From 2c8c8c421be0905492bf08c42cacb4018d0c3937 Mon Sep 17 00:00:00 2001 From: jukie <10012479+Jukie@users.noreply.github.com> Date: Sun, 13 Oct 2024 00:09:27 -0600 Subject: [PATCH] Remove ratelimit daemonset Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> --- .../kubernetes/ratelimit/resource_provider.go | 102 +--- .../ratelimit/resource_provider_test.go | 520 ------------------ .../ratelimit/testdata/daemonsets/custom.yaml | 151 ----- .../testdata/daemonsets/default-env.yaml | 151 ----- .../testdata/daemonsets/default.yaml | 156 ------ .../daemonsets/disable-prometheus.yaml | 138 ----- .../daemonsets/enable-tracing-custom.yaml | 171 ------ .../testdata/daemonsets/enable-tracing.yaml | 171 ------ .../testdata/daemonsets/extension-env.yaml | 155 ------ .../daemonsets/merge-annotations.yaml | 158 ------ .../testdata/daemonsets/merge-labels.yaml | 158 ------ .../testdata/daemonsets/override-env.yaml | 151 ----- .../testdata/daemonsets/patch-daemonset.yaml | 157 ------ .../daemonsets/redis-tls-settings.yaml | 166 ------ .../testdata/daemonsets/tolerations.yaml | 171 ------ .../testdata/daemonsets/volumes.yaml | 171 ------ .../daemonsets/with-node-selector.yaml | 159 ------ .../kubernetes/ratelimit_infra.go | 21 +- .../kubernetes/ratelimit_infra_test.go | 42 +- 19 files changed, 7 insertions(+), 3062 deletions(-) delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/custom.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default-env.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/disable-prometheus.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing-custom.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/extension-env.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-annotations.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-labels.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/override-env.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/patch-daemonset.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/redis-tls-settings.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/tolerations.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/volumes.yaml delete mode 100644 internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/with-node-selector.yaml diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go index 77f66893604..bcc9d580cfc 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go @@ -27,7 +27,6 @@ import ( // but also the key for the uid of their ownerReference. const ( ResourceKindService = "Service" - ResourceKindDaemonset = "Daemonset" ResourceKindDeployment = "Deployment" ResourceKindServiceAccount = "ServiceAccount" appsAPIVersion = "apps/v1" @@ -42,7 +41,6 @@ type ResourceRender struct { rateLimit *egv1a1.RateLimit rateLimitDeployment *egv1a1.KubernetesDeploymentSpec - rateLimitDaemonset *egv1a1.KubernetesDaemonSetSpec // ownerReferenceUID store the uid of its owner reference. ownerReferenceUID map[string]types.UID @@ -53,7 +51,6 @@ func NewResourceRender(ns string, gateway *egv1a1.EnvoyGateway, ownerReferenceUI return &ResourceRender{ Namespace: ns, rateLimit: gateway.RateLimit, - rateLimitDaemonset: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDaemonset, rateLimitDeployment: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDeployment, ownerReferenceUID: ownerReferenceUID, } @@ -297,105 +294,12 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { // DaemonSetSpec returns the `DaemonSet` sets spec. func (r *ResourceRender) DaemonSetSpec() (*egv1a1.KubernetesDaemonSetSpec, error) { - return r.rateLimitDaemonset, nil + return nil, nil } +// TODO: implement this method func (r *ResourceRender) DaemonSet() (*appsv1.DaemonSet, error) { - // If daemonset config is nil,ignore Daemonset. - if daemonsetConfig, er := r.DaemonSetSpec(); daemonsetConfig == nil { - return nil, er - } - - containers := expectedRateLimitContainers(r.rateLimit, r.rateLimitDaemonset.Container, r.Namespace) - selector := resource.GetSelector(rateLimitLabels()) - - podLabels := rateLimitLabels() - if r.rateLimitDaemonset.Pod.Labels != nil { - maps.Copy(podLabels, r.rateLimitDaemonset.Pod.Labels) - // Copy overwrites values in the dest map if they exist in the src map https://pkg.go.dev/maps#Copy - // It's applied again with the rateLimitLabels that are used as daemonset selector to ensure those are not overwritten by user input - maps.Copy(podLabels, rateLimitLabels()) - } - - var podAnnotations map[string]string - if enablePrometheus(r.rateLimit) { - podAnnotations = map[string]string{ - "prometheus.io/path": "/metrics", - "prometheus.io/port": strconv.Itoa(PrometheusPort), - "prometheus.io/scrape": "true", - } - } - if r.rateLimitDaemonset.Pod.Annotations != nil { - if podAnnotations != nil { - maps.Copy(podAnnotations, r.rateLimitDaemonset.Pod.Annotations) - } else { - podAnnotations = r.rateLimitDaemonset.Pod.Annotations - } - } - - daemonset := &appsv1.DaemonSet{ - TypeMeta: metav1.TypeMeta{ - Kind: ResourceKindDaemonset, - APIVersion: appsAPIVersion, - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: r.Namespace, - Labels: rateLimitLabels(), - }, - Spec: appsv1.DaemonSetSpec{ - UpdateStrategy: *r.rateLimitDaemonset.Strategy, - Selector: selector, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: podLabels, - Annotations: podAnnotations, - }, - Spec: corev1.PodSpec{ - Containers: containers, - ServiceAccountName: InfraName, - AutomountServiceAccountToken: ptr.To(false), - TerminationGracePeriodSeconds: ptr.To[int64](300), - DNSPolicy: corev1.DNSClusterFirst, - RestartPolicy: corev1.RestartPolicyAlways, - SchedulerName: "default-scheduler", - SecurityContext: r.rateLimitDaemonset.Pod.SecurityContext, - Volumes: expectedDeploymentVolumes(r.rateLimit, r.rateLimitDaemonset.Pod), - Affinity: r.rateLimitDaemonset.Pod.Affinity, - Tolerations: r.rateLimitDaemonset.Pod.Tolerations, - ImagePullSecrets: r.rateLimitDaemonset.Pod.ImagePullSecrets, - NodeSelector: r.rateLimitDaemonset.Pod.NodeSelector, - }, - }, - }, - } - - // set name - if r.rateLimitDaemonset.Name != nil { - daemonset.ObjectMeta.Name = *r.rateLimitDaemonset.Name - } else { - daemonset.ObjectMeta.Name = r.Name() - } - - if r.ownerReferenceUID != nil { - if uid, ok := r.ownerReferenceUID[ResourceKindDaemonset]; ok { - daemonset.OwnerReferences = []metav1.OwnerReference{ - { - Kind: ResourceKindDaemonset, - APIVersion: appsAPIVersion, - Name: "envoy-gateway", - UID: uid, - }, - } - } - } - - // apply merge patch to daemonset - var err error - if daemonset, err = r.rateLimitDaemonset.ApplyMergePatch(daemonset); err != nil { - return nil, err - } - - return daemonset, nil + return nil, nil } // HorizontalPodAutoscalerSpec returns the `HorizontalPodAutoscaler` sets spec. diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index 71d1cfc2f81..c7aa23f7943 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -37,7 +37,6 @@ const ( var ownerReferenceUID = map[string]types.UID{ ResourceKindService: "test-owner-reference-uid-for-service", - ResourceKindDaemonset: "test-owner-reference-uid-for-deployment", ResourceKindDeployment: "test-owner-reference-uid-for-deployment", ResourceKindServiceAccount: "test-owner-reference-uid-for-service-account", } @@ -766,525 +765,6 @@ func loadDeployment(caseName string) (*appsv1.Deployment, error) { return deployment, nil } -func TestDaemonset(t *testing.T) { - cfg, err := config.New() - // Set default DaemonsetSpec or else daemonset will be used - cfg.EnvoyGateway.Provider.Kubernetes.RateLimitDaemonset = egv1a1.DefaultKubernetesDaemonSet(egv1a1.DefaultRateLimitImage) - require.NoError(t, err) - rateLimit := &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - } - cases := []struct { - caseName string - rateLimit *egv1a1.RateLimit - daemonSetSpec *egv1a1.KubernetesDaemonSetSpec - }{ - { - caseName: "default", - rateLimit: rateLimit, - daemonSetSpec: cfg.EnvoyGateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDaemonset, - }, - { - caseName: "disable-prometheus", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - Telemetry: &egv1a1.RateLimitTelemetry{ - Metrics: &egv1a1.RateLimitMetrics{ - Prometheus: &egv1a1.RateLimitMetricsPrometheusProvider{ - Disable: