Istio Rate Limit Error (Requested quota 'requestcount' is not configured)

9/21/2018

I'm following along with the Istio Rate Limits section of this task from the docs: https://istio.io/docs/tasks/policy-enforcement/rate-limiting/

I have the bookinfo application set up properly, I have a virtual service for productpage (and all of the other components of bookinfo), and I'm running their code as is, but rate limiting is not working for me.

Every time I hit the url for productpage, it works, no rate limiting happens at all. However, every time I hit the url I do see this message in the mixer logs:

kubectl -n istio-system logs $(kubectl -n istio-system get pods -lapp=policy -o jsonpath='{.items[0].metadata.name}') -c mixer

2018-09-21T16:06:28.456449Z     warn    Requested quota 'requestcount' is not configured

requestcount quota is definitely set up though:

apiVersion: "config.istio.io/v1alpha2"
kind: quota
metadata:
  name: requestcount
  namespace: istio-system
spec:
  dimensions:
    source: request.headers["x-forwarded-for"] | "unknown"
    destination: destination.labels["app"] | destination.service | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"

When I apply the full yaml file I see:

 memquota.config.istio.io "handler" configured
 quota.config.istio.io "requestcount" configured
 quotaspec.config.istio.io "request-count" configured
 quotaspecbinding.config.istio.io "request-count" configured
 rule.config.istio.io "quota" configured

And if I see the following when I run

kubectl get quota requestcount -n istio-system -o yaml

apiVersion: config.istio.io/v1alpha2
kind: quota
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
  {"apiVersion":"config.istio.io/v1alpha2","kind":"quota","metadata":{"annotations":{},"name":"requestcount","namespace":"istio-system"},"spec":{"dimensions":{"destination":"destination.labels[\"app\"] | destination.service | \"unknown\"","destinationVersion":"destination.labels[\"version\"] | \"unknown\"","source":"request.headers[\"x-forwarded-for\"] | \"unknown\""}}}
  clusterName: ""
  creationTimestamp: 2018-09-21T16:02:23Z
  generation: 1
  name: requestcount
  namespace: istio-system
  resourceVersion: "263792"
  selfLink: /apis/config.istio.io/v1alpha2/namespaces/istio-system/quotas/requestcount
  uid: ba4d2510-bdb7-11e8-b8c9-025000000001
spec:
  dimensions:
    destination: destination.labels["app"] | destination.service | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"
    source: request.headers["x-forwarded-for"] | "unknown"

So why do I receive this message?

-- user1513171
istio
kubernetes
rate-limiting

1 Answer

11/6/2018

I ran into this and fixed it by making sure the rule was in the same namespace as the quota

---
apiVersion: "config.istio.io/v1alpha2"
kind: quota
metadata:
  name: requestcount
  namespace: istio-system
spec:
  dimensions:
    source: request.headers["x-forwarded-for"] | "unknown"
    destination: destination.labels["app"] | destination.service | "unknown"
    destinationVersion: destination.labels["version"] | "unknown"
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  # quota only applies if you are not logged in.
  # match: match(request.headers["cookie"], "user=*") == false
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota
-- David
Source: StackOverflow