Hello,
I am not able to set up example of rate limit from official documentation: Istio / Enabling Rate Limits using Envoy. Rate limit pod keeps crashing with the error posted below. I’ve also seen this thread and added the latest envoyproxy/ratelimit image: RateLimit v3 with 1.9.0 Kills the Ingressgatway · Issue #30900 · istio/istio · GitHub.
My configuration:
apiVersion: v1
kind: Service
metadata:
name: redis
labels:
app: redis
spec:
ports:
- name: grpc
port: 6379
targetPort: 6379
protocol: TCP
selector:
app: redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- image: redis:alpine
imagePullPolicy: Always
name: redis
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "528Mi"
cpu: "500m"
ports:
- name: redis
containerPort: 6379
protocol: TCP
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: ratelimit
labels:
app: ratelimit
spec:
type: ClusterIP
ports:
- port: 6070
targetPort: http-debug
protocol: TCP
name: http-debug
- port: 8081
targetPort: grpc-server
protocol: TCP
name: grpc-server
- port: 8080
targetPort: http-server
protocol: TCP
name: http-server
selector:
app: ratelimit
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratelimit
labels:
app: ratelimit
spec:
replicas: 1
selector:
matchLabels:
app: ratelimit
template:
metadata:
labels:
app: ratelimit
spec:
containers:
- env:
- name: LOG_LEVEL
value: debug
- name: LOG_FORMAT
value: JSON
- name: REDIS_SOCKET_TYPE
value: tcp
- name: REDIS_URL
value: redis.default.svc.cluster.local:6379
- name: USE_STATSD
value: "false"
- name: RUNTIME_ROOT
value: /data
- name: RUNTIME_SUBDIRECTORY
value: ratelimit
name: ratelimit
image: envoyproxy/ratelimit:40393342
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 500m
memory: 528Mi
requests:
cpu: 250m
memory: 64Mi
command: ["/bin/ratelimit"]
ports:
- name: http-debug
containerPort: 6070
- name: grpc-server
containerPort: 8081
- name: http-server
containerPort: 8080
volumeMounts:
- name: commonconfig-volume
mountPath: /data/ratelimit/config/config.yaml
subPath: config.yaml
volumes:
- name: commonconfig-volume
configMap:
name: ratelimit-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
data:
config.yaml: |
domain: productpage-ratelimit
descriptors:
- key: PATH
value: "/productpage"
rate_limit:
unit: minute
requests_per_unit: 1
- key: PATH
rate_limit:
unit: minute
requests_per_unit: 100
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-ratelimit
namespace: istio-system
spec:
workloadSelector:
# select by label in the same namespace
labels:
istio: ingressgateway
configPatches:
# The Envoy config you want to modify
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
# Adds the Envoy Rate Limit Filter in HTTP filter chain.
value:
name: envoy.filters.http.ratelimit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
# domain can be anything! Match it to the ratelimter service config
domain: productpage-ratelimit
failure_mode_deny: true
rate_limit_service:
grpc_service:
envoy_grpc:
cluster_name: rate_limit_cluster
timeout: 10s
transport_api_version: V3
- applyTo: CLUSTER
match:
cluster:
service: ratelimit.default.svc.cluster.local
patch:
operation: ADD
# Adds the rate limit service cluster for rate limit service defined in step 1.
value:
name: rate_limit_cluster
type: STRICT_DNS
connect_timeout: 10s
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: rate_limit_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ratelimit.default.svc.cluster.local
port_value: 8081
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: filter-ratelimit-svc
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: VIRTUAL_HOST
match:
context: GATEWAY
routeConfiguration:
vhost:
name: "*:80"
route:
action: ANY
patch:
operation: MERGE
# Applies the rate limit rules.
value:
rate_limits:
- actions: # any actions in here
- request_headers:
header_name: ":path"
descriptor_key: "PATH"
and here’s the error from ratelimit pod:
time="2021-03-02T06:33:54Z" level=warning msg="statsd is not in use"
{"@message":"runtime changed. loading new snapshot at /data/ratelimit","@timestamp":"2021-03-02T06:33:54.252164005Z","level":"debug"}
{"@message":"runtime: processing /data/ratelimit","@timestamp":"2021-03-02T06:33:54.252277305Z","level":"debug"}
{"@message":"runtime: processing /data/ratelimit/config","@timestamp":"2021-03-02T06:33:54.252333005Z","level":"debug"}
{"@message":"runtime: processing /data/ratelimit/config/config.yaml","@timestamp":"2021-03-02T06:33:54.252355705Z","level":"debug"}
{"@message":"runtime: adding key=config.config.yaml value=domain: productpage-ratelimit\ndescriptors:\n - key: PATH\n value: \"/productpage\"\n rate_limit:\n unit: minute\n requests_per_unit: 1\n - key: PATH\n rate_limit:\n unit: minute\n requests_per_unit: 100\n uint=false","@timestamp":"2021-03-02T06:33:54.252387605Z","level":"debug"}
{"@message":"connecting to redis on redis.default.svc.cluster.local:6379 with pool size 10","@timestamp":"2021-03-02T06:33:54.252574304Z","level":"warning"}
{"@message":"Implicit pipelining enabled: false","@timestamp":"2021-03-02T06:33:54.252632504Z","level":"debug"}
panic: unknown type prefix 'T'
goroutine 1 [running]:
github.com/envoyproxy/ratelimit/src/redis.checkError(...)
/ratelimit/src/redis/driver_impl.go:51
github.com/envoyproxy/ratelimit/src/redis.NewClientImpl(0xd67c80, 0xc0004a62a0, 0x0, 0x0, 0x0, 0xac81c8, 0x6, 0xc00003603a, 0x24, 0xa, ...)
/ratelimit/src/redis/driver_impl.go:121 +0xbbd
github.com/envoyproxy/ratelimit/src/redis.NewRateLimiterCacheImplFromSettings(0x0, 0x0, 0x1f90, 0x1f91, 0x17b6, 0xc00003800a, 0x5, 0xc00003801b, 0x4, 0x0, ...)
/ratelimit/src/redis/cache_impl.go:20 +0x127
github.com/envoyproxy/ratelimit/src/service_cmd/runner.createLimiter(0xd64e60, 0xc0002c8000, 0x0, 0x0, 0x1f90, 0x1f91, 0x17b6, 0xc00003800a, 0x5, 0xc00003801b, ...)
/ratelimit/src/service_cmd/runner/runner.go:50 +0x25b
github.com/envoyproxy/ratelimit/src/service_cmd/runner.(*Runner).Run(0xc00000a1e0)
/ratelimit/src/service_cmd/runner/runner.go:101 +0x348
main.main()
/ratelimit/src/service_cmd/main.go:10 +0x203
I appreciate any help.