true, - }, - }, - }, - }, - daemonSetSpec: cfg.EnvoyGateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDaemonset, - }, - { - caseName: "patch-daemonset", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Patch: &egv1a1.KubernetesPatchSpec{ - Type: ptr.To(egv1a1.StrategicMerge), - Value: apiextensionsv1.JSON{ - Raw: []byte("{\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":true,\"dnsPolicy\":\"ClusterFirstWithHostNet\"}}}}"), - }, - }, - }, - }, - { - caseName: "custom", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "extension-env", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: []corev1.EnvVar{ - { - Name: "env_a", - Value: "env_a_value", - }, - { - Name: "env_b", - Value: "env_b_value", - }, - }, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "default-env", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: nil, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "override-env", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: []corev1.EnvVar{ - { - Name: UseStatsdEnvVar, - Value: "true", - }, - }, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "redis-tls-settings", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - TLS: &egv1a1.RedisTLSSettings{ - CertificateRef: &gwapiv1.SecretObjectReference{ - Name: "ratelimit-cert", - }, - }, - }, - }, - }, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: []corev1.EnvVar{ - { - Name: RedisAuthEnvVar, - Value: "redis_auth_password", - }, - { - Name: UseStatsdEnvVar, - Value: "true", - }, - }, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "tolerations", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - TLS: &egv1a1.RedisTLSSettings{ - CertificateRef: &gwapiv1.SecretObjectReference{ - Name: "ratelimit-cert", - }, - }, - }, - }, - }, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - Tolerations: []corev1.Toleration{ - { - Key: "node-type", - Operator: corev1.TolerationOpExists, - Effect: corev1.TaintEffectNoSchedule, - Value: "router", - }, - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: []corev1.EnvVar{ - { - Name: RedisAuthEnvVar, - Value: "redis_auth_password", - }, - { - Name: UseStatsdEnvVar, - Value: "true", - }, - }, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - }, - }, - }, - { - caseName: "volumes", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - TLS: &egv1a1.RedisTLSSettings{ - CertificateRef: &gwapiv1.SecretObjectReference{ - Name: "ratelimit-cert-origin", - }, - }, - }, - }, - }, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Strategy: egv1a1.DefaultKubernetesDaemonSetStrategy(), - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/scrape": "true", - }, - SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: ptr.To[int64](1000), - }, - Tolerations: []corev1.Toleration{ - { - Key: "node-type", - Operator: corev1.TolerationOpExists, - Effect: corev1.TaintEffectNoSchedule, - Value: "router", - }, - }, - Volumes: []corev1.Volume{ - { - Name: "certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: "custom-cert", - DefaultMode: ptr.To[int32](420), - }, - }, - }, - }, - }, - Container: &egv1a1.KubernetesContainerSpec{ - Env: []corev1.EnvVar{ - { - Name: RedisAuthEnvVar, - Value: "redis_auth_password", - }, - { - Name: UseStatsdEnvVar, - Value: "true", - }, - }, - Image: ptr.To("custom-image"), - Resources: &corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("2Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - }, - SecurityContext: &corev1.SecurityContext{ - Privileged: ptr.To(true), - }, - VolumeMounts: []corev1.VolumeMount{}, - }, - }, - }, - { - caseName: "with-node-selector", - rateLimit: rateLimit, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Pod: &egv1a1.KubernetesPodSpec{ - NodeSelector: map[string]string{ - "key1": "value1", - "key2": "value2", - }, - }, - }, - }, - { - caseName: "enable-tracing", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - Telemetry: &egv1a1.RateLimitTelemetry{ - Tracing: &egv1a1.RateLimitTracing{ - Provider: &egv1a1.RateLimitTracingProvider{ - URL: "http://trace-collector.envoy-gateway-system.svc.cluster.local:4318", - }, - }, - }, - }, - daemonSetSpec: