Feature toggle for rate limiting (#1451)

* Add rate limit api, controller and config files. Add build tag to handle go file scoping

* Add RateLimit CRD

* Remove unnecessary files

* Remove ratelimit CRD when creating manifests for release

* Add dummy unit test for ratelimit controller

* Add go build tag support in Dockerfile
Add ratelimit build tag to development make targets

* Add handling of manager ClusterRole rules for ratelimit by introducing dev overlay

* Rename feature toggle build tag to make it reusable for upcoming features

* Fix typo in comment

* Rename feature toggle

Dockerfile

@@ -2,6 +2,7 @@
 FROM golang:1.23.3-alpine AS builder
 ARG TARGET_OS
 ARG TARGET_ARCH
+ARG GO_BUILD_TAGS
 ARG VERSION
 
 WORKDIR /api-gateway-build
@@ -24,7 +25,7 @@ COPY manifests/ manifests/
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGET_OS:-linux} GOARCH=${TARGET_ARCH:-amd64} go build -ldflags="-X 'github.com/kyma-project/api-gateway/internal/version.version=${VERSION:-}'" -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=${TARGET_OS:-linux} GOARCH=${TARGET_ARCH:-amd64} go build -tags ${GO_BUILD_TAGS} -ldflags="-X 'github.com/kyma-project/api-gateway/internal/version.version=${VERSION:-}'" -a -o manager main.go
 
 
 # Use distroless as minimal base image to package the manager binary

Makefile

@@ -89,7 +89,7 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate fmt vet envtest ## Generate manifests and run tests.
-	KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=2m KUBEBUILDER_CONTROLPLANE_STOP_TIMEOUT=2m KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test $(shell go list ./... | grep -v /tests/integration) -coverprofile cover.out
+	KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=2m KUBEBUILDER_CONTROLPLANE_STOP_TIMEOUT=2m KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -tags dev_features $(shell go list ./... | grep -v /tests/integration) -coverprofile cover.out
 
 .PHONY: test-integration
 test-integration: test-integration-v2alpha1 test-integration-ory test-integration-istio test-integration-gateway
@@ -134,15 +134,15 @@ install-istio: create-namespace
 
 .PHONY: build
 build: generate fmt vet ## Build manager binary.
-	go build -o bin/manager main.go
+	go build -tags dev_features -o bin/manager main.go
 
 .PHONY: run
-run: manifests build
-	go run ./main.go
+run: manifests generate fmt vet
+	go run -tags dev_features ./main.go
 
 .PHONY: docker-build
 docker-build:
-	IMG=$(IMG) docker build -t ${IMG} --build-arg TARGET_OS=${TARGET_OS} --build-arg TARGET_ARCH=${TARGET_ARCH} --build-arg VERSION=${VERSION} .
+	IMG=$(IMG) docker build -t ${IMG} --build-arg GO_BUILD_TAGS=dev_features --build-arg TARGET_OS=${TARGET_OS} --build-arg TARGET_ARCH=${TARGET_ARCH} --build-arg VERSION=${VERSION} .
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
@@ -188,11 +188,11 @@ create-namespace:
 .PHONY: deploy
 deploy: manifests kustomize module-version create-namespace ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/dev | kubectl apply -f -
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/dev | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 ##@ Build Dependencies
 
@@ -244,7 +244,7 @@ module-image: docker-build docker-push ## Build the Module Image and push it to
 .PHONY: generate-manifests
 generate-manifests: kustomize module-version
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default > api-gateway-manager.yaml
+	$(KUSTOMIZE) build config/prod > api-gateway-manager.yaml
 
 .PHONY: get-latest-release
 get-latest-release:

PROJECT

@@ -29,4 +29,13 @@ resources:
   kind: APIGateway
   path: github.com/kyma-project/api-gateway/apis/operator/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: kyma-project.io
+  group: ratelimit
+  kind: RateLimit
+  path: github.com/kyma-project/api-gateway/apis/ratelimit/v1alpha1
+  version: v1alpha1
 version: "3"

apis/ratelimit/v1alpha1/groupversion_info.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the ratelimit v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=ratelimit.kyma-project.io
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "ratelimit.kyma-project.io", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

apis/ratelimit/v1alpha1/ratelimit_types.go

@@ -0,0 +1,64 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// RateLimitSpec defines the desired state of RateLimit
+type RateLimitSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of RateLimit. Edit ratelimit_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// RateLimitStatus defines the observed state of RateLimit
+type RateLimitStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// RateLimit is the Schema for the ratelimits API
+type RateLimit struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RateLimitSpec   `json:"spec,omitempty"`
+	Status RateLimitStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// RateLimitList contains a list of RateLimit
+type RateLimitList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RateLimit `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RateLimit{}, &RateLimitList{})
+}

config/crd/bases/ratelimit.kyma-project.io_ratelimits.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: ratelimits.ratelimit.kyma-project.io
+spec:
+  group: ratelimit.kyma-project.io
+  names:
+    kind: RateLimit
+    listKind: RateLimitList
+    plural: ratelimits
+    singular: ratelimit
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: RateLimit is the Schema for the ratelimits API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RateLimitSpec defines the desired state of RateLimit
+            properties:
+              foo:
+                description: Foo is an example field of RateLimit. Edit ratelimit_types.go
+                  to remove/update
+                type: string
+            type: object
+          status:
+            description: RateLimitStatus defines the observed state of RateLimit
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -4,6 +4,7 @@
 resources:
 - bases/gateway.kyma-project.io_apirules.yaml
 - bases/operator.kyma-project.io_apigateways.yaml
+- bases/ratelimit.kyma-project.io_ratelimits.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 labels: