I'm following along with the Istio Rate Limits section of this task from the docs: https://istio.io/docs/tasks/policy-enforcement/rate-limiting/
I have the bookinfo application set up properly, I have a virtual service for productpage (and all of the other components of bookinfo), and I'm running their code as is, but rate limiting is not working for me.
Every time I hit the url for productpage, it works, no rate limiting happens at all. However, every time I hit the url I do see this message in the mixer logs:
kubectl -n istio-system logs $(kubectl -n istio-system get pods -lapp=policy -o jsonpath='{.items[0].metadata.name}') -c mixer
2018-09-21T16:06:28.456449Z warn Requested quota 'requestcount' is not configured
requestcount quota is definitely set up though:
apiVersion: "config.istio.io/v1alpha2"
kind: quota
metadata:
name: requestcount
namespace: istio-system
spec:
dimensions:
source: request.headers["x-forwarded-for"] | "unknown"
destination: destination.labels["app"] | destination.service | "unknown"
destinationVersion: destination.labels["version"] | "unknown"
When I apply the full yaml file I see:
memquota.config.istio.io "handler" configured
quota.config.istio.io "requestcount" configured
quotaspec.config.istio.io "request-count" configured
quotaspecbinding.config.istio.io "request-count" configured
rule.config.istio.io "quota" configured
And if I see the following when I run
kubectl get quota requestcount -n istio-system -o yaml
apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"config.istio.io/v1alpha2","kind":"quota","metadata":{"annotations":{},"name":"requestcount","namespace":"istio-system"},"spec":{"dimensions":{"destination":"destination.labels[\"app\"] | destination.service | \"unknown\"","destinationVersion":"destination.labels[\"version\"] | \"unknown\"","source":"request.headers[\"x-forwarded-for\"] | \"unknown\""}}}
clusterName: ""
creationTimestamp: 2018-09-21T16:02:23Z
generation: 1
name: requestcount
namespace: istio-system
resourceVersion: "263792"
selfLink: /apis/config.istio.io/v1alpha2/namespaces/istio-system/quotas/requestcount
uid: ba4d2510-bdb7-11e8-b8c9-025000000001
spec:
dimensions:
destination: destination.labels["app"] | destination.service | "unknown"
destinationVersion: destination.labels["version"] | "unknown"
source: request.headers["x-forwarded-for"] | "unknown"
So why do I receive this message?
I ran into this and fixed it by making sure the rule
was in the same namespace as the quota
---
apiVersion: "config.istio.io/v1alpha2"
kind: quota
metadata:
name: requestcount
namespace: istio-system
spec:
dimensions:
source: request.headers["x-forwarded-for"] | "unknown"
destination: destination.labels["app"] | destination.service | "unknown"
destinationVersion: destination.labels["version"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: quota
namespace: istio-system
spec:
# quota only applies if you are not logged in.
# match: match(request.headers["cookie"], "user=*") == false
actions:
- handler: handler.memquota
instances:
- requestcount.quota