经过Ambassador Rate Limit Reference的审查,我无法使用自定义速率限制服务将大使正确配置为速率限制。
我有一个使用API envoy.service.ratelimit.v2的gRPC速率限制器服务。该gRPC服务有效,我可以将测试gRPC ShouldRateLimit请求直接发送到该服务(而不是通过大使),并获取OK / OVERLIMIT响应。但是,没有任何通过大使的HTTP流量被转发到速率限制器。显然,大使配置不正确。
将速率限制器服务部署到与大使部署相同的命名空间中的Kubernetes。
apiVersion: v1
kind: Service
metadata:
name: rate-limiter
namespace: ambassador
spec:
type: ClusterIP
selector:
run: rate-limiter
ports:
- port: 8081
name: grpc
targetPort: grpc
使用上述“速率限制器”服务将“大使”配置为速率限制:
apiVersion: getambassador.io/v1
kind: RateLimitService
metadata:
name: ambassador-ratelimitservice
namespace: ambassador
spec:
service: "rate-limiter.ambassador:8081"
最终大使配置为将默认标签附加到传入的HTTP请求:
apiVersion: getambassador.io/v1
kind: Module
metadata:
name: ambassador-ratelimitlabels-module
namespace: ambassador
spec:
config:
default_label_domain: ambassador
default_labels:
ambassador:
defaults:
- default
大使日志的相关部分:
kubebootstrap: found 1 "Module" in namespace "*"
kubebootstrap: sent "Module" to 1 receivers
...
kubebootstrap: found 1 "RateLimitService" in namespace "*"
kubebootstrap: sent "RateLimitService" to 1 receivers
...
diagd 0.74.0 [P86TAmbassadorEventWatcher] INFO: -global-: NOTICE: A future Ambassador version will change the GRPC protocol version for RateLimitServices. See the CHANGELOG for details.
diagd 0.74.0 [P86TAmbassadorEventWatcher] INFO: successfully validated the resulting envoy configuration, continuing...
...
[117][info][main] [source/server/server.cc:230] filters.http: envoy.buffer,envoy.cors,envoy.csrf,envoy.ext_authz,envoy.fault,envoy.filters.http.grpc_http1_reverse_bridge,envoy.filters.http.header_to_metadata,envoy.filters.http.jwt_authn,envoy.filters.http.original_src,envoy.filters.http.rbac,envoy.filters.http.tap,envoy.grpc_http1_bridge,envoy.grpc_json_transcoder,envoy.grpc_web,envoy.gzip,envoy.health_check,envoy.http_dynamo_filter,envoy.ip_tagging,envoy.lua,envoy.rate_limit,envoy.router,envoy.squash
[117][info][main] [source/server/server.cc:236] filters.network: envoy.client_ssl_auth,envoy.echo,envoy.ext_authz,envoy.filters.network.dubbo_proxy,envoy.filters.network.mysql_proxy,envoy.filters.network.rbac,envoy.filters.network.sni_cluster,envoy.filters.network.thrift_proxy,envoy.filters.network.zookeeper_proxy,envoy.http_connection_manager,envoy.mongo_proxy,envoy.ratelimit,envoy.redis_proxy,envoy.tcp_proxy
[117][warning][misc] [source/common/protobuf/utility.cc:199] Using deprecated option 'envoy.api.v2.Cluster.hosts' from file cds.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
...
[117][info][main] [source/server/server.cc:487] starting main dispatch loop
[117][info][upstream] [source/common/upstream/cluster_manager_impl.cc:489] add/update cluster cluster_rate_limiter_ambassador during init
[117][info][main] [source/server/server.cc:471] all clusters initialized. initializing init manager
[117][info][upstream] [source/server/lds_api.cc:60] lds: add/update listener 'redirect_listener' │
[117][info][upstream] [source/server/lds_api.cc:60] lds: add/update listener 'ambassador-listener-8443'