Skip to content

Commit

Permalink
Optimize
Browse files Browse the repository at this point in the history
  • Loading branch information
@alpeb
alpeb committed Nov 8, 2024
1 parent 43ce042 commit 2c9c25b
Showing 1 changed file with 43 additions and 54 deletions.
97 changes: 43 additions & 54 deletions policy-controller/k8s/index/src/inbound/index.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1869,10 +1869,16 @@ impl PolicyIndex {
}

fn client_ratelimit(&self, server_name: &str) -> Option<RateLimit> {
use ratelimit_policy::{ClientRef, Target};

// sort the ratelimit policies by creation timestamp and name so we can
// deterministically always return the same policy when more than one point to the same
// server
let mut rate_limits = self.ratelimit_policies.iter().collect::<Vec<_>>();
let mut rate_limits = self
.ratelimit_policies
.iter()
.filter(|(_, spec)| matches!(spec.target, Target::Server(ref n) if n == server_name))
.collect::<Vec<_>>();
rate_limits.sort_by(|(a_name, a), (b_name, b)| {
let by_ts = match (&a.creation_timestamp, &b.creation_timestamp) {
(Some(a_ts), Some(b_ts)) => a_ts.cmp(b_ts),
Expand All @@ -1884,62 +1890,45 @@ impl PolicyIndex {
by_ts.then_with(|| a_name.cmp(b_name))
});

for (name, spec) in rate_limits.iter() {
// Skip the policy if it doesn't apply to the server.
let ratelimit_policy::Target::Server(this_name) = &spec.target;
if this_name != server_name {
tracing::trace!(
ns = %self.namespace,
ratelimitpolicy = %name,
server = %server_name,
target = %name,
"HTTPLocalRateLimitPolicy does not target server",
);
continue;
}

tracing::trace!(
ns = %self.namespace,
ratelimitpolicy = %name,
server = %server_name,
"HTTPLocalRateLimitPolicy targets server",
);
let (name, spec) = rate_limits.first()?;

let overrides = spec
.overrides
.iter()
.map(|ovr| {
let client_identities = ovr
.client_refs
.iter()
.map(|client_ref| {
let ratelimit_policy::ClientRef::ServiceAccount { namespace, name } =
client_ref;
let namespace = namespace.as_deref().unwrap_or(&self.namespace);
self.cluster_info.service_account_identity(namespace, name)
})
.collect();

Override {
requests_per_second: ovr.requests_per_second,
client_identities,
}
})
.collect();
tracing::trace!(
ns = %self.namespace,
ratelimitpolicy = %name,
server = %server_name,
"HTTPLocalRateLimitPolicy targets server",
);

return Some(RateLimit {
name: name.to_string(),
total: spec.total.as_ref().map(|l| Limit {
requests_per_second: l.requests_per_second,
}),
identity: spec.identity.as_ref().map(|l| Limit {
requests_per_second: l.requests_per_second,
}),
overrides,
});
}
let overrides = spec
.overrides
.iter()
.map(|ovr| {
let client_identities = ovr
.client_refs
.iter()
.map(|ClientRef::ServiceAccount { namespace, name }| {
let namespace = namespace.as_deref().unwrap_or(&self.namespace);
self.cluster_info.service_account_identity(namespace, name)
})
.collect();

Override {
requests_per_second: ovr.requests_per_second,
client_identities,
}
})
.collect();

None
Some(RateLimit {
name: name.to_string(),
total: spec.total.as_ref().map(|l| Limit {
requests_per_second: l.requests_per_second,
}),
identity: spec.identity.as_ref().map(|l| Limit {
requests_per_second: l.requests_per_second,
}),
overrides,
})
}

fn route_client_authzs(
Expand Down

0 comments on commit 2c9c25b

Please sign in to comment.