feat: support both local and global ratelimit simultaneously (#7334)

* update rate limit type

Signed-off-by: kkk777-7 <[email protected]>

* feat: support both type rate limit

Signed-off-by: kkk777-7 <[email protected]>

Author: kkk777-7

api/v1alpha1/ratelimit_types.go

@@ -10,13 +10,14 @@ import (
 )
 
 // RateLimitSpec defines the desired state of RateLimitSpec.
-// +union
 type RateLimitSpec struct {
 	// Type decides the scope for the RateLimits.
 	// Valid RateLimitType values are "Global" or "Local".
 	//
-	// +unionDiscriminator
-	Type RateLimitType `json:"type"`
+	// Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting.
+	//
+	// +optional
+	Type *RateLimitType `json:"type,omitempty"`
 	// Global defines global rate limit configuration.
 	//
 	// +optional

api/v1alpha1/zz_generated.deepcopy.go

@@ -1544,12 +1544,12 @@ spec:
                     description: |-
                       Type decides the scope for the RateLimits.
                       Valid RateLimitType values are "Global" or "Local".
+
+                      Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting.
                     enum:
                     - Global
                     - Local
                     type: string
-                required:
-                - type
                 type: object
               requestBuffer:
                 description: |-

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

@@ -1543,12 +1543,12 @@ spec:
                     description: |-
                       Type decides the scope for the RateLimits.
                       Valid RateLimitType values are "Global" or "Local".
+
+                      Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting.
                     enum:
                     - Global
                     - Local
                     type: string
-                required:
-                - type
                 type: object
               requestBuffer:
                 description: |-

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

@@ -1037,14 +1037,18 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(
 }
 
 func (t *Translator) buildRateLimit(policy *egv1a1.BackendTrafficPolicy) (*ir.RateLimit, error) {
-	switch policy.Spec.RateLimit.Type {
-	case egv1a1.GlobalRateLimitType:
-		return t.buildGlobalRateLimit(policy)
-	case egv1a1.LocalRateLimitType:
-		return t.buildLocalRateLimit(policy)
+	// For backward compatibility, process the deprecated Type field if specified.
+	if policy.Spec.RateLimit.Type != nil {
+		switch *policy.Spec.RateLimit.Type {
+		case egv1a1.GlobalRateLimitType:
+			return t.buildGlobalRateLimit(policy)
+		case egv1a1.LocalRateLimitType:
+			return t.buildLocalRateLimit(policy)
+		}
+		return nil, fmt.Errorf("invalid rateLimit type: %s", *policy.Spec.RateLimit.Type)
 	}
 
-	return nil, fmt.Errorf("invalid rateLimit type: %s", policy.Spec.RateLimit.Type)
+	return t.buildBothRateLimit(policy)
 }
 
 func (t *Translator) buildLocalRateLimit(policy *egv1a1.BackendTrafficPolicy) (*ir.RateLimit, error) {
@@ -1147,6 +1151,35 @@ func (t *Translator) buildGlobalRateLimit(policy *egv1a1.BackendTrafficPolicy) (
 	return rateLimit, nil
 }
 
+func (t *Translator) buildBothRateLimit(policy *egv1a1.BackendTrafficPolicy) (*ir.RateLimit, error) {
+	var (
+		localRateLimit  *ir.RateLimit
+		globalRateLimit *ir.RateLimit
+		err             error
+	)
+
+	if policy.Spec.RateLimit.Local != nil {
+		localRateLimit, err = t.buildLocalRateLimit(policy)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if policy.Spec.RateLimit.Global != nil {
+		globalRateLimit, err = t.buildGlobalRateLimit(policy)
+		if err != nil {
+			return nil, err
+		}
+	}
+	rl := &ir.RateLimit{}
+	if localRateLimit != nil && localRateLimit.Local != nil {
+		rl.Local = localRateLimit.Local
+	}
+	if globalRateLimit != nil && globalRateLimit.Global != nil {
+		rl.Global = globalRateLimit.Global
+	}
+	return rl, nil
+}
+
 func buildRateLimitRule(rule egv1a1.RateLimitRule) (*ir.RateLimitRule, error) {
 	irRule := &ir.RateLimitRule{
 		Limit: ir.RateLimitValue{

internal/gatewayapi/backendtrafficpolicy.go

@@ -0,0 +1,62 @@
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: Gateway
+  metadata:
+    namespace: envoy-gateway
+    name: gateway-1
+  spec:
+    gatewayClassName: envoy-gateway-class
+    listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+grpcRoutes:
+- apiVersion: gateway.networking.k8s.io/v1alpha2
+  kind: GRPCRoute
+  metadata:
+    namespace: default
+    name: grpcroute-1
+  spec:
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-1
+      sectionName: http
+    rules:
+    - backendRefs:
+      - name: service-1
+        port: 8080
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: default
+    name: policy-for-grcp-route
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: GRPCRoute
+      name: grpcroute-1
+    rateLimit:
+      global:
+        rules:
+        - clientSelectors:
+          - sourceCIDR:
+              type: "Distinct"
+              value: 192.168.0.0/16
+          limit:
+            requests: 20
+            unit: Hour
+      local:
+        rules:
+        - clientSelectors:
+          - headers:
+            - name: x-user-id
+              value: one
+            - name: x-org-id
+              value: foo
+          limit:
+            requests: 10
+            unit: Hour