配置大使以进行速率限制

Question

经过Ambassador Rate Limit Reference的审查，我无法使用自定义速率限制服务将大使正确配置为速率限制。

我有一个使用API​​ envoy.service.ratelimit.v2的gRPC速率限制器服务。该gRPC服务有效，我可以将测试gRPC ShouldRateLimit请求直接发送到该服务（而不是通过大使），并获取OK / OVERLIMIT响应。但是，没有任何通过大使的HTTP流量被转发到速率限制器。显然，大使配置不正确。

• 我想念什么？
• 如何调试大使并了解发生了什么情况？

将速率限制器服务部署到与大使部署相同的命名空间中的Kubernetes。

apiVersion: v1
kind: Service
metadata:
  name: rate-limiter
  namespace: ambassador
spec:
  type: ClusterIP
  selector:
     run: rate-limiter
  ports:
  - port: 8081
    name: grpc
    targetPort: grpc

使用上述“速率限制器”服务将“大使”配置为速率限制：

apiVersion: getambassador.io/v1
kind: RateLimitService
metadata:
  name: ambassador-ratelimitservice
  namespace: ambassador
spec:
  service: "rate-limiter.ambassador:8081"

最终大使配置为将默认标签附加到传入的HTTP请求：

apiVersion: getambassador.io/v1
kind:  Module
metadata:
  name: ambassador-ratelimitlabels-module
  namespace: ambassador
spec:
  config:
    default_label_domain: ambassador
    default_labels:
      ambassador:
        defaults:
        - default

大使日志的相关部分：

kubebootstrap: found 1 "Module" in namespace "*"                                                                                                               
kubebootstrap: sent "Module" to 1 receivers
...
kubebootstrap: found 1 "RateLimitService" in namespace "*"
kubebootstrap: sent "RateLimitService" to 1 receivers
...
diagd 0.74.0 [P86TAmbassadorEventWatcher] INFO: -global-: NOTICE: A future Ambassador version will change the GRPC protocol version for RateLimitServices. See the CHANGELOG for details.                                                                                                                                                        
diagd 0.74.0 [P86TAmbassadorEventWatcher] INFO: successfully validated the resulting envoy configuration, continuing...
...
[117][info][main] [source/server/server.cc:230]   filters.http: envoy.buffer,envoy.cors,envoy.csrf,envoy.ext_authz,envoy.fault,envoy.filters.http.grpc_http1_reverse_bridge,envoy.filters.http.header_to_metadata,envoy.filters.http.jwt_authn,envoy.filters.http.original_src,envoy.filters.http.rbac,envoy.filters.http.tap,envoy.grpc_http1_bridge,envoy.grpc_json_transcoder,envoy.grpc_web,envoy.gzip,envoy.health_check,envoy.http_dynamo_filter,envoy.ip_tagging,envoy.lua,envoy.rate_limit,envoy.router,envoy.squash
[117][info][main] [source/server/server.cc:236]   filters.network: envoy.client_ssl_auth,envoy.echo,envoy.ext_authz,envoy.filters.network.dubbo_proxy,envoy.filters.network.mysql_proxy,envoy.filters.network.rbac,envoy.filters.network.sni_cluster,envoy.filters.network.thrift_proxy,envoy.filters.network.zookeeper_proxy,envoy.http_connection_manager,envoy.mongo_proxy,envoy.ratelimit,envoy.redis_proxy,envoy.tcp_proxy
[117][warning][misc] [source/common/protobuf/utility.cc:199] Using deprecated option 'envoy.api.v2.Cluster.hosts' from file cds.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
...
[117][info][main] [source/server/server.cc:487] starting main dispatch loop
[117][info][upstream] [source/common/upstream/cluster_manager_impl.cc:489] add/update cluster cluster_rate_limiter_ambassador during init
[117][info][main] [source/server/server.cc:471] all clusters initialized. initializing init manager
[117][info][upstream] [source/server/lds_api.cc:60] lds: add/update listener 'redirect_listener'                                                          │
[117][info][upstream] [source/server/lds_api.cc:60] lds: add/update listener 'ambassador-listener-8443'