Use ratelimit from common

This commit is contained in:
patdyn 2024-07-10 09:51:32 +02:00
parent ecbe0feae4
commit ba649f4c28
4 changed files with 12 additions and 65 deletions

View file

@ -58,11 +58,8 @@
(forgejo/generate-service-ssh) (forgejo/generate-service-ssh)
(forgejo/generate-data-volume resolved-config) (forgejo/generate-data-volume resolved-config)
(forgejo/generate-appini-env resolved-config) (forgejo/generate-appini-env resolved-config)
(forgejo/generate-secrets auth) (forgejo/generate-secrets auth)] ; this does not have a vector as output
; TODO: generate-rate-limit-middleware does not use c4k-common -> refactor this (forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output
; TODO: generate-rate-limit-ingress-and-cert should probably use cm/generate-simple-ingress
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
(forgejo/generate-rate-limit-ingress-and-cert resolved-config) ; this function has a vector as output
(when (contains? resolved-config :restic-repository) (when (contains? resolved-config :restic-repository)
[(backup/generate-config resolved-config) [(backup/generate-config resolved-config)
(backup/generate-secret auth) (backup/generate-secret auth)

View file

@ -126,36 +126,18 @@
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user)) (cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw))))) (cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
(defn generate-ingress-and-cert (defn-spec generate-ratelimit-ingress-and-cert seq?
[config] [config config?]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
(ing/generate-ingress-and-cert (ing/generate-simple-ingress (merge
(merge
{:service-name "forgejo-service" {:service-name "forgejo-service"
:service-port 3000 :service-port 3000
:fqdns [fqdn]} :fqdns [fqdn]
:average-rate max-rate
:burst-rate max-concurrent-requests
:namespace namespace}
config)))) config))))
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
[config config?]
(->
(generate-ingress-and-cert config) ; returns a vector
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
(str
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
", default-ratelimit@kubernetescrd")))))
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
[config rate-limit-config?]
(let [{:keys [max-rate max-concurrent-requests]} config]
(->
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
(cm/replace-key-value :average max-rate)
(cm/replace-key-value :burst max-concurrent-requests))))
(defn-spec generate-data-volume pred/map-or-seq? (defn-spec generate-data-volume pred/map-or-seq?
[config vol?] [config vol?]
(let [{:keys [volume-total-storage-size]} config (let [{:keys [volume-total-storage-size]} config

View file

@ -1,9 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ratelimit
namespace: forgejo
spec:
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
average: AVG
burst: BRS

View file

@ -163,26 +163,3 @@
:storage-c2 "15Gi"} :storage-c2 "15Gi"}
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1}) (th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
(cut/generate-data-volume {:volume-total-storage-size 15}))))) (cut/generate-data-volume {:volume-total-storage-size 15})))))
(deftest should-generate-middleware-ratelimit
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
:kind "Middleware",
:metadata {:name "ratelimit", :namespace "forgejo"},
:spec {:rateLimit {:average 10, :burst 5}}}
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
(deftest should-generate-middleware-ratelimit-ingress-and-cert
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:traefik.ingress.kubernetes.io/router.middlewares
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
:metallb.universe.tf/address-pool "public"}
(-> (second
(cut/generate-rate-limit-ingress-and-cert
{:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:average 10
:burst 5}))
:metadata :annotations))))