github.com/projectcontour/contour@v1.28.2/site/content/posts/2021-02-02-contour_v1120.md

github.com/projectcontour/contour@v1.28.2/site/content/posts/2021-02-02-contour_v1120.md (about)

     1  ---
     2  title: Announcing Contour v1.12.0
     3  excerpt: This blog post covers local rate limiting support in Contour 1.12.
     4  author_name: Steve Kriss
     5  author_avatar: /img/contributors/steve-kriss.png
     6  categories: [kubernetes]
     7  tags: ['Contour Team', 'Steve Kriss']
     8  date: 2021-02-02
     9  slug: contour_v1120
    10  ---
    11  
    12  Contour continues to add new features to help you better manage ingress operations in a cluster.
    13  Our latest feature release, Contour 1.12.0, adds support for local rate limiting on `HTTPProxy` virtual hosts and routes, dynamic request headers, and header hash load balancing.
    14  
    15  ## Local Rate Limiting
    16  Rate limiting is a means of protecting backend services against unwanted traffic.
    17  This can be useful for a variety of different scenarios:
    18  - Protecting against denial-of-service (DoS) attacks by malicious actors
    19  - Protecting against DoS incidents due to bugs in client applications/services
    20  - Enforcing usage quotas for different classes of clients, e.g. free vs. paid tiers
    21  - Controlling resource consumption/cost
    22  
    23  Envoy supports two different types of rate limiting: _local_ and _global_.
    24  In local rate limiting, a rate limit is applied to traffic by each individual Envoy process/pod, without sharing information across multiple instances of Envoy.
    25  In global rate limiting, all Envoy instances communicate with an external Rate Limit Service (RLS) via gRPC to make rate limit decisions.
    26  
    27  Contour 1.12.0 adds support for Envoy's _local_ rate limiting.
    28  This enables Contour users to protect their backend services by defining simple limits for how much traffic each Envoy process/pod should proxy to them.
    29  Local rate limits can be defined for an entire virtual host, or for individual routes.
    30  Here's an example of an `HTTPProxy` that allows 100 requests per second from each Envoy pod to reach a backend service:
    31  
    32  ```yaml
    33  apiVersion: projectcontour.io/v1
    34  kind: HTTPProxy
    35  metadata:
    36    name: ratelimited-route
    37  spec:
    38    virtualhost:
    39      fqdn: ratelimit.projectcontour.io
    40    routes:
    41    - conditions:
    42      - prefix: /ratelimited-service
    43      services:
    44      - name: s1
    45        port: 80
    46      rateLimitPolicy:
    47        local:
    48          requests: 100
    49          unit: second
    50  ```
    51  
    52  Requests above the 100-per-second limit will receive a `429 (Too Many Requests)` response by default.
    53  The response code can also be customized.
    54  
    55  For more information, see:
    56  - the [Contour Rate Limiting documentation](https://projectcontour.io/docs/v1.12.0/config/rate-limiting/)
    57  - the [HTTPProxy API reference](https://projectcontour.io/docs/v1.12.0/config/api/#projectcontour.io/v1.LocalRateLimitPolicy)
    58  - Envoy's [HTTP local rate limit filter documentation](https://www.envoyproxy.io/docs/envoy/v1.17.0/configuration/http/http_filters/local_rate_limit_filter#config-http-filters-local-rate-limit)
    59  
    60  For users with more advanced rate-limiting needs, Contour will also be adding _global_ rate limiting support in an upcoming release.
    61  
    62  ## Dynamic Request Headers
    63  Contour 1.12 also adds support for including dynamic values in configured request and response headers.
    64  Almost all [variables supported by Envoy](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) are allowed.
    65  This feature can be used to set headers containing information such as the host name of where the Envoy pod is running, the TLS version, etc.
    66  
    67  For more information, including a full list of supported variables, see the [Contour documentation](https://projectcontour.io/docs/v1.12.0/config/request-rewriting/#dynamic-header-values).
    68  
    69  A big thanks to [@erwbgy](https://github.com/erwbgy) for designing and implementing this feature!
    70  
    71  ## Header Hash Load Balancing
    72  Contour 1.12 now supports the `RequestHash` load balancing strategy, which enables load balancing based on request headers.
    73  An upstream Endpoint is selected based on the hash of an HTTP request header.
    74  Requests that contain a consistent value in a request header will be routed to the same upstream Endpoint.
    75  
    76  For more information, including an example `HTTPProxy` definition, see the [Contour documentation](https://projectcontour.io/docs/v1.12.0/config/request-routing/#load-balancing-strategy).
    77  
    78  ## Community Thanks!
    79  We’re immensely grateful for all the community contributions that help make Contour even better! For version 1.12, special thanks go out to the following contributors:
    80  - [@danehans](https://github.com/danehans)
    81  - [@erwbgy](https://github.com/erwbgy)
    82  - [@nak3](https://github.com/nak3)
    83  - [@tsaarni](https://github.com/tsaarni)