istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/telemetry/policy/testdata/enable_envoy_local_ratelimit_sa.yaml (about) 1 apiVersion: networking.istio.io/v1alpha3 2 kind: EnvoyFilter 3 metadata: 4 name: filter-local-ratelimit-svc-sa 5 namespace: istio-system 6 spec: 7 workloadSelector: 8 labels: 9 app: srv 10 configPatches: 11 - applyTo: HTTP_FILTER 12 match: 13 context: SIDECAR_INBOUND 14 patch: 15 operation: INSERT_BEFORE 16 value: 17 name: envoy.filters.http.local_ratelimit 18 typed_config: 19 "@type": type.googleapis.com/udpa.type.v1.TypedStruct 20 type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 21 value: 22 stat_prefix: http_local_rate_limiter 23 token_bucket: 24 max_tokens: 1000 25 tokens_per_fill: 1000 26 fill_interval: 1s 27 filter_enabled: 28 runtime_key: local_rate_limit_enabled 29 default_value: 30 numerator: 100 31 denominator: HUNDRED 32 filter_enforced: 33 runtime_key: local_rate_limit_enforced 34 default_value: 35 numerator: 100 36 denominator: HUNDRED 37 response_headers_to_add: 38 - append: false 39 header: 40 key: x-local-rate-limit 41 value: 'true' 42 descriptors: 43 - entries: 44 - key: client_id 45 value: "spiffe://cluster.local/ns/{{ .EchoNamespace }}/sa/clt" 46 token_bucket: 47 max_tokens: 1 48 tokens_per_fill: 1 49 fill_interval: 600s 50 - applyTo: HTTP_ROUTE 51 match: 52 context: SIDECAR_INBOUND 53 routeConfiguration: 54 vhost: 55 name: "inbound|http|80" 56 patch: 57 operation: MERGE 58 value: 59 route: 60 rate_limits: 61 - actions: 62 - extension: 63 name: custom 64 typed_config: 65 "@type": type.googleapis.com/udpa.type.v1.TypedStruct 66 type_url: type.googleapis.com/envoy.extensions.rate_limit_descriptors.expr.v3.Descriptor 67 value: 68 descriptor_key: client_id 69 text: connection.uri_san_peer_certificate