Generating Kuadrant RateLimitPolicies
Generate Kuadrant RateLimitPolicy object from OpenAPI 3¶
The kuadrantctl generate kuadrant ratelimitpolicy command generates an Kuadrant RateLimitPolicy
from your OpenAPI Specification (OAS) 3.x powered with kuadrant extensions.
OpenAPI specification¶
An OpenAPI document resource can be provided to the cli by one of the following channels:
- Filename in the available path.
- URL format (supported schemes are HTTP and HTTPS). The CLI will try to download from the given address.
- Read from stdin standard input stream.
Usage¶
Generate Kuadrant RateLimitPolicy from OpenAPI 3.0.X
Usage:
kuadrantctl generate kuadrant ratelimitpolicy [flags]
Flags:
-h, --help help for ratelimitpolicy
--oas string Path to OpenAPI spec file (in JSON or YAML format), URL, or '-' to read from standard input (required)
-o Output format: 'yaml' or 'json'. Default: yaml
Global Flags:
-v, --verbose verbose output
Under the example folder there are examples of OAS 3 that can be used to generate the resources
User Guide¶
- Clone the repo
- Setup cluster, istio and Gateway API CRDs
- Build and install CLI in
bin/kuadrantctlpath - Install Kuadrant service protection. The CLI can be used to install kuadrant v0.4.1
- Deploy petstore backend API
- Let's create Petstore's OpenAPI spec
cat <<EOF >petstore-openapi.yaml
---
openapi: "3.0.3"
info:
title: "Pet Store API"
version: "1.0.0"
x-kuadrant:
route:
name: "petstore"
namespace: "petstore"
hostnames:
- example.com
parentRefs:
- name: istio-ingressgateway
namespace: istio-system
servers:
- url: https://example.io/v1
paths:
/cat:
x-kuadrant: ## Path level Kuadrant Extension
backendRefs:
- name: petstore
port: 80
namespace: petstore
rate_limit:
rates:
- limit: 1
duration: 10
unit: second
counters:
- request.headers.x-forwarded-for
get: # Added to the route and rate limited
operationId: "getCat"
responses:
405:
description: "invalid input"
post: # NOT added to the route
x-kuadrant:
disable: true
operationId: "postCat"
responses:
405:
description: "invalid input"
/dog:
get: # Added to the route and rate limited
x-kuadrant: ## Operation level Kuadrant Extension
backendRefs:
- name: petstore
port: 80
namespace: petstore
rate_limit:
rates:
- limit: 3
duration: 10
unit: second
counters:
- request.headers.x-forwarded-for
operationId: "getDog"
responses:
405:
description: "invalid input"
post: # Added to the route and NOT rate limited
x-kuadrant: ## Operation level Kuadrant Extension
backendRefs:
- name: petstore
port: 80
namespace: petstore
operationId: "postDog"
responses:
405:
description: "invalid input"
EOF
NOTE:
serversbase path not included. WIP in following up PRs.
| Operation | Applied config |
|---|---|
GET /cat |
It should return 200 Ok and be rate limited (1 req / 10 seconds) |
POST /cat |
Not added to the HTTPRoute. It should return 404 Not Found |
GET /dog |
It should return 200 Ok and be rate limited (3 req / 10 seconds) |
POST /dog |
It should return 200 Ok and NOT rate limited |
-
Create the HTTPRoute using the CLI
-
Create the Rate Limit Policy
-
Test OpenAPI endpoints
GET /cat-> It should return 200 Ok and be rate limited (1 req / 10 seconds)
POST /cat -> Not added to the HTTPRoute. It should return 404 Not Found
* GET /dog -> It should return 200 Ok and be rate limited (3 req / 10 seconds)
POST /dog-> It should return 200 Ok and NOT rate limited
- Clean environment