Closed rwlincoln closed 5 years ago
The problem was the order in which the http_filters
were being specified. The envoy.rate_limit
filter needs to be listed before envoy.router
:
http_filters:
- name: envoy.rate_limit
config:
domain: envoy
failure_mode_deny: true
- name: envoy.router
config: {}
I was also caught out when specifying a rate limit with a request_headers
action. As stated in the documentation:
If an action cannot append a descriptor entry, no descriptor is generated for the configuration.
I've updated my example to show how separate rate limits can be specified in case the header is missing:
routes:
- match: { prefix: "/" }
route:
cluster: hello
include_vh_rate_limits: true
rate_limits:
- actions:
- request_headers: { header_name: content-type, descriptor_key: content-type }
- actions:
- generic_key: { descriptor_value: bar }
I have been experimenting with the Rate Limit Service in this repository:
https://github.com/rwlincoln/rlstest
Rate limiting using a network level filter is working well with this configuration:
https://github.com/rwlincoln/rlstest/blob/e8d6e2dc01f5db0bb06d1c11aa5e69a9a3d0d349/net-rls.yaml
The activity of the rate limiter can be seen in
debug
mode when callingcurl localhost:8080
repeatedly:However, when I try to use an HTTP level rate limit filter, there is no activity from the rate limit service. The HTTP level configuration I've been using is:
https://github.com/rwlincoln/rlstest/blob/e8d6e2dc01f5db0bb06d1c11aa5e69a9a3d0d349/http-rls.yaml
It looks very similar to config files found elsewhere, such as in #3388. Can anyone see what I am missing? Perhaps it is something to do with the transition from
ratelimit.proto
torls.proto
, but I have tried it with versions1.7
and1.8
and the behavior is the same.