Comments (12)
what's the real app you want limit? httpbin or demoapidock?
from istio.
demoapidock
and alos change here
app: httpbin // demoapidock
but stil not working
from istio.
demoapidock
and alos change here app: httpbin // demoapidock
the filter-ratelimit-svc
envoyfilter seems apply to httpbin?
I recall I have added some log for ratelimit filter, you're tring to enable it by running istioctl pc log <pod_name>.<pod_namespace> --level filter:debug
from istio.
pod/demoapidock-deployment-576d455d5c-jmw7z 2/2 Running 2 (124m ago) 141m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/demoapidock-service NodePort 10.99.47.35 5028:31135/TCP 141m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/demoapi-d 1/1 1 1 3d17h
deployment.apps/demoapidock-deployment 1/1 1 1 141m
NAME DESIRED CURRENT READY AGE
replicaset.apps/demoapidock-deployment-576d455d5c 1 1 1 141m
this is my upper api pod and call mvc in like this
`client.BaseAddress = new Uri("http://demoapidock-service.istioapi.svc.cluster.local:5028/api/");
//HTTP GET
HttpResponseMessage res = await client.GetAsync("CustomerControllers");
if(res.IsSuccessStatusCode)
{
var data = res.Content.ReadAsStringAsync().Result;
cust= JsonConvert.DeserializeObject<List<Customer>>(data);
}`
i want to set when mvc method in call api to set api on rate limit using istio
from istio.
i am also change yaml
`apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
namespace: istio-system
data:
config.yaml: |
domain: api-ratelimit
descriptors:
- key: ratelimitheader
descriptors:
- key: PATH
value: "/api/CustomerControllers"
rate_limit:
unit: minute
requests_per_unit: 2
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: demoapidock-global-ratelimit
namespace: istioapi
spec:
workloadSelector:
# select by label in the same namespace
labels:
app: demoapidock
configPatches:
# The Envoy config you want to modify
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.filters.http.router"
patch:
operation: INSERT_BEFORE
# Adds the Envoy Rate Limit Filter in HTTP filter chain.
value:
name: envoy.filters.http.ratelimit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
# domain can be anything! Match it to the ratelimter service config
domain: api-ratelimit
failure_mode_deny: true
timeout: 10s
rate_limit_service:
grpc_service:
envoy_grpc:
cluster_name: outbound|8081||ratelimit.istio-system.svc.cluster.local
authority: ratelimit.istio-system.svc.cluster.local
transport_api_version: V3
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-ratelimit-svc
namespace: istioapi
spec:
workloadSelector:
labels:
app: demoapidock
configPatches:
- applyTo: VIRTUAL_HOST
match:
context: SIDECAR_INBOUND
routeConfiguration:
vhost:
name: ""
route:
action: ANY
patch:
operation: MERGE
# Applies the rate limit rules.
value:
rate_limits:
- actions: # any actions in here
- request_headers:
header_name: "x-rate-limit-please"
descriptor_key: "ratelimitheader"
skip_if_absent: true
- request_headers:
header_name: ":path"
descriptor_key: "PATH"`
from istio.
any update for me!
from istio.
I do believe the following configuration is not right:
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
namespace: istio-system
data:
config.yaml: |
domain: api-ratelimit
descriptors:
- key: ratelimitheader
descriptors:
- key: PATH
value: "/api/CustomerControllers"
rate_limit:
unit: minute
requests_per_unit: 2
please check your ratelimit service log: kubectl logs -n istio-system -l app=ratelimit --tail=-1
from istio.
No resources found in istio-system namespace.
from istio.
you point to a service in istio-system namespace(outbound|8081||ratelimit.istio-system.svc.cluster.local
), and you cannot find pod/logs?
from istio.
there are not show in all pod in this config
minikube kubectl -- get all -n istio-system
pod/grafana-6f68dfd8f4-j4p4j 1/1 Running 16 (9m3s ago) 9d
pod/istio-egressgateway-6dc45c59fb-g4vjk 1/1 Running 16 (9m3s ago) 9d
pod/istio-ingressgateway-6875bb754b-vwrdr 1/1 Running 16 (9m3s ago) 9d
pod/istiod-87c4f5665-vjlfr 1/1 Running 16 (9m3s ago) 9d
pod/jaeger-7d7d59b9d-wfwsc 1/1 Running 20 (9m3s ago) 9d
pod/kiali-588bc98cd-dxz24 1/1 Running 18 (9m3s ago) 9d
pod/prometheus-7545dd48db-zpwll 2/2 Running 235 (5m18s ago) 9d
there are show only this pods
from istio.
there are solved this problem
get the log
minikube kubectl -- logs -l app=ratelimit --tail=-1 -n istioapi <-- command use
time="2024-04-22T06:39:49Z" level=warning msg="statsd is not in use"
time="2024-04-22T06:39:49Z" level=info msg="Tracing disabled"
time="2024-04-22T06:39:49Z" level=debug msg="runtime changed. loading new snapshot at /data/ratelimit/config"
time="2024-04-22T06:39:49Z" level=debug msg="runtime: processing /data/ratelimit/config"
time="2024-04-22T06:39:49Z" level=debug msg="runtime: processing /data/ratelimit/config/..2024_04_22_06_39_30.2113015249"
time="2024-04-22T06:39:49Z" level=debug msg="runtime: processing /data/ratelimit/config/..data"
time="2024-04-22T06:39:49Z" level=debug msg="runtime: processing /data/ratelimit/config/config.yaml"
time="2024-04-22T06:39:49Z" level=debug msg="runtime: adding key=config.yaml value=domain: api-ratelimit\ndescriptors:\n- key: ratelimitheader\n descriptors:\n - key: PATH\n value: "/api/CustomerControllers"\n rate_limit:\n unit: minute\n requests_per_unit: 1\n uint=false"
time="2024-04-22T06:39:49Z" level=warning msg="connecting to redis on redis:6379 with pool size 10"
time="2024-04-22T06:39:49Z" level=debug msg="Implicit pipelining enabled: false"
time="2024-04-22T06:39:49Z" level=debug msg="error loading config file: yaml: line 4: mapping values are not allowed in this context"
time="2024-04-22T06:39:49Z" level=error msg="error loading new configuration from runtime: config.yaml: error loading config file: yaml: line 4: mapping values are not allowed in this context"
time="2024-04-22T06:39:49Z" level=warning msg="Listening for HTTP on '[::]:8080'"
time="2024-04-22T06:39:49Z" level=debug msg="waiting for runtime update"
time="2024-04-22T06:39:49Z" level=warning msg="Listening for debug on '0.0.0.0:6070'"
time="2024-04-22T06:39:49Z" level=warning msg="Listening for gRPC on '[::]:8081'"
from istio.
I don't which your tutorial you're following, for what I can see it's a mess what you show in the issue.
- ratelimit installed in namespace istioapi, but the envoyfilter still point to
outbound|8081||ratelimit.istio-system.svc.cluster.local
- form the logs show above,
error loading config file: yaml: line 4: mapping values are not allowed in this context
the configuration is invalid.
this's unlike an real issue.
from istio.
Related Issues (20)
- Documentation Improvement Request: Multi-Primary Cluster Set-Up and Service Discovery
- Incompletely support of traffic.sidecar.istio.io/excludeOutboundIPRanges while upgrading istio from version 1.15.2 to 1.20 HOT 7
- istioctl x waypoint generate is missing the `--for` config HOT 3
- [release-1.22] Update gateway-api version for conformance HOT 1
- [release-1.21] Fix gateway deployment on OpenShift HOT 1
- istioctl analyze shows IST0133 "addresses are required" for ServiceEntry objects even when ISTIO_META_DNS_AUTO_ALLOCATE is enabled HOT 3
- ztunnel-config might not be printing out ztunnel data correctly HOT 6
- disable opencensus HOT 12
- [release-1.21] support for disabling metrics endpoint from outside of pod HOT 1
- Add "Header manipulation rules" to mirrors
- evnoy c-ares cause dns reslove failed HOT 1
- Support for connection via UNIX Domain Socket(UDS) when sending trace spans from istio-proxy to Datadog Agent. HOT 3
- ServiceEntry is causing SSL validation errors when acting as a TLS passthrough to an external IPv4 HTTPS service on an IPv6 cluster HOT 3
- how can i achieve sidecar version rollout for particular workload (deployment)
- OpenCensus Agent not honoring a deny sampling decision for traces HOT 9
- reserve none for use-waypoint
- [release-1.22] Use label istio.io/dataplane-mode=disabled for pod-level ambient opt-out
- Improve UX for workload captured waypoint HOT 1
- Noisy attempts to use extended fields when on standard Gateway API CRDs HOT 1
- Expose PadForwardPayloadHeader in JWTRule HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from istio.