forked from envoyproxy/gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: rateLimitDeployment ignoring pod labels and annotation merge (en…
…voyproxy#4228) * fix labels and annotation merges for rate limit deployment Signed-off-by: Oscar Boher <[email protected]> * fix tests and label merge Signed-off-by: Oscar Boher <[email protected]> * fix annotation merge if prometheus was disabled and annotations were defined Signed-off-by: Oscar Boher <[email protected]> * renamed labels and annotations to specify they apply to pods only Signed-off-by: Oscar Boher <[email protected]> * linter Signed-off-by: Oscar Boher <[email protected]> * fix resource provider tests to new annotation behavior Signed-off-by: Oscar Boher <[email protected]> * go linter Signed-off-by: Oscar Boher <[email protected]> * fix gen-check Signed-off-by: Oscar Boher <[email protected]> * pod labels selector comment Signed-off-by: Oscar Boher <[email protected]> --------- Signed-off-by: Oscar Boher <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]>
- Loading branch information
1 parent
db1f437
commit cf84927
Showing
11 changed files
with
391 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
156 changes: 156 additions & 0 deletions
156
internal/infrastructure/kubernetes/ratelimit/testdata/deployments/merge-annotations.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/component: ratelimit | ||
app.kubernetes.io/managed-by: envoy-gateway | ||
app.kubernetes.io/name: envoy-ratelimit | ||
name: envoy-ratelimit | ||
namespace: envoy-gateway-system | ||
ownerReferences: | ||
- apiVersion: apps/v1 | ||
kind: Deployment | ||
name: envoy-gateway | ||
uid: test-owner-reference-uid-for-deployment | ||
spec: | ||
progressDeadlineSeconds: 600 | ||
revisionHistoryLimit: 10 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/component: ratelimit | ||
app.kubernetes.io/managed-by: envoy-gateway | ||
app.kubernetes.io/name: envoy-ratelimit | ||
strategy: | ||
type: RollingUpdate | ||
template: | ||
metadata: | ||
annotations: | ||
key1: value1 | ||
key2: value2 | ||
prometheus.io/path: /metrics | ||
prometheus.io/port: "19001" | ||
prometheus.io/scrape: "true" | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/component: ratelimit | ||
app.kubernetes.io/managed-by: envoy-gateway | ||
app.kubernetes.io/name: envoy-ratelimit | ||
spec: | ||
automountServiceAccountToken: false | ||
containers: | ||
- command: | ||
- /bin/ratelimit | ||
env: | ||
- name: RUNTIME_ROOT | ||
value: /data | ||
- name: RUNTIME_SUBDIRECTORY | ||
value: ratelimit | ||
- name: RUNTIME_IGNOREDOTFILES | ||
value: "true" | ||
- name: RUNTIME_WATCH_ROOT | ||
value: "false" | ||
- name: LOG_LEVEL | ||
value: info | ||
- name: USE_STATSD | ||
value: "false" | ||
- name: CONFIG_TYPE | ||
value: GRPC_XDS_SOTW | ||
- name: CONFIG_GRPC_XDS_SERVER_URL | ||
value: envoy-gateway:18001 | ||
- name: CONFIG_GRPC_XDS_NODE_ID | ||
value: envoy-ratelimit | ||
- name: GRPC_SERVER_USE_TLS | ||
value: "true" | ||
- name: GRPC_SERVER_TLS_CERT | ||
value: /certs/tls.crt | ||
- name: GRPC_SERVER_TLS_KEY | ||
value: /certs/tls.key | ||
- name: GRPC_SERVER_TLS_CA_CERT | ||
value: /certs/ca.crt | ||
- name: CONFIG_GRPC_XDS_SERVER_USE_TLS | ||
value: "true" | ||
- name: CONFIG_GRPC_XDS_CLIENT_TLS_CERT | ||
value: /certs/tls.crt | ||
- name: CONFIG_GRPC_XDS_CLIENT_TLS_KEY | ||
value: /certs/tls.key | ||
- name: CONFIG_GRPC_XDS_SERVER_TLS_CACERT | ||
value: /certs/ca.crt | ||
- name: FORCE_START_WITHOUT_INITIAL_CONFIG | ||
value: "true" | ||
- name: REDIS_SOCKET_TYPE | ||
value: tcp | ||
- name: REDIS_URL | ||
value: redis.redis.svc:6379 | ||
- name: USE_PROMETHEUS | ||
value: "true" | ||
- name: PROMETHEUS_ADDR | ||
value: :19001 | ||
- name: PROMETHEUS_MAPPER_YAML | ||
value: /etc/statsd-exporter/conf.yaml | ||
image: envoyproxy/ratelimit:master | ||
imagePullPolicy: IfNotPresent | ||
name: envoy-ratelimit | ||
ports: | ||
- containerPort: 8081 | ||
name: grpc | ||
protocol: TCP | ||
readinessProbe: | ||
failureThreshold: 1 | ||
httpGet: | ||
path: /healthcheck | ||
port: 8080 | ||
scheme: HTTP | ||
periodSeconds: 5 | ||
successThreshold: 1 | ||
timeoutSeconds: 1 | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 512Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
readOnlyRootFilesystem: true | ||
runAsGroup: 65534 | ||
runAsNonRoot: true | ||
runAsUser: 65534 | ||
seccompProfile: | ||
type: RuntimeDefault | ||
startupProbe: | ||
failureThreshold: 30 | ||
httpGet: | ||
path: /healthcheck | ||
port: 8080 | ||
scheme: HTTP | ||
periodSeconds: 10 | ||
successThreshold: 1 | ||
timeoutSeconds: 1 | ||
terminationMessagePath: /dev/termination-log | ||
terminationMessagePolicy: File | ||
volumeMounts: | ||
- mountPath: /certs | ||
name: certs | ||
readOnly: true | ||
- mountPath: /etc/statsd-exporter | ||
name: statsd-exporter-config | ||
readOnly: true | ||
dnsPolicy: ClusterFirst | ||
restartPolicy: Always | ||
schedulerName: default-scheduler | ||
serviceAccountName: envoy-ratelimit | ||
terminationGracePeriodSeconds: 300 | ||
volumes: | ||
- name: certs | ||
secret: | ||
defaultMode: 420 | ||
secretName: envoy-rate-limit | ||
- configMap: | ||
defaultMode: 420 | ||
name: statsd-exporter-config | ||
optional: true | ||
name: statsd-exporter-config | ||
status: {} |
Oops, something went wrong.