Skip to content

Generating Kuadrant RateLimitPolicies

Generate Kuadrant RateLimitPolicy object from OpenAPI 3

The kuadrantctl generate kuadrant ratelimitpolicy command generates a Kuadrant RateLimitPolicy from your OpenAPI Specification (OAS) 3.x document powered with Kuadrant extensions.

OpenAPI specification

An OpenAPI document resource can be provided to the Kuadrant CLI in one of the following ways:

  • Filename in the available path.
  • URL format (supported schemes are HTTP and HTTPS). The CLI will try to download from the given address.
  • Read from stdin standard input stream.

Usage

Generate Kuadrant RateLimitPolicy from OpenAPI 3.0.x

Usage:
  kuadrantctl generate kuadrant ratelimitpolicy [flags]

Flags:
  -h, --help         help for ratelimitpolicy
  --oas string        Path to OpenAPI spec file (in JSON or YAML format), URL, or '-' to read from standard input (required)
  -o Output format:   'yaml' or 'json'. (default "yaml")

Global Flags:
  -v, --verbose   verbose output

Note: The kuadrantctl/examples directory in GitHub includes sample OAS 3 files that you can use to generate the resources.

Procedure

  1. Clone the Git repository as follows:

    git clone https://github.com/Kuadrant/kuadrantctl.git
    cd kuadrantctl
     ```
    2. Set up a cluster, Istio and Gateway API CRDs, and Kuadrant as follows: 
    
    
    * Use the single-cluster quick start script to install Kuadrant in a local `kind` cluster: https://docs.kuadrant.io/getting-started-single-cluster/.
    
    
    3. Build and install the CLI in `bin/kuadrantctl` path as follows:
    ```bash
    make install
    

  2. Deploy the Petstore backend API as follows:

    kubectl create namespace petstore
    kubectl apply -n petstore -f examples/petstore/petstore.yaml
    

  3. Create the Petstore OpenAPI definition as follows:

cat <<EOF >petstore-openapi.yaml
---
openapi: "3.0.3"
info:
  title: "Pet Store API"
  version: "1.0.0"
x-kuadrant:  ## Root-level Kuadrant extension
  route:
    name: "petstore"
    namespace: "petstore"
    hostnames:

      - example.com
    parentRefs:
      - name: istio-ingressgateway
        namespace: istio-system
servers:
  - url: https://example.io/v1
paths:
  /cat:
    x-kuadrant:  ## Path-level Kuadrant extension
      backendRefs:
        - name: petstore
          port: 80
          namespace: petstore
      rate_limit:
        rates:
          - limit: 1
            duration: 10
            unit: second
        counters:
          - request.headers.x-forwarded-for
    get:  # Added to the route and rate limited
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:  # NOT added to the route
      x-kuadrant: 
        disable: true
      operationId: "postCat"
      responses:
        405:
          description: "invalid input"
  /dog:
    get:  # Added to the route and rate limited
      x-kuadrant:  ## Operation-level Kuadrant extension
        backendRefs:
          - name: petstore
            port: 80
            namespace: petstore
        rate_limit:
          rates:
            - limit: 3
              duration: 10
              unit: second
          counters:
            - request.headers.x-forwarded-for
      operationId: "getDog"
      responses:
        405:
          description: "invalid input"
    post:  # Added to the route and NOT rate limited
      x-kuadrant:  ## Operation-level Kuadrant extension
        backendRefs:
          - name: petstore
            port: 80
            namespace: petstore
      operationId: "postDog"
      responses:
        405:
          description: "invalid input"
EOF

Note: The servers base path is not included. This is work-in-progress in follow-up PRs.

Operation Applied configuration
GET /cat Should return 200 OK and be rate limited (1 req / 10 seconds).
POST /cat Not added to the HTTPRoute. Should return 404 Not Found.
GET /dog Should return 200 OK and be rate limited (3 req / 10 seconds).
POST /dog Should return 200 OK and NOT rate limited.
  1. Create the HTTPRoute by using the CLI as follows:

    bin/kuadrantctl generate gatewayapi httproute --oas petstore-openapi.yaml | kubectl apply -n petstore -f -
    

  2. Create the rate limit policy as follows:

    bin/kuadrantctl generate kuadrant ratelimitpolicy --oas petstore-openapi.yaml | kubectl apply -n petstore -f -
    

  3. Test the OpenAPI endpoints as follows:

  4. GET /cat - Should return 200 OK and be rate limited (1 req / 10 seconds).

    curl --resolve example.com:9080:127.0.0.1 -v "http://example.com:9080/cat"
    

  5. POST /cat - Not added to the HTTPRoute. Should return 404 Not Found.
    curl --resolve example.com:9080:127.0.0.1 -v -X POST "http://example.com:9080/cat"
    
  6. GET /dog - Should return 200 OK and be rate limited (3 req / 10 seconds).
curl --resolve example.com:9080:127.0.0.1 -v "http://example.com:9080/dog"
  • POST /dog - Should return 200 OK and NOT rate limited.
curl --resolve example.com:9080:127.0.0.1 -v -X POST "http://example.com:9080/dog"