Reputation: 2430
How to configure local rate limiter in Envoy?
I would like to enable the local rate limiter for just one Envoy proxy without having an additional rate-limiting service in-place. The version I'm using is 1.13.1.
I've tried adding the configuration directly into the filter chains:
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.local_ratelimit
stat_prefix: local_rate_limiter
token_bucket:
max_tokens: 1000
tokens_per_fill: 100
fill_interval:
seconds: 1
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "*"
routes:
- match:
prefix: "/application"
route:
cluster: application
http_filters:
- name: envoy.router
typed_config: {}
clusters:
- name: application
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
http2_protocol_options: {}
health_checks:
timeout: 2s
interval: 5s
unhealthy_threshold: 2
healthy_threshold: 1
http_health_check:
# path: "/application/health/live"
path: "/application/health/ready"
outlier_detection:
consecutive_5xx: 3
interval: 5s
base_ejection_time: 30s
max_ejection_percent: 50
load_assignment:
cluster_name: application
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: application-1
port_value: 8080
- endpoint:
address:
socket_address:
address: application-2
port_value: 8080
admin:
access_log_path: "/dev/null"
address:
socket_address:
address: 0.0.0.0
port_value: 9901
When launching the Docker container I receive the following error:
[2020-07-21 08:03:03.717][1][critical][main] [source/server/server.cc:94] error initializing configuration '/etc/envoy/envoy.yaml': Protobuf message (type envoy.config.bootstrap.v3.Bootstrap reason INVALID_ARGUMENT:(static_resources.listeners[0].filter_chains[0].filters[0]) token_bucket: Cannot find field.) has unknown fields
[2020-07-21 08:03:03.717][1][info][main] [source/server/server.cc:595] exiting
Protobuf message (type envoy.config.bootstrap.v3.Bootstrap reason INVALID_ARGUMENT:(static_resources.listeners[0].filter_chains[0].filters[0]) token_bucket: Cannot find field.) has unknown fields
Upvotes: 1
Views: 2300
Answers (1)
Reputation: 2430
OK, I've just figured out that each filter in the filter chain requires a typed_config element which should match the type I'm intended to use. First, I've tried to refer to the wrong definition in the GitHub repo and I received another error. But then I found another one in the correct path. So, every typed_config value should be one of the definitions under api/envoy/config subpath.
The correct configuration for local rate-limiting is the following.
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.local_ratelimit
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.local_rate_limit.v2alpha.LocalRateLimit
stat_prefix: local_rate_limiter
token_bucket:
max_tokens: 1000
tokens_per_fill: 100
fill_interval:
seconds: 1
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
...
Upvotes: 3
Related Questions
- How can I set an envoy local rate limit, on all the paths starting with a given path?
- Istio how to use EnvoyFilter to change `max_request_bytes` of envoy sidecar?
- Kubernetes Istio Envoy - Rate Limiting by HTTP Method
- Istio Envoy Rate Limit does not work for descriptors with sub path
- Istio/Envoy: How to configure Envoy connection buffer limits
- Thrift Rate Limiting with Envoy + Istio
- EnvoyProxy Rate Limit Not Working in Istio 1.7
- Add Local rate limiting using EnvoyProxy
- Envoy rate limit config
- Thrift Rate Limiting with Envoy