Issue Description
Type: bug report or feature request
Describe what happened (or what feature you want)
[2022-07-09T21:30:28.393Z] "POST /envoy.service.ratelimit.v3.RateLimitService/ShouldRateLimit HTTP/2" 200 - via_upstream - "-" 69 0 1 1 "172.20.2.201" "-" "5bcf44b8-9321-450a-88c2-1a812abdc3aa" "rate_limit_cluster" "172.20.0.65:10245" inbound|10245|| 127.0.0.6:34607 172.20.0.65:10245 172.20.2.201:0 - default
[2022-07-09T21:30:28.392Z] "GET /productpage HTTP/1.1" 500 RLSE rate_limiter_error - "-" 0 0 3 - "172.20.0.0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36" "63a7c1b1-0a21-40f8-b21b-2c4c7a5dd54b" "192.168.229.128:30563" "-" inbound|9080|| - 172.20.2.201:9080 172.20.0.0:0 outbound_.9080_._.productpage.istio.svc.cluster.local -
deploy-sentinel.yaml
kubectl apply -f deploy-sentinel.yaml -n istio
apiVersion: v1
kind: ConfigMap
metadata:
name: sentinel-rule-cm
data:
rule-yaml: |-
domain: productpage-ratelimit
descriptors:
- resources:
- key: "destination_cluster"
value: "inbound|9080||"
count: 1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sentinel-rls-server
labels:
app: sentinel
spec:
replicas: 1
selector:
matchLabels:
app: sentinel
template:
metadata:
labels:
app: sentinel
spec:
containers:
- name: sentinelserver
# You could replace the image with your own image here
image: "registry.cn-hangzhou.aliyuncs.com/sentinel-docker-repo/sentinel-envoy-rls-server:latest"
imagePullPolicy: Always
ports:
- containerPort: 10245
- containerPort: 8719
volumeMounts:
- name: sentinel-rule-config
mountPath: /tmp/sentinel
env:
- name: SENTINEL_RLS_RULE_FILE_PATH
value: "/tmp/sentinel/rule.yaml"
volumes:
- name: sentinel-rule-config
configMap:
name: sentinel-rule-cm
items:
- key: rule-yaml
path: rule.yaml
---
apiVersion: v1
kind: Service
metadata:
name: sentinel-rls-service
labels:
name: sentinel-rls-service
spec:
type: ClusterIP
ports:
- port: 8719
targetPort: 8719
name: sentinel-command
- port: 10245
targetPort: 10245
name: sentinel-grpc
selector:
app: sentinel
cat << EOF > envoyfilter-filter-sentinel.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-ratelimit
namespace: istio
spec:
workloadSelector:
# select by label in the same namespace
labels:
app: productpage
configPatches:
# The Envoy config you want to modify
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.filters.http.router"
patch:
operation: INSERT_BEFORE
# Adds the Envoy Rate Limit Filter in HTTP filter chain.
value:
name: envoy.filters.http.ratelimit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
# domain can be anything! Match it to the ratelimter service config
domain: productpage-ratelimit
stage: 0
request_type: both
failure_mode_deny: true
rate_limit_service:
grpc_service:
envoy_grpc:
cluster_name: rate_limit_cluster
timeout: 10s
transport_api_version: V3
- applyTo: CLUSTER
match:
cluster:
service: ratelimit.istio.svc.cluster.local
patch:
operation: ADD
# Adds the rate limit service cluster for rate limit service defined in step 1.
value:
name: rate_limit_cluster
type: STRICT_DNS
connect_timeout: 10s
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: rate_limit_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: sentinel-rls-service.istio.svc.cluster.local
port_value: 10245
EOF
kubectl apply -f envoyfilter-filter-sentinel.yaml -n istio
cat << EOF > envoyfilter-action-sentinel.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-ratelimit-svc
namespace: istio
spec:
workloadSelector:
labels:
app: productpage
configPatches:
- applyTo: VIRTUAL_HOST
match:
context: SIDECAR_INBOUND
routeConfiguration:
vhost:
name: "inbound|http|9080"
route:
action: ANY
patch:
operation: MERGE
# Applies the rate limit rules.
value:
rate_limits:
- actions:
- destination_cluster: {}
stage: 0
EOF
kubectl apply -f envoyfilter-action-sentinel.yaml -n istio
1条答案
按热度按时间zqry0prt1#
Hi, Envoy RLS v3 support was introduced in Sentinel 1.8.3 . The Docker image might not be up-to-date. You may try to build the latest version of sentinel-cluster-server-envoy-rls .