I'm trying to use the istio rate limits to limit access to the service hello. (1 call per second max)
I used the template from the book info demo application.

This is the configuration I've got so far :

Handler

apiVersion: config.istio.io/v1alpha2
kind: handler
metadata:
  name: quotahandler
  namespace: istio-system
spec:
  compiledAdapter: memquota
  params:
    quotas:
    - name: requestcountquota.instance.istio-system
      maxAmount: 1
      validDuration: 1s

Instance

apiVersion: config.istio.io/v1alpha2
kind: instance
metadata:
  name: requestcountquota
  namespace: istio-system
spec:
  compiledTemplate: quota
  params:
    dimensions:
      source: request.headers["x-forwarded-for"] | "unknown"
      destination: destination.labels["app"] | "unknown"

QuotaSpec

apiVersion: config.istio.io/v1alpha2
kind: QuotaSpec
metadata:
  name: request-count
  namespace: istio-system
spec:
  rules:
  - quotas:
    - charge: 1
      quota: requestcountquota

QuotaSpecBinding

apiVersion: config.istio.io/v1alpha2
kind: QuotaSpecBinding
metadata:
  name: request-count
  namespace: istio-system
spec:
  quotaSpecs:
  - name: request-count
    namespace: istio-system
  services:
  - name: hello
    namespace: default

Rule

apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  - handler: quotahandler
    instances:
    - requestcountquota

Needless to say that curling the service's ip is still working even when its well over 1 request per second and the limit is activated...

FYI, I used the serviceIP / virtualService (+ gateway).
Also I'm using the "In Memory" version and not the Redis version.

Any help on understanding where the error is would be gladly appreciated !