId: "postCat"
      responses:
        405:
          description: "invalid input"
  /dog:
    get:  # Added to the route and rate limited
      x-kuadrant:  ## Operation level Kuadrant Extension
        backendRefs:
          - name: petstore
            port: 80
            namespace: petstore
        rate_limit:
          rates:
            - limit: 3
              duration: 10
              unit: second
          counters:
            - request.headers.x-forwarded-for
      operationId: "getDog"
      responses:
        405:
          description: "invalid input"
    post:  # Added to the route and NOT rate limited
      x-kuadrant:  ## Operation level Kuadrant Extension
        backendRefs:
          - name: petstore
            port: 80
            namespace: petstore
      operationId: "postDog"
      responses:
        405:
          description: "invalid input"
  /mouse:
    x-kuadrant:  ## Path level Kuadrant Extension
      disable: true
    get:  # NOT added to the route
      operationId: "getMouse"
      responses:
        405:
          description: "invalid input"
jasonmadigan commented 9 months ago

@eguzki looks good to me, the label copying much better!