cfg.EnvoyGateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDaemonset, - }, - { - caseName: "enable-tracing-custom", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - Telemetry: &egv1a1.RateLimitTelemetry{ - Tracing: &egv1a1.RateLimitTracing{ - SamplingRate: ptr.To[uint32](55), - Provider: &egv1a1.RateLimitTracingProvider{ - URL: "trace-collector.envoy-gateway-system.svc.cluster.local:4317", - }, - }, - }, - }, - daemonSetSpec: cfg.EnvoyGateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().RateLimitDaemonset, - }, - { - caseName: "merge-labels", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - }, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Pod: &egv1a1.KubernetesPodSpec{ - Labels: map[string]string{ - "app.kubernetes.io/name": InfraName, - "app.kubernetes.io/component": "ratelimit", - "app.kubernetes.io/managed-by": "envoy-gateway", - "key1": "value1", - "key2": "value2", - }, - }, - }, - }, - { - caseName: "merge-annotations", - rateLimit: &egv1a1.RateLimit{ - Backend: egv1a1.RateLimitDatabaseBackend{ - Type: egv1a1.RedisBackendType, - Redis: &egv1a1.RateLimitRedisSettings{ - URL: "redis.redis.svc:6379", - }, - }, - }, - daemonSetSpec: &egv1a1.KubernetesDaemonSetSpec{ - Pod: &egv1a1.KubernetesPodSpec{ - Annotations: map[string]string{ - "prometheus.io/path": "/metrics", - "prometheus.io/port": strconv.Itoa(PrometheusPort), - "prometheus.io/scrape": "true", - "key1": "value1", - "key2": "value2", - }, - }, - }, - }, - } - for _, tc := range cases { - t.Run(tc.caseName, func(t *testing.T) { - cfg.EnvoyGateway.RateLimit = tc.rateLimit - - cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{ - Type: egv1a1.ProviderTypeKubernetes, - Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{ - RateLimitDaemonset: tc.daemonSetSpec, - }, - } - r := NewResourceRender(cfg.Namespace, cfg.EnvoyGateway, ownerReferenceUID) - dp, err := r.DaemonSet() - require.NoError(t, err) - - if *overrideTestData { - daemonsetYAML, err := yaml.Marshal(dp) - require.NoError(t, err) - // nolint:gosec - err = os.WriteFile(fmt.Sprintf("testdata/daemonsets/%s.yaml", tc.caseName), daemonsetYAML, 0o644) - require.NoError(t, err) - return - } - - expected, err := loadDaemonset(tc.caseName) - require.NoError(t, err) - - assert.Equal(t, expected, dp) - }) - } -} - -func loadDaemonset(caseName string) (*appsv1.DaemonSet, error) { - daemonsetYaml, err := os.ReadFile(fmt.Sprintf("testdata/daemonsets/%s.yaml", caseName)) - if err != nil { - return nil, err - } - daemonset := &appsv1.DaemonSet{} - _ = yaml.Unmarshal(daemonsetYaml, daemonset) - return daemonset, nil -} - func TestGetServiceURL(t *testing.T) { got := GetServiceURL("envoy-gateway-system", "example-cluster.local") assert.Equal(t, "grpc://envoy-ratelimit.envoy-gateway-system.svc.example-cluster.local:8081", got) diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/custom.yaml deleted file mode 100644 index eb3d1dc13d8..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/custom.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default-env.yaml deleted file mode 100644 index eb3d1dc13d8..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default-env.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default.yaml deleted file mode 100644 index d3182b68dd5..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/default.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/disable-prometheus.yaml deleted file mode 100644 index e902600edbe..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/disable-prometheus.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing-custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing-custom.yaml deleted file mode 100644 index 78242fdc716..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing-custom.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: TRACING_ENABLED - value: "true" - - name: TRACING_SERVICE_NAME - value: envoy-ratelimit - - name: TRACING_SERVICE_NAMESPACE - value: envoy-gateway-system - - name: TRACING_SERVICE_INSTANCE_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: TRACING_SAMPLING_RATE - value: "0.6" - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://trace-collector.envoy-gateway-system.svc.cluster.local:4317 - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing.yaml deleted file mode 100644 index 31a4ecfdad9..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/enable-tracing.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: TRACING_ENABLED - value: "true" - - name: TRACING_SERVICE_NAME - value: envoy-ratelimit - - name: TRACING_SERVICE_NAMESPACE - value: envoy-gateway-system - - name: TRACING_SERVICE_INSTANCE_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: TRACING_SAMPLING_RATE - value: "1.0" - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://trace-collector.envoy-gateway-system.svc.cluster.local:4318 - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/extension-env.yaml deleted file mode 100644 index 9ec98bc74f3..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/extension-env.yaml +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: env_a - value: env_a_value - - name: env_b - value: env_b_value - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-annotations.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-annotations.yaml deleted file mode 100644 index 2f34b46f27e..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-annotations.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - key1: value1 - key2: value2 - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-labels.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-labels.yaml deleted file mode 100644 index efd6a1382c1..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/merge-labels.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - key1: value1 - key2: value2 - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/override-env.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/override-env.yaml deleted file mode 100644 index 1de6f2237f9..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/override-env.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "true" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/patch-daemonset.yaml deleted file mode 100644 index 8527fb93226..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/patch-daemonset.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/redis-tls-settings.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/redis-tls-settings.yaml deleted file mode 100644 index a16c8a713a7..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/redis-tls-settings.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "true" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: REDIS_TLS - value: "true" - - name: REDIS_TLS_CLIENT_CERT - value: /redis-certs/tls.crt - - name: REDIS_TLS_CLIENT_KEY - value: /redis-certs/tls.key - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: REDIS_AUTH - value: redis_auth_password - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - - mountPath: /redis-certs - name: redis-certs - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: redis-certs - secret: - defaultMode: 420 - secretName: ratelimit-cert - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/tolerations.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/tolerations.yaml deleted file mode 100644 index 21d5051e084..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/tolerations.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "true" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: REDIS_TLS - value: "true" - - name: REDIS_TLS_CLIENT_CERT - value: /redis-certs/tls.crt - - name: REDIS_TLS_CLIENT_KEY - value: /redis-certs/tls.key - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: REDIS_AUTH - value: redis_auth_password - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - - mountPath: /redis-certs - name: redis-certs - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - tolerations: - - effect: NoSchedule - key: node-type - operator: Exists - value: router - volumes: - - name: redis-certs - secret: - defaultMode: 420 - secretName: ratelimit-cert - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/volumes.yaml deleted file mode 100644 index 93f8d545754..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/volumes.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "true" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: REDIS_TLS - value: "true" - - name: REDIS_TLS_CLIENT_CERT - value: /redis-certs/tls.crt - - name: REDIS_TLS_CLIENT_KEY - value: /redis-certs/tls.key - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - - name: REDIS_AUTH - value: redis_auth_password - image: custom-image - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 400m - memory: 2Gi - requests: - cpu: 200m - memory: 1Gi - securityContext: - privileged: true - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - - mountPath: /redis-certs - name: redis-certs - readOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsUser: 1000 - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - tolerations: - - effect: NoSchedule - key: node-type - operator: Exists - value: router - volumes: - - name: redis-certs - secret: - defaultMode: 420 - secretName: ratelimit-cert-origin - - name: certs - secret: - defaultMode: 420 - secretName: custom-cert - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/with-node-selector.yaml deleted file mode 100644 index 89d061b8da4..00000000000 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/daemonsets/with-node-selector.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apps/v1 -kind: Daemonset -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - name: envoy-ratelimit - namespace: envoy-gateway-system - ownerReferences: - - apiVersion: apps/v1 - kind: Daemonset - name: envoy-gateway - uid: test-owner-reference-uid-for-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "19001" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app.kubernetes.io/component: ratelimit - app.kubernetes.io/managed-by: envoy-gateway - app.kubernetes.io/name: envoy-ratelimit - spec: - automountServiceAccountToken: false - containers: - - command: - - /bin/ratelimit - env: - - name: RUNTIME_ROOT - value: /data - - name: RUNTIME_SUBDIRECTORY - value: ratelimit - - name: RUNTIME_IGNOREDOTFILES - value: "true" - - name: RUNTIME_WATCH_ROOT - value: "false" - - name: LOG_LEVEL - value: info - - name: USE_STATSD - value: "false" - - name: CONFIG_TYPE - value: GRPC_XDS_SOTW - - name: CONFIG_GRPC_XDS_SERVER_URL - value: envoy-gateway:18001 - - name: CONFIG_GRPC_XDS_NODE_ID - value: envoy-ratelimit - - name: GRPC_SERVER_USE_TLS - value: "true" - - name: GRPC_SERVER_TLS_CERT - value: /certs/tls.crt - - name: GRPC_SERVER_TLS_KEY - value: /certs/tls.key - - name: GRPC_SERVER_TLS_CA_CERT - value: /certs/ca.crt - - name: CONFIG_GRPC_XDS_SERVER_USE_TLS - value: "true" - - name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT - value: /certs/tls.crt - - name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY - value: /certs/tls.key - - name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT - value: /certs/ca.crt - - name: FORCE_START_WITHOUT_INITIAL_CONFIG - value: "true" - - name: REDIS_SOCKET_TYPE - value: tcp - - name: REDIS_URL - value: redis.redis.svc:6379 - - name: USE_PROMETHEUS - value: "true" - - name: PROMETHEUS_ADDR - value: :19001 - - name: PROMETHEUS_MAPPER_YAML - value: /etc/statsd-exporter/conf.yaml - image: envoyproxy/ratelimit:master - imagePullPolicy: IfNotPresent - name: envoy-ratelimit - ports: - - containerPort: 8081 - name: grpc - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthcheck - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /certs - name: certs - readOnly: true - - mountPath: /etc/statsd-exporter - name: statsd-exporter-config - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - key1: value1 - key2: value2 - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: envoy-ratelimit - terminationGracePeriodSeconds: 300 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: envoy-rate-limit - - configMap: - defaultMode: 420 - name: statsd-exporter-config - optional: true - name: statsd-exporter-config - updateStrategy: - type: RollingUpdate -status: - currentNumberScheduled: 0 - desiredNumberScheduled: 0 - numberMisscheduled: 0 - numberReady: 0 diff --git a/internal/infrastructure/kubernetes/ratelimit_infra.go b/internal/infrastructure/kubernetes/ratelimit_infra.go index 1b5bfd4ccb7..514f86a1d9d 100644 --- a/internal/infrastructure/kubernetes/ratelimit_infra.go +++ b/internal/infrastructure/kubernetes/ratelimit_infra.go @@ -10,9 +10,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/ratelimit" ) @@ -36,26 +34,11 @@ func (i *Infra) CreateOrUpdateRateLimitInfra(ctx context.Context) error { } ownerReferenceUID[ratelimit.ResourceKindService] = serviceUID - var uid types.UID - for _, obj := range []client.Object{&appsv1.Deployment{}, &appsv1.DaemonSet{}} { - uid, err = i.Client.GetUID(ctx, key, obj) - if err != nil { - if errors.IsNotFound(err) { - continue - } - return err - } - switch obj.(type) { - case *appsv1.Deployment: - ownerReferenceUID[ratelimit.ResourceKindDeployment] = uid - case *appsv1.DaemonSet: - ownerReferenceUID[ratelimit.ResourceKindDaemonset] = uid - } - break - } + deploymentUID, err := i.Client.GetUID(ctx, key, &appsv1.Deployment{}) if err != nil { return err } + ownerReferenceUID[ratelimit.ResourceKindDeployment] = deploymentUID serviceAccountUID, err := i.Client.GetUID(ctx, key, &corev1.ServiceAccount{}) if err != nil { diff --git a/internal/infrastructure/kubernetes/ratelimit_infra_test.go b/internal/infrastructure/kubernetes/ratelimit_infra_test.go index e49992194d4..1b4976ac361 100644 --- a/internal/infrastructure/kubernetes/ratelimit_infra_test.go +++ b/internal/infrastructure/kubernetes/ratelimit_infra_test.go @@ -12,7 +12,6 @@ import ( "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" @@ -68,20 +67,6 @@ func createEnvoyGatewayDeployment(t *testing.T, client client.Client, ns string) require.NoError(t, err) } -func createEnvoyGatewayDaemonset(t *testing.T, client client.Client, ns string) { - err := client.Create(context.Background(), &appsv1.DaemonSet{ - TypeMeta: metav1.TypeMeta{ - Kind: "Daemonset", - APIVersion: "apps/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "envoy-gateway", - Namespace: ns, - }, - }) - require.NoError(t, err) -} - func createEnvoyGatewayServiceAccount(t *testing.T, client client.Client, ns string) { err := client.Create(context.Background(), &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{ @@ -111,15 +96,6 @@ func TestCreateRateLimitInfra(t *testing.T) { }, expect: true, }, - { - name: "daemonset", - ownerReferences: []string{ - ratelimit.ResourceKindService, - ratelimit.ResourceKindDaemonset, - ratelimit.ResourceKindServiceAccount, - }, - expect: true, - }, { name: "default infra but missing service owner reference", ownerReferences: []string{ @@ -162,8 +138,6 @@ func TestCreateRateLimitInfra(t *testing.T) { createEnvoyGatewayService(t, kube.Client.Client, kube.Namespace) case ratelimit.ResourceKindDeployment: createEnvoyGatewayDeployment(t, kube.Client.Client, kube.Namespace) - case ratelimit.ResourceKindDaemonset: - createEnvoyGatewayDaemonset(t, kube.Client.Client, kube.Namespace) case ratelimit.ResourceKindServiceAccount: createEnvoyGatewayServiceAccount(t, kube.Client.Client, kube.Namespace) } @@ -186,26 +160,14 @@ func TestCreateRateLimitInfra(t *testing.T) { } require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(sa), sa)) - // Check for either a Deployment or DaemonSet deploy := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Namespace: kube.Namespace, Name: ratelimit.InfraName, }, } - daemonset := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: kube.Namespace, - Name: ratelimit.InfraName, - }, - } - err = kube.Client.Get(context.Background(), client.ObjectKeyFromObject(deploy), deploy) - if kerrors.IsNotFound(err) { - err = kube.Client.Get(context.Background(), client.ObjectKeyFromObject(daemonset), daemonset) - require.NoError(t, err) - } else { - require.NoError(t, err) - } + require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(deploy), deploy)) + svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Namespace: kube.Namespace,