How to Enabling Rate Limits using Envoy in Istio in Asp .net core MVC #50385
Unanswered
Ommkwn2001
asked this question in
Q&A
Replies: 1 comment
-
please transfer this issue to istio/istio repo |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a one Asp .net core MVC project. So when i Url call with port-forwarding like this "http://127.0.0.1:5035/home/GetServicedata" so there are call again and again, But my requirement is the Port-forwarding like this "http://127.0.0.1:5035/home/GetServicedata" so i want only one request per minute in this Url. and when i call second time in one minute i want 420 error.
This is my Deployment.yml file:
apiVersion: v1
kind: ConfigMap
metadata:
name: docweb-config
data:
config.yaml: |
domain: docweb
descriptors:
- key: PATH
value: "/home"
rate_limit:
unit: minute
requests_per_unit: 1
- key: PATH
value: "/api"
rate_limit:
unit: minute
requests_per_unit: 2
- key: DEFAULT
rate_limit:
unit: minute
requests_per_unit: 100
#chale chhe
apiVersion: apps/v1
kind: Deployment
metadata:
name: docweb
namespace: docweb
labels:
app: docweb
spec:
replicas: 1
selector:
matchLabels:
app: docweb
template:
metadata:
labels:
app: docweb
spec:
containers:
- name: docweb
image: docweb:latest
imagePullPolicy: Never
ports:
- containerPort: 8080
volumeMounts:
- name: config-volume
mountPath: /data/docweb/config
volumes:
- name: config-volume
configMap:
name: docweb-config
apiVersion: v1
kind: Service
metadata:
name: docweb
namespace: docweb
labels:
app: docweb
spec:
selector:
app: docweb
ports:
- protocol: TCP
port: 5035
targetPort: 8080
type: NodePort
And this is my Envoy.yml file:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-docweb
namespace: istio-system
spec:
workloadSelector:
# select by label in the same namespace
labels:
istio: ingressgateway
configPatches:
# The Envoy config you want to modify
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.filters.http.router"
patch:
operation: INSERT_BEFORE
# Adds the Envoy Rate Limit Filter in HTTP filter chain.
value:
name: envoy.filters.http.docweb
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
# domain can be anything! Match it to the ratelimter service config
domain: ratelimit
failure_mode_deny: true
timeout: 10s
rate_limit_service:
grpc_service:
envoy_grpc:
cluster_name: outbound|5035||docweb.default.svc.cluster.local
authority: docweb.default.svc.cluster.local
transport_api_version: V3
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-docweb-svc
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: VIRTUAL_HOST
match:
context: GATEWAY
routeConfiguration:
vhost:
name: ""
route:
action: ANY
patch:
operation: MERGE
# Applies the rate limit rules.
value:
rate_limits:
- actions: # any actions in here
- request_headers:
header_name: ":path"
descriptor_key: "PATH"
I did install the Istio and i enabled the istio sidecar like this "istio-injection=enabled".
My requirement is the Port-forwarding like this "http://127.0.0.1:5035/home/GetServicedata" so i want only one request per minute in this Url. and when i call second time in one minute i want 420 error.
Version
istioctl version :
client version: 1.21.0
control plane version: 1.21.0
data plane version: 1.21.0 (8 proxies)
kubectl version :
Client Version: v1.29.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.3
Beta Was this translation helpful? Give feedback.
All reactions