api
api copied to clipboard
istio
Support for envoy rate limit
Describe the feature request In https://istio.io/docs/tasks/policy-enforcement/rate-limiting/ it said that:
Consider using Envoy native rate limiting instead of mixer rate limiting. Istio will add support for native rate limiting API through the Istio extensions API.
just want to know are we working on this Envoy native rate limiting ? and if yes, where are these extensions API.
[ ] Configuration Infrastructure [ ] Docs [ ] Installation [X] Networking [ ] Performance and Scalability [ ] Policies and Telemetry [ ] Security [ ] Test and Release [ ] User Experience
I am also confused about the Rate Limit feature - https://istio.io/docs/tasks/policy-enforcement/rate-limiting/ Is it supported in present Istio 1.6.1 ? Will the steps specified work ? The link mentions using Envoy native rate limiting but it is very unclear what,how and where the Envoy rate limit would need to be configured please ?
@gargnupur is adding a full working example to docs using existing envoy filter.
Istio 1.7 will have extension api that will provide a supported way to configure native rate limiting.
There is draft PR that you can look at in the mean time: https://github.com/istio/istio/pull/23513 and https://github.com/istio/istio/issues/22068 has lot of good examples of people actually using it...
Yes, I checked it, it has lot of details but unfortunately very complex. So if I want something like this in the EnvoyFilter to work, how do I make it work `domain: edge_proxy_per_ip descriptors:
- key: remote_address rate_limit: unit: second requests_per_unit: 10
Black list IP
- key: remote_address value: 50.0.0.5 rate_limit: unit: second requests_per_unit: 0`
I am not getting clarity whats domain, how the key value will be matched ? Does the domain must match the actual FQDN of source domain from where the request is coming ? Is the key value must be passed in the header when making a curl request from the source and then it applies ?