Skip to content

Commit

Permalink
doc: ratelimit kubernetes resources setting doc for user. (#1282)
Browse files Browse the repository at this point in the history
doc: add ratelimit kubernetes resources setting doc for user.

Signed-off-by: qicz <[email protected]>
  • Loading branch information
qicz authored Apr 12, 2023
1 parent cd18c96 commit ad0afaa
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 10 deletions.
18 changes: 9 additions & 9 deletions docs/latest/design/config-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ type EnvoyGatewaySpec struct {
// the Kubernetes provider is used with default parameters.
//
// +optional
Provider *Provider `json:"provider,omitempty"`
Provider *EnvoyGatewayProvider `json:"provider,omitempty"`
}

// Gateway defines desired Gateway API configuration of Envoy Gateway.
Expand All @@ -92,9 +92,9 @@ type Gateway struct {
ControllerName string `json:"controllerName,omitempty"`
}

// Provider defines the desired configuration of a provider.
// EnvoyGatewayProvider defines the desired configuration of a provider.
// +union
type Provider struct {
type EnvoyGatewayProvider struct {
// Type is the type of provider to use. If unset, the Kubernetes provider is used.
//
// +unionDiscriminator
Expand All @@ -103,13 +103,13 @@ type Provider struct {
// provides runtime configuration via the Kubernetes API.
//
// +optional
Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"`
Kubernetes *EnvoyGatewayKubernetesProvider `json:"kubernetes,omitempty"`

// File defines the configuration of the File provider. File provides runtime
// configuration defined by one or more files.
//
// +optional
File *FileProvider `json:"file,omitempty"`
File *EnvoyGatewayFileProvider `json:"file,omitempty"`
}

// ProviderType defines the types of providers supported by Envoy Gateway.
Expand All @@ -123,13 +123,13 @@ const (
FileProviderType ProviderType = "File"
)

// KubernetesProvider defines configuration for the Kubernetes provider.
type KubernetesProvider struct {
// EnvoyGatewayKubernetesProvider defines configuration for the Kubernetes provider.
type EnvoyGatewayKubernetesProvider struct {
// TODO: Add config as use cases are better understood.
}

// FileProvider defines configuration for the File provider.
type FileProvider struct {
// EnvoyGatewayFileProvider defines configuration for the File provider.
type EnvoyGatewayFileProvider struct {
// TODO: Add config as use cases are better understood.
}
```
Expand Down
File renamed without changes.
2 changes: 1 addition & 1 deletion docs/latest/design_docs.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ Learn about the internal details of Envoy Gateway.
design/config-api
design/tcp-udp-design
design/egctl
design/ratelimit
design/rate-limit
design/request-authentication
design/bootstrap
55 changes: 55 additions & 0 deletions docs/latest/user/rate-limit.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,61 @@ EOF
kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system
```

### (Optional) Editing Kubernetes Resources settings for the Rate Limit Service

* The default installation of Envoy Gateway installs a default [EnvoyGateway][] configuration and provides the initial rate
limit kubernetes resources settings. such as `replicas` is 1, requests resources cpu is `100m`, memory is `512Mi`. the others
like container `securityContext` and pod `annotations` and `securityContext` can be modified by modifying the `ConfigMap`.

```shell
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-gateway-config
namespace: envoy-gateway-system
data:
envoy-gateway.yaml: |
apiVersion: config.gateway.envoyproxy.io/v1alpha1
kind: EnvoyGateway
provider:
type: Kubernetes
kubernetes:
rateLimitDeployment:
replicas: 1
container:
resources:
requests:
cpu: 100m
memory: 512Mi
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
pod:
annotations:
key1: val1
key2: val2
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
fsGroupChangePolicy: "OnRootMismatch"
gateway:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
rateLimit:
backend:
type: Redis
redis:
url: redis.redis-system.svc.cluster.local:6379
EOF
```

* After updating the `ConfigMap`, you will need to restart the `envoy-gateway` deployment so the configuration kicks in

```shell
kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system
```

## Rate limit specific user

Here is an example of a rate limit implemented by the application developer to limit a specific user by matching on a custom `x-user-id` header
Expand Down

0 comments on commit ad0afaa

Please sign in to comment.