0

尝试使用 Istio EnvoyFilter 实现速率限制。服务级别速率限制工作正常。但未能为我的服务的任何子路径配置速率限制。例如 '/productpage' 和 '/api/v1/products' 仍然共享服务级别的速率限制。

以下是 Istio 演示项目 Bookinfo 的 Istio EnvoyFilter 配置,如果配置有任何问题,请告诉我。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: filter-local-ratelimit-svc
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      app: productpage
  configPatches:
    - applyTo: HTTP_FILTER
      match:
        context: SIDECAR_INBOUND
        listener:
          filterChain:
            filter:
              name: "envoy.filters.network.http_connection_manager"
      patch:
        operation: INSERT_BEFORE
        value:
          name: envoy.filters.http.local_ratelimit
          typed_config:
            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
            type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
            value:
              stat_prefix: http_local_rate_limiter

    - applyTo: HTTP_ROUTE
      match:
        context: SIDECAR_INBOUND
        routeConfiguration:
          vhost:
            name: "inbound|http|9080"
            route:
              action: ANY
      patch:
        operation: MERGE
        value:
          typed_per_filter_config:
            envoy.filters.http.local_ratelimit:
              "@type": type.googleapis.com/udpa.type.v1.TypedStruct
              type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
              value:
                rate_limits:
                  - actions:
                      - request_headers:
                          header_name: ":path"
                          descriptor_key: path
                stat_prefix: http_local_rate_limiter
                token_bucket:
                  max_tokens: 5
                  tokens_per_fill: 5
                  fill_interval: 60s
                filter_enabled:
                  runtime_key: local_rate_limit_enabled
                  default_value:
                    numerator: 100
                    denominator: HUNDRED
                filter_enforced:
                  runtime_key: local_rate_limit_enforced
                  default_value:
                    numerator: 100
                    denominator: HUNDRED
                response_headers_to_add:
                  - append: false
                    header:
                      key: x-local-rate-limit
                      value: "true" 
                descriptors:
                  - entries:
                      - key: path
                        value: /productpage
                    token_bucket:
                      max_tokens: 3
                      tokens_per_fill: 3
                      fill_interval: 60s
                  - entries:
                      - key: path
                        value: /api/v1/products
                    token_bucket:
                      max_tokens: 2
                      tokens_per_fill: 2
                      fill_interval: 60s

通过移动速率限制动作解决如下:

- applyTo: HTTP_ROUTE
      match:
        context: SIDECAR_INBOUND
        routeConfiguration:
          vhost:
            name: "inbound|http|9080"
            route:
              action: ANY
      patch:
        operation: MERGE
        value:
          route:
              rate_limits:
              - actions:
                - request_headers:
                    header_name: ":path"
                    descriptor_key: path
4

1 回答 1

1

通过移动速率限制操作解决了这个问题,如下所示:

- applyTo: HTTP_ROUTE
      match:
        context: SIDECAR_INBOUND
        routeConfiguration:
          vhost:
            name: "inbound|http|9080"
            route:
              action: ANY
      patch:
        operation: MERGE
        value:
          route:
              rate_limits:
              - actions:
                - request_headers:
                    header_name: ":path"
                    descriptor_key: path
于 2021-09-07T10:10:09.083 回答