istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/telemetry/policy/testdata/enable_envoy_ratelimit.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/telemetry/policy/testdata/enable_envoy_ratelimit.yaml (about)

     1  apiVersion: networking.istio.io/v1alpha3
     2  kind: EnvoyFilter
     3  metadata:
     4    name: filter-ratelimit
     5    namespace: istio-system
     6  spec:
     7    workloadSelector:
     8      labels:
     9        app: clt
    10    configPatches:
    11      # The Envoy config you want to modify
    12      - applyTo: HTTP_FILTER
    13        match:
    14          context: SIDECAR_OUTBOUND
    15          listener:
    16            filterChain:
    17              filter:
    18                name: "envoy.filters.network.http_connection_manager"
    19                subFilter:
    20                  name: "envoy.filters.http.router"
    21        patch:
    22          operation: INSERT_BEFORE
    23          value:
    24            name: envoy.filters.http.ratelimit
    25            typed_config:
    26              "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
    27              # domain can be anything! Match it to the ratelimter service config
    28              domain: echo-ratelimit
    29              failure_mode_deny: true
    30              rate_limit_service:
    31                grpc_service:
    32                  envoy_grpc:
    33                    cluster_name: rate_limit_cluster
    34                transport_api_version: V3
    35              timeout: 10s
    36      - applyTo: CLUSTER
    37        match:
    38          context: SIDECAR_OUTBOUND
    39          cluster:
    40            service: ratelimit.{{ .RateLimitNamespace }}.svc.cluster.local
    41        patch:
    42          operation: ADD
    43          value:
    44            name: rate_limit_cluster
    45            type: STRICT_DNS
    46            connect_timeout: 10s
    47            lb_policy: ROUND_ROBIN
    48            http2_protocol_options: {}
    49            dns_refresh_rate: 500ms
    50            load_assignment:
    51              cluster_name: rate_limit_cluster
    52              endpoints:
    53              - lb_endpoints:
    54                - endpoint:
    55                    address:
    56                      socket_address:
    57                        address: ratelimit.{{ .RateLimitNamespace }}.svc.cluster.local
    58                        port_value: 8081
    59  ---
    60  apiVersion: networking.istio.io/v1alpha3
    61  kind: EnvoyFilter
    62  metadata:
    63    name: filter-ratelimit-svc
    64    namespace: istio-system
    65  spec:
    66    workloadSelector:
    67      labels:
    68        app: clt
    69    configPatches:
    70      - applyTo: VIRTUAL_HOST
    71        match:
    72          context: SIDECAR_OUTBOUND
    73          routeConfiguration:
    74            vhost:
    75              name: "srv.{{ .EchoNamespace }}.svc.cluster.local:80"
    76              route:
    77                action: ANY
    78        patch:
    79          operation: MERGE
    80          value:
    81            rate_limits:
    82              - actions: # any actions in here
    83                    # Multiple actions nest the descriptors
    84                    # - generic_key:
    85                    # descriptor_value: "test"
    86                - request_headers:
    87                    header_name: ":path"
    88                    descriptor_key: "PATH"
    89                    # - remote_address: {}
    90                    # - destination_cluster: {}