Use ratelimit from common
This commit is contained in:
patdyn
parent
ecbe0feae4
commit
ba649f4c28
4 changed files with 12 additions and 65 deletions
|
|
@ -58,11 +58,8 @@
|
||||||
(forgejo/generate-service-ssh)
|
(forgejo/generate-service-ssh)
|
||||||
(forgejo/generate-data-volume resolved-config)
|
(forgejo/generate-data-volume resolved-config)
|
||||||
(forgejo/generate-appini-env resolved-config)
|
(forgejo/generate-appini-env resolved-config)
|
||||||
(forgejo/generate-secrets auth)
|
(forgejo/generate-secrets auth)] ; this does not have a vector as output
|
||||||
; TODO: generate-rate-limit-middleware does not use c4k-common -> refactor this
|
(forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output
|
||||||
; TODO: generate-rate-limit-ingress-and-cert should probably use cm/generate-simple-ingress
|
|
||||||
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
|
|
||||||
(forgejo/generate-rate-limit-ingress-and-cert resolved-config) ; this function has a vector as output
|
|
||||||
(when (contains? resolved-config :restic-repository)
|
(when (contains? resolved-config :restic-repository)
|
||||||
[(backup/generate-config resolved-config)
|
[(backup/generate-config resolved-config)
|
||||||
(backup/generate-secret auth)
|
(backup/generate-secret auth)
|
||||||
|
|
|
||||||
|
|
@ -126,36 +126,18 @@
|
||||||
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
||||||
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
||||||
|
|
||||||
(defn generate-ingress-and-cert
|
(defn-spec generate-ratelimit-ingress-and-cert seq?
|
||||||
[config]
|
[config config?]
|
||||||
(let [{:keys [fqdn]} config]
|
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
|
||||||
(ing/generate-ingress-and-cert
|
(ing/generate-simple-ingress (merge
|
||||||
(merge
|
|
||||||
{:service-name "forgejo-service"
|
{:service-name "forgejo-service"
|
||||||
:service-port 3000
|
:service-port 3000
|
||||||
:fqdns [fqdn]}
|
:fqdns [fqdn]
|
||||||
|
:average-rate max-rate
|
||||||
|
:burst-rate max-concurrent-requests
|
||||||
|
:namespace namespace}
|
||||||
config))))
|
config))))
|
||||||
|
|
||||||
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
|
|
||||||
[config config?]
|
|
||||||
(->
|
|
||||||
(generate-ingress-and-cert config) ; returns a vector
|
|
||||||
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
|
|
||||||
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
|
|
||||||
(str
|
|
||||||
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
|
|
||||||
", default-ratelimit@kubernetescrd")))))
|
|
||||||
|
|
||||||
|
|
||||||
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
|
|
||||||
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
|
|
||||||
[config rate-limit-config?]
|
|
||||||
(let [{:keys [max-rate max-concurrent-requests]} config]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
|
|
||||||
(cm/replace-key-value :average max-rate)
|
|
||||||
(cm/replace-key-value :burst max-concurrent-requests))))
|
|
||||||
|
|
||||||
(defn-spec generate-data-volume pred/map-or-seq?
|
(defn-spec generate-data-volume pred/map-or-seq?
|
||||||
[config vol?]
|
[config vol?]
|
||||||
(let [{:keys [volume-total-storage-size]} config
|
(let [{:keys [volume-total-storage-size]} config
|
||||||
|
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: Middleware
|
|
||||||
metadata:
|
|
||||||
name: ratelimit
|
|
||||||
namespace: forgejo
|
|
||||||
spec:
|
|
||||||
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
|
|
||||||
average: AVG
|
|
||||||
burst: BRS
|
|
||||||
|
|
@ -163,26 +163,3 @@
|
||||||
:storage-c2 "15Gi"}
|
:storage-c2 "15Gi"}
|
||||||
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
|
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
|
||||||
(cut/generate-data-volume {:volume-total-storage-size 15})))))
|
(cut/generate-data-volume {:volume-total-storage-size 15})))))
|
||||||
|
|
||||||
(deftest should-generate-middleware-ratelimit
|
|
||||||
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
|
||||||
:kind "Middleware",
|
|
||||||
:metadata {:name "ratelimit", :namespace "forgejo"},
|
|
||||||
:spec {:rateLimit {:average 10, :burst 5}}}
|
|
||||||
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
|
|
||||||
|
|
||||||
(deftest should-generate-middleware-ratelimit-ingress-and-cert
|
|
||||||
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
|
||||||
:traefik.ingress.kubernetes.io/router.middlewares
|
|
||||||
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
|
|
||||||
:metallb.universe.tf/address-pool "public"}
|
|
||||||
(-> (second
|
|
||||||
(cut/generate-rate-limit-ingress-and-cert
|
|
||||||
{:fqdn "test.de"
|
|
||||||
:mailer-from ""
|
|
||||||
:mailer-host "m.t.de"
|
|
||||||
:mailer-port "123"
|
|
||||||
:service-noreply-address ""
|
|
||||||
:average 10
|
|
||||||
:burst 5}))
|
|
||||||
:metadata :annotations))))
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue