-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using PolicyTargetReference
instead of Selector
#612
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #612 +/- ##
==========================================
+ Coverage 80.20% 82.54% +2.33%
==========================================
Files 64 72 +8
Lines 4492 5415 +923
==========================================
+ Hits 3603 4470 +867
- Misses 600 639 +39
- Partials 289 306 +17
Flags with carried forward coverage won't be shown. Click here to find out more.
|
2b91bb9
to
653fb27
Compare
I haven't removed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to merge - request did contain
config:
name: istio-system.kuadrant-istio-ingressgateway
vm_config:
runtime: envoy.wasm.runtime.v8
code:
local:
filename: /var/lib/istio/data/81221938ebcbc4550eb35f72aac65d0939d89335832b5a022226fb2526806e9e/9b28356942b98c2a73dd1428403ec45836f956114208dfceb88f8f957e94e45d.wasm
configuration:
'@type': type.googleapis.com/google.protobuf.StringValue
value: '{"failureMode":"deny","rateLimitPolicies":[{"domain":"default/toystore","hostnames":["api.toystore.com"],"name":"default/toystore","rules":[{"conditions":[{"allOf":[{"operator":"eq","selector":"request.url_path","value":"/toy"},{"operator":"eq","selector":"request.method","value":"GET"}]}],"data":[{"static":{"key":"limit.default__37a8eec1","value":"1"}}]}],"service":"kuadrant-rate-limiting-service"}]}'
What does this have to do with gateway annotations? |
When the gateway does not have labels (nothing to do with annotations), the label selector implemented by kuadrant is failing as it is empty. Empty label selector will not match any gateway, thus rate limiting not enforced. |
Thanks @eguzki. That's what I figured. Maybe fix in the description of the PR, @didierofrivia? |
to target gateway resource
3c36cd5
to
cfd9dde
Compare
In order to not rely on Gateway a̶n̶n̶o̶t̶a̶t̶i̶o̶n̶s̶ labels/selectors, we are now using PolicyTargetReference. This fixes the issue when no annotation has been added to the managed gateway (or removed/updated).
Verification steps
It should contain