Add support for General RateLimit Policy

[shadialtarsha]

PR adds support for a global rate limit policy that can be defined in the RateLimit service configuration.

Proposal: #5359
Fixes: #5357

Signed-off-by: Shadi Altarsha shadi.altarsha.94@gmail.com

[codecov]

Codecov Report

Merging #5363 (43c1205) into main (b5acf7f) will increase coverage by 0.07%.
The diff coverage is 97.43%.

❗ Current head 43c1205 differs from pull request most recent head 6f22159. Consider uploading reports for the commit 6f22159 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5363      +/-   ##
==========================================
+ Coverage   78.46%   78.53%   +0.07%     
==========================================
  Files         138      138              
  Lines       18896    18925      +29     
==========================================
+ Hits        14826    14863      +37     
+ Misses       3789     3783       -6     
+ Partials      281      279       -2     

Impacted Files	Coverage Δ
pkg/config/parameters.go	86.26% <ø> (+0.13%)	⬆️
cmd/contour/serve.go	20.15% <50.00%> (+0.04%)	⬆️
cmd/contour/servecontext.go	83.37% <100.00%> (+0.07%)	⬆️
internal/dag/httpproxy_processor.go	92.89% <100.00%> (+0.78%)	⬆️
internal/dag/policy.go	95.91% <100.00%> (ø)

... and 2 files with indirect coverage changes

[shadialtarsha]

Hey @sunjayBhatia @skriss and @tsaarni
I would appreciate a round of review on this PR
Thank you!

[davinci26]

some comments around config generation

[shadialtarsha]

@skriss and @sunjayBhatia
I would appreciate your review of this PR when you have time.
Thank you

[clayton-gonsalves]

we should also add a test to contour/internal/featuretests/v3/globalratelimit_test.go

[shadialtarsha]

Hey @sunjayBhatia
I would appreciate another round!

[skriss]

Thanks for the PR @shadialtarsha, still making my way through it but a couple small comments so far.

[sunjayBhatia]

a drawback of adding to this test this way is we have to set "Disabled" on the HTTPProxies in all the cases where we don't expect a rate limit to be set, not a huge thing but makes the test coverage a little different

[shadialtarsha]

Yes, unfortunately, the way these tests are written doesn't allow multiple global rate limit services to be configured easily. All HTTPProxy uses the same RLS and that is why the opted-in by default.

[skriss]

xref #5458 this is another instance where we should probably apply this to at least the Ingress processor as well. I'm OK logging a follow-up issue since we don't currently support rate limiting in any way on Ingress.

[shadialtarsha]

Will do that, thanks for pointing this out!

[skriss]

LGTM, thanks @shadialtarsha!

[skriss]

It's tough to get perfect validation for these tests, but I think in combo with reviewing the code + the unit test coverage, this is sufficient for an E2E.