Rate limiting not working

carolwu-1206 · February 14, 2020, 8:24am

I’m trying to set up rate limiting by following https://istio.io/docs/tasks/policy-enforcement/rate-limiting/. The istio version is 1.4.4.
Policy Enforcement is enabled

[root@node1 istio-1.4.4]# kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
disablePolicyChecks: false

I set up a handler to allow only 1 request each minute, and the dimension includes cookie, the random request id and destination. Then I used postman to send two requests with different cookie. However, both of them got response.The configuration is

apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: quotahandler
  namespace: istio-system
spec:
  compiledAdapter: memquota
  params:
    quotas:
    - name: requestcountquota.quota.istio-system
      maxAmount: 1
      validDuration: 60s
#      dimensions:
#        destination: chp-admin-svc
      overrides:
      - dimensions:
          destination: chp-admin-svc
          version: 1
        maxAmount: 1
        validDuration: 60s
---
apiVersion: config.istio.io/v1alpha2
kind: instance
metadata:
  name: requestcountquota
  namespace: istio-system
spec:
  compiledTemplate: quota
  params:
    dimensions:
      session: request.headers["x-request-id"]
      version: request.headers["version"]
      destination: destination.labels["app"] | destination.service.name
      cookie: request.headers["Cookie"] | request.headers["cookie"]
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  name: request-count
  namespace: default
spec:
  rules:
  - quotas:
    - charge: 1
      quota: requestcountquota.instance.istio-system
---
apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  name: request-count
  namespace: default
spec:
  quotaSpecs:
  - name: request-count
    namespace: default
  services:
  - name: chp-admin-svc
    namespace: istio-system
  - name: chp-admin-svc
    namespace: default

---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  - name: quotahandlerrule
    handler: quotahandler.handler
    instances:
    - requestcountquota.instance

Is there any way to get the log and configuration of rate limiting? I have check the log of all pod under istio-system namespace, and the log of istio-proxy of my pod, but found nothing.

carolwu-1206 · February 14, 2020, 9:43am

Besides, when using the bookinfo sample, the rate limiting was also not working.

Topic		Replies	Views
Istio Rate Limiting Not working Policies and Telemetry	2	849	June 7, 2019
Inconsistency in Rate Limiting Policies and Telemetry	5	795	May 15, 2019
Istio rate-limiting working incorrect Policies and Telemetry	5	823	May 31, 2019
Why isn't this rate limiting policy working? Policies and Telemetry	1	1012	September 30, 2019
Rate Limiting is not working in Istio 1.9 Networking	17	3338	September 26, 2021

Rate limiting not working

Related topics