Title: Rate Limit Per Route Behaviour strange / misunderstood?
Description:
I've been trying to get Rate Limit Per Route filters working in envoy 1.30.1. I have it working, but the method by which it is working seems a little odd and a little by accident. Maybe somebody can clarify if this is a bug or by design.
I have a rate limit service deployed and I have a Rate Limit filter set to point to that rate limit service via a cluster. This is fine! I then tested this using rate_limits on the route explicitly:
This worked fine and applied rate limits using the domain set on the Rate Limit Filter. I then needed to override the domain on the route the rate limit was applied and found that there is no configuration for that on route.rate_Limits. I then looked at the RateLimitPerRoute filter and configured as so:
What I found is that requests were not fired to the rate limit service at all with the above route configuration using a RateLimitPerRoute filter. After some trial and error, the following is what I did to get it to work, which seems odd:
Working
route:
cluster: jsonplaceholder
host_rewrite_literal: "jsonplaceholder.typicode.com"
rate_limits:
- actions:
- generic_key:
descriptor_value: some_value
descriptor_key: some_key
typed_per_filter_config:
"envoy.filters.http.ratelimit":
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute
domain: overridewiththis
# These rate limit descriptors don't seem to apply and instead are taken from route.rate_limits[].actions
#rate_limits:
#- actions:
# - generic_key:
# descriptor_value: b
# descriptor_key: g
What I found is that I need to defined route.rate_limits with actions for the descriptors for it to fire against the rate limit service. I then also need to apply the RateLimitPerRoute filter, but only for the purpose of overriding the domain used on the route.rate_limits. Any actions defined in the RateLimitPerRoute filter seem to be ignored and have no impact on the request to the rate limit service.
Is this intentional, am I doing something wrong / misinterpreting the config, or is this a bug?
Title: Rate Limit Per Route Behaviour strange / misunderstood?
Description: I've been trying to get Rate Limit Per Route filters working in envoy 1.30.1. I have it working, but the method by which it is working seems a little odd and a little by accident. Maybe somebody can clarify if this is a bug or by design.
I have a rate limit service deployed and I have a Rate Limit filter set to point to that rate limit service via a cluster. This is fine! I then tested this using rate_limits on the route explicitly:
Rate Limit Filter
Route Configuration
This worked fine and applied rate limits using the domain set on the Rate Limit Filter. I then needed to override the domain on the route the rate limit was applied and found that there is no configuration for that on route.rate_Limits. I then looked at the RateLimitPerRoute filter and configured as so:
Rate Limit Per Route
What I found is that requests were not fired to the rate limit service at all with the above route configuration using a RateLimitPerRoute filter. After some trial and error, the following is what I did to get it to work, which seems odd:
Working
What I found is that I need to defined route.rate_limits with actions for the descriptors for it to fire against the rate limit service. I then also need to apply the RateLimitPerRoute filter, but only for the purpose of overriding the domain used on the route.rate_limits. Any actions defined in the RateLimitPerRoute filter seem to be ignored and have no impact on the request to the rate limit service.
Is this intentional, am I doing something wrong / misinterpreting the config, or is this a bug?
Repro steps:
Full Config