Rate Limiting requests at the Ingress-Gateway


#1

Hi,

I have tried rate-limiting within the mesh but was unable to find information on whether it is possible to configure rate limiting at the ingress-gateway, i.e. apply a limit on the number of requests coming from outside the mesh to the ingress-gateway. Seems like a fairly common use-case to me. Any pointers will be helpful.

Thanks!


#2

Hi skydoctor,

Did you had a chance to look at this link: https://istio.io/docs/tasks/policy-enforcement/rate-limiting/

Thanks,
Amit


#3

Thanks @palam. I did configure service-mesh rate-limiting following that link but wasn’t clear where the “Client Side” configurations would apply in case of the Ingress Gateway. These are the QuotaSpec and QuotaSpecBinding CRDs. In case of the Ingress Gateway, the client is external to the mesh. Any ideas on what exactly should I change from what’s in that link to enforcing rate limits at the gateway?


#4

Well…I tried configuration explained in the doc but doesn’t works for me. I have all my service inside the mesh (both client and server). My policy container logs shows the following error, which doesn’t make sense to me.

error|Handler not found: handler='handler.memquota'
error|No valid actions found in rule

@mandarjog Could you please help us to understand what are we missing here?


#5

@kuat: Any ideas on the original question in this thread - is it possible to rate-limit requests coming in to the mesh right at the ingress-gateway. I see that you had worked on client-side policy enforcement which will be required for enforcing rate-limits at the ingress-gateway. Any ideas on where that work stands?

Thanks.