Open 13567436138 opened 2 years ago
Type: bug report or feature request
[2022-07-09T21:30:28.393Z] "POST /envoy.service.ratelimit.v3.RateLimitService/ShouldRateLimit HTTP/2" 200 - via_upstream - "-" 69 0 1 1 "172.20.2.201" "-" "5bcf44b8-9321-450a-88c2-1a812abdc3aa" "rate_limit_cluster" "172.20.0.65:10245" inbound|10245|| 127.0.0.6:34607 172.20.0.65:10245 172.20.2.201:0 - default
[2022-07-09T21:30:28.392Z] "GET /productpage HTTP/1.1" 500 RLSE rate_limitererror - "-" 0 0 3 - "172.20.0.0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36" "63a7c1b1-0a21-40f8-b21b-2c4c7a5dd54b" "192.168.229.128:30563" "-" inbound|9080|| - 172.20.2.201:9080 172.20.0.0:0 outbound.9080..productpage.istio.svc.cluster.local -
deploy-sentinel.yaml
kubectl apply -f deploy-sentinel.yaml -n istio
apiVersion: v1 kind: ConfigMap metadata: name: sentinel-rule-cm data: rule-yaml: |- domain: productpage-ratelimit descriptors: - resources: - key: "destination_cluster" value: "inbound|9080||" count: 1 --- apiVersion: apps/v1 kind: Deployment metadata: name: sentinel-rls-server labels: app: sentinel spec: replicas: 1 selector: matchLabels: app: sentinel template: metadata: labels: app: sentinel spec: containers: - name: sentinelserver # You could replace the image with your own image here image: "registry.cn-hangzhou.aliyuncs.com/sentinel-docker-repo/sentinel-envoy-rls-server:latest" imagePullPolicy: Always ports: - containerPort: 10245 - containerPort: 8719 volumeMounts: - name: sentinel-rule-config mountPath: /tmp/sentinel env: - name: SENTINEL_RLS_RULE_FILE_PATH value: "/tmp/sentinel/rule.yaml" volumes: - name: sentinel-rule-config configMap: name: sentinel-rule-cm items: - key: rule-yaml path: rule.yaml --- apiVersion: v1 kind: Service metadata: name: sentinel-rls-service labels: name: sentinel-rls-service spec: type: ClusterIP ports: - port: 8719 targetPort: 8719 name: sentinel-command - port: 10245 targetPort: 10245 name: sentinel-grpc selector: app: sentinel
cat << EOF > envoyfilter-filter-sentinel.yaml apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: filter-ratelimit namespace: istio spec: workloadSelector: # select by label in the same namespace labels: app: productpage configPatches: # The Envoy config you want to modify - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE # Adds the Envoy Rate Limit Filter in HTTP filter chain. value: name: envoy.filters.http.ratelimit typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit # domain can be anything! Match it to the ratelimter service config domain: productpage-ratelimit stage: 0 request_type: both failure_mode_deny: true rate_limit_service: grpc_service: envoy_grpc: cluster_name: rate_limit_cluster timeout: 10s transport_api_version: V3 - applyTo: CLUSTER match: cluster: service: ratelimit.istio.svc.cluster.local patch: operation: ADD # Adds the rate limit service cluster for rate limit service defined in step 1. value: name: rate_limit_cluster type: STRICT_DNS connect_timeout: 10s lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: rate_limit_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: sentinel-rls-service.istio.svc.cluster.local port_value: 10245 EOF kubectl apply -f envoyfilter-filter-sentinel.yaml -n istio
cat << EOF > envoyfilter-action-sentinel.yaml apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: filter-ratelimit-svc namespace: istio spec: workloadSelector: labels: app: productpage configPatches: - applyTo: VIRTUAL_HOST match: context: SIDECAR_INBOUND routeConfiguration: vhost: name: "inbound|http|9080" route: action: ANY patch: operation: MERGE # Applies the rate limit rules. value: rate_limits: - actions: - destination_cluster: {} stage: 0 EOF kubectl apply -f envoyfilter-action-sentinel.yaml -n istio
Hi, Envoy RLS v3 support was introduced in Sentinel 1.8.3. The Docker image might not be up-to-date. You may try to build the latest version of sentinel-cluster-server-envoy-rls.
Issue Description
Type: bug report or feature request
Describe what happened (or what feature you want)
[2022-07-09T21:30:28.393Z] "POST /envoy.service.ratelimit.v3.RateLimitService/ShouldRateLimit HTTP/2" 200 - via_upstream - "-" 69 0 1 1 "172.20.2.201" "-" "5bcf44b8-9321-450a-88c2-1a812abdc3aa" "rate_limit_cluster" "172.20.0.65:10245" inbound|10245|| 127.0.0.6:34607 172.20.0.65:10245 172.20.2.201:0 - default
[2022-07-09T21:30:28.392Z] "GET /productpage HTTP/1.1" 500 RLSE rate_limitererror - "-" 0 0 3 - "172.20.0.0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36" "63a7c1b1-0a21-40f8-b21b-2c4c7a5dd54b" "192.168.229.128:30563" "-" inbound|9080|| - 172.20.2.201:9080 172.20.0.0:0 outbound.9080..productpage.istio.svc.cluster.local -
deploy-sentinel.yaml
kubectl apply -f deploy-sentinel.yaml -n istio
Describe what you expected to happen
How to reproduce it (as minimally and precisely as possible)
Tell us your environment
Anything else we need to know?