istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/bookinfo/policy/productpage_envoy_ratelimit.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/bookinfo/policy/productpage_envoy_ratelimit.yaml (about)

     1  apiVersion: networking.istio.io/v1alpha3
     2  kind: EnvoyFilter
     3  metadata:
     4    name: filter-ratelimit
     5    namespace: istio-system
     6  spec:
     7    workloadSelector:
     8      # select by label in the same namespace
     9      labels:
    10        istio: ingressgateway
    11    configPatches:
    12      # The Envoy config you want to modify
    13      - applyTo: HTTP_FILTER
    14        match:
    15          context: GATEWAY
    16          listener:
    17            filterChain:
    18              filter:
    19                name: "envoy.filters.network.http_connection_manager"
    20                subFilter:
    21                  name: "envoy.filters.http.router"
    22        patch:
    23          operation: INSERT_BEFORE
    24          value:
    25            name: envoy.ratelimit
    26            typed_config:
    27              "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
    28              # domain can be anything! Match it to the ratelimter service config
    29              domain: productpage-ratelimit
    30              failure_mode_deny: true
    31              rate_limit_service:
    32                grpc_service:
    33                  envoy_grpc:
    34                    cluster_name: rate_limit_cluster
    35              timeout: 10s
    36      - applyTo: CLUSTER
    37        match:
    38          cluster:
    39            service: ratelimit.default.svc.cluster.local
    40        patch:
    41          operation: ADD
    42          value:
    43            name: rate_limit_cluster
    44            type: STRICT_DNS
    45            connect_timeout: 10s
    46            lb_policy: ROUND_ROBIN
    47            http2_protocol_options: {}
    48            load_assignment:
    49              cluster_name: rate_limit_cluster
    50              endpoints:
    51              - lb_endpoints:
    52                - endpoint:
    53                    address:
    54                      socket_address:
    55                        address: ratelimit.default.svc.cluster.local
    56                        port_value: 8081
    57  ---
    58  apiVersion: networking.istio.io/v1alpha3
    59  kind: EnvoyFilter
    60  metadata:
    61    name: filter-ratelimit-svc
    62    namespace: istio-system
    63  spec:
    64    workloadSelector:
    65      labels:
    66        istio: ingressgateway
    67    configPatches:
    68      - applyTo: VIRTUAL_HOST
    69        match:
    70          context: GATEWAY
    71          routeConfiguration:
    72            vhost:
    73              name: ""
    74              route:
    75                action: ANY
    76        patch:
    77          operation: MERGE
    78          value:
    79            rate_limits:
    80              - actions: # any actions in here
    81                    # Multiple actions nest the descriptors
    82                    # - generic_key:
    83                    # descriptor_value: "test"
    84                - request_headers:
    85                    header_name: ":path"
    86                    descriptor_key: "PATH"
    87                    # - remote_address: {}
    88                    # - destination_cluster: {}