I need to setup a rate limit for number of requests a single IP can trigger.
I followed this tutorial on Istio documentation for global rate limit. https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/
I deployed the rate limit service using this file, shared in above link. https://github.com/istio/istio/blob/release-1.12/samples/ratelimit/rate-limit-service.yaml
The configmap shared below works fine , but it blocks requests from all IP addresses once the limit is reached. I need to block for IPs that try to send more than defined number of requests.
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
data:
config.yaml: |
domain: productpage-ratelimit
descriptors:
- key: PATH
value: "/productpage"
rate_limit:
unit: minute
requests_per_unit: 1
- key: PATH
rate_limit:
unit: minute
requests_per_unit: 100
I updated the above config following example 3 on this link https://github.com/envoyproxy/ratelimit#example-3. I restarted rate limit service and istio pods after that as well. I tried accessing the url after this , but it didn't block my requests.
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
data:
config.yaml: |
domain: edge_proxy_per_ip
descriptors:
- key: remote_address
rate_limit:
requests_per_unit: 1
unit: minute
Logs of the rate limit service, when i try opening the URL.
Istio Version: 1.12.1 Kubernetes Version: Client Version: v1.22.2 Server Version: v1.21.2-eks-06eac09